From sle-updates at lists.suse.com Fri Sep 1 07:04:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Sep 2023 09:04:41 +0200 (CEST) Subject: SUSE-CU-2023:2798-1: Security update of suse/sle15 Message-ID: <20230901070441.34B19F78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2798-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.176 , suse/sle15:15.3 , suse/sle15:15.3.17.20.176 Container Release : 17.20.176 Severity : important Type : security References : 1214248 1214290 CVE-2023-4016 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). The following package changes have been done: - ca-certificates-mozilla-2.62-150200.30.1 updated - libprocps7-3.3.15-150000.7.34.1 updated - procps-3.3.15-150000.7.34.1 updated From sle-updates at lists.suse.com Fri Sep 1 07:05:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Sep 2023 09:05:41 +0200 (CEST) Subject: SUSE-CU-2023:2799-1: Security update of bci/bci-init Message-ID: <20230901070541.EB40BF78A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2799-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.29.45 Container Release : 29.45 Severity : moderate Type : security References : 1186606 1194609 1201519 1204844 1208194 1209741 1210702 1211576 1212434 1213185 1213517 1213575 1213853 1213873 1214071 CVE-2023-3817 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3397-1 Released: Wed Aug 23 18:35:56 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) - Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3486-1 Released: Tue Aug 29 14:25:23 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) The following package changes have been done: - libudev1-249.16-150400.8.33.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libopenssl1_1-1.1.1l-150400.7.53.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.53.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.188.1 updated - systemd-249.16-150400.8.33.1 updated - container:sles15-image-15.0.0-27.14.93 updated From sle-updates at lists.suse.com Fri Sep 1 07:05:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Sep 2023 09:05:57 +0200 (CEST) Subject: SUSE-CU-2023:2800-1: Security update of bci/bci-micro Message-ID: <20230901070557.120CBF78A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2800-1 Container Tags : bci/bci-micro:15.4 , bci/bci-micro:15.4.22.2 Container Release : 22.2 Severity : important Type : security References : 1214248 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 The following package changes have been done: - ca-certificates-mozilla-prebuilt-2.62-150200.30.1 updated From sle-updates at lists.suse.com Fri Sep 1 07:07:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Sep 2023 09:07:32 +0200 (CEST) Subject: SUSE-CU-2023:2802-1: Security update of suse/pcp Message-ID: <20230901070732.CC251F78A@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2802-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.99 , suse/pcp:5.2 , suse/pcp:5.2-17.99 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.99 Container Release : 17.99 Severity : moderate Type : security References : 1186606 1194609 1201519 1204844 1208194 1209741 1210702 1211576 1212434 1213185 1213517 1213575 1213853 1213873 1214025 1214071 CVE-2023-3817 CVE-2023-4156 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3397-1 Released: Wed Aug 23 18:35:56 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) - Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3486-1 Released: Tue Aug 29 14:25:23 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) The following package changes have been done: - libudev1-249.16-150400.8.33.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libopenssl1_1-1.1.1l-150400.7.53.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.53.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.188.1 updated - systemd-249.16-150400.8.33.1 updated - gawk-4.2.1-150000.3.3.1 updated - container:bci-bci-init-15.4-15.4-29.45 updated From sle-updates at lists.suse.com Fri Sep 1 07:07:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Sep 2023 09:07:46 +0200 (CEST) Subject: SUSE-CU-2023:2803-1: Security update of suse/postgres Message-ID: <20230901070746.3C6D6F78A@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2803-1 Container Tags : suse/postgres:14 , suse/postgres:14-22.51 , suse/postgres:14.9 , suse/postgres:14.9-22.51 Container Release : 22.51 Severity : moderate Type : security References : 1103893 1112183 1186606 1194609 1201519 1204844 1208194 1209741 1210702 1211576 1212434 1213185 1213517 1213575 1213853 1213873 1214071 CVE-2023-3817 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3397-1 Released: Wed Aug 23 18:35:56 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) - Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3466-1 Released: Tue Aug 29 07:33:16 2023 Summary: Recommended update for icu Type: recommended Severity: moderate References: 1103893,1112183 This update for icu fixes the following issues: - Japanese era Reiwa (bsc#1112183, bsc#1103893, fate570, fate#325570, fate#325419) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3486-1 Released: Tue Aug 29 14:25:23 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) The following package changes have been done: - libudev1-249.16-150400.8.33.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libopenssl1_1-1.1.1l-150400.7.53.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.53.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.188.1 updated - libicu65_1-ledata-65.1-150200.4.8.1 updated - libicu-suse65_1-65.1-150200.4.8.1 updated - systemd-249.16-150400.8.33.1 updated - container:sles15-image-15.0.0-27.14.93 updated From sle-updates at lists.suse.com Fri Sep 1 07:08:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Sep 2023 09:08:37 +0200 (CEST) Subject: SUSE-CU-2023:2804-1: Security update of bci/python Message-ID: <20230901070837.28B5AF78A@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2804-1 Container Tags : bci/python:3 , bci/python:3-15.42 , bci/python:3.10 , bci/python:3.10-15.42 Container Release : 15.42 Severity : moderate Type : security References : 1186606 1194609 1201519 1204844 1208194 1209741 1210702 1211576 1212434 1213185 1213517 1213575 1213853 1213873 CVE-2023-3817 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3397-1 Released: Wed Aug 23 18:35:56 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) - Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) The following package changes have been done: - libudev1-249.16-150400.8.33.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libopenssl1_1-1.1.1l-150400.7.53.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.53.1 updated - openssl-1_1-1.1.1l-150400.7.53.1 updated - container:sles15-image-15.0.0-27.14.93 updated From sle-updates at lists.suse.com Fri Sep 1 07:09:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Sep 2023 09:09:24 +0200 (CEST) Subject: SUSE-CU-2023:2805-1: Security update of suse/sle15 Message-ID: <20230901070924.9592FF78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2805-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.93 , suse/sle15:15.4 , suse/sle15:15.4.27.14.93 Container Release : 27.14.93 Severity : important Type : security References : 1186606 1194609 1208194 1209741 1210702 1211576 1212434 1213185 1213575 1213873 1214248 1214290 CVE-2023-4016 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). The following package changes have been done: - ca-certificates-mozilla-2.62-150200.30.1 updated - libprocps7-3.3.15-150000.7.34.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libudev1-249.16-150400.8.33.1 updated - procps-3.3.15-150000.7.34.1 updated From sle-updates at lists.suse.com Fri Sep 1 07:09:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Sep 2023 09:09:38 +0200 (CEST) Subject: SUSE-CU-2023:2806-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230901070938.50C22F78A@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2806-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-11.10 , bci/dotnet-aspnet:6.0.21 , bci/dotnet-aspnet:6.0.21-11.10 Container Release : 11.10 Severity : moderate Type : recommended References : 1103893 1112183 1186606 1194609 1208194 1209741 1210702 1211576 1212434 1213185 1213575 1213873 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3466-1 Released: Tue Aug 29 07:33:16 2023 Summary: Recommended update for icu Type: recommended Severity: moderate References: 1103893,1112183 This update for icu fixes the following issues: - Japanese era Reiwa (bsc#1112183, bsc#1103893, fate570, fate#325570, fate#325419) The following package changes have been done: - libsystemd0-249.16-150400.8.33.1 updated - libicu65_1-ledata-65.1-150200.4.8.1 updated - libicu-suse65_1-65.1-150200.4.8.1 updated - container:sles15-image-15.0.0-36.5.29 updated From sle-updates at lists.suse.com Fri Sep 1 07:09:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Sep 2023 09:09:48 +0200 (CEST) Subject: SUSE-CU-2023:2807-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230901070948.C4052F78A@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2807-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-11.10 , bci/dotnet-aspnet:7.0.10 , bci/dotnet-aspnet:7.0.10-11.10 , bci/dotnet-aspnet:latest Container Release : 11.10 Severity : moderate Type : recommended References : 1103893 1112183 1186606 1194609 1208194 1209741 1210702 1211576 1212434 1213185 1213575 1213873 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3466-1 Released: Tue Aug 29 07:33:16 2023 Summary: Recommended update for icu Type: recommended Severity: moderate References: 1103893,1112183 This update for icu fixes the following issues: - Japanese era Reiwa (bsc#1112183, bsc#1103893, fate570, fate#325570, fate#325419) The following package changes have been done: - libsystemd0-249.16-150400.8.33.1 updated - libicu65_1-ledata-65.1-150200.4.8.1 updated - libicu-suse65_1-65.1-150200.4.8.1 updated - container:sles15-image-15.0.0-36.5.29 updated From sle-updates at lists.suse.com Fri Sep 1 07:10:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Sep 2023 09:10:01 +0200 (CEST) Subject: SUSE-CU-2023:2808-1: Recommended update of bci/dotnet-sdk Message-ID: <20230901071001.E6372F78A@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2808-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-10.10 , bci/dotnet-sdk:6.0.21 , bci/dotnet-sdk:6.0.21-10.10 Container Release : 10.10 Severity : moderate Type : recommended References : 1103893 1112183 1186606 1194609 1208194 1209741 1210702 1211576 1212434 1213185 1213575 1213873 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3466-1 Released: Tue Aug 29 07:33:16 2023 Summary: Recommended update for icu Type: recommended Severity: moderate References: 1103893,1112183 This update for icu fixes the following issues: - Japanese era Reiwa (bsc#1112183, bsc#1103893, fate570, fate#325570, fate#325419) The following package changes have been done: - libsystemd0-249.16-150400.8.33.1 updated - libicu65_1-ledata-65.1-150200.4.8.1 updated - libicu-suse65_1-65.1-150200.4.8.1 updated - container:sles15-image-15.0.0-36.5.29 updated From sle-updates at lists.suse.com Fri Sep 1 07:10:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Sep 2023 09:10:13 +0200 (CEST) Subject: SUSE-CU-2023:2809-1: Recommended update of bci/dotnet-runtime Message-ID: <20230901071013.75D4FF78A@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2809-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-10.10 , bci/dotnet-runtime:6.0.21 , bci/dotnet-runtime:6.0.21-10.10 Container Release : 10.10 Severity : moderate Type : recommended References : 1103893 1112183 1186606 1194609 1208194 1209741 1210702 1211576 1212434 1213185 1213575 1213873 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3466-1 Released: Tue Aug 29 07:33:16 2023 Summary: Recommended update for icu Type: recommended Severity: moderate References: 1103893,1112183 This update for icu fixes the following issues: - Japanese era Reiwa (bsc#1112183, bsc#1103893, fate570, fate#325570, fate#325419) The following package changes have been done: - libsystemd0-249.16-150400.8.33.1 updated - libicu65_1-ledata-65.1-150200.4.8.1 updated - libicu-suse65_1-65.1-150200.4.8.1 updated - container:sles15-image-15.0.0-36.5.29 updated From sle-updates at lists.suse.com Fri Sep 1 07:10:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Sep 2023 09:10:24 +0200 (CEST) Subject: SUSE-CU-2023:2810-1: Recommended update of bci/dotnet-runtime Message-ID: <20230901071024.942A2F78A@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2810-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-12.10 , bci/dotnet-runtime:7.0.10 , bci/dotnet-runtime:7.0.10-12.10 , bci/dotnet-runtime:latest Container Release : 12.10 Severity : moderate Type : recommended References : 1103893 1112183 1186606 1194609 1208194 1209741 1210702 1211576 1212434 1213185 1213575 1213873 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3466-1 Released: Tue Aug 29 07:33:16 2023 Summary: Recommended update for icu Type: recommended Severity: moderate References: 1103893,1112183 This update for icu fixes the following issues: - Japanese era Reiwa (bsc#1112183, bsc#1103893, fate570, fate#325570, fate#325419) The following package changes have been done: - libsystemd0-249.16-150400.8.33.1 updated - libicu65_1-ledata-65.1-150200.4.8.1 updated - libicu-suse65_1-65.1-150200.4.8.1 updated - container:sles15-image-15.0.0-36.5.29 updated From sle-updates at lists.suse.com Fri Sep 1 07:10:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Sep 2023 09:10:37 +0200 (CEST) Subject: SUSE-CU-2023:2811-1: Recommended update of bci/golang Message-ID: <20230901071037.15039F78A@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2811-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-1.2.10 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.2.10 Container Release : 2.10 Severity : important Type : recommended References : 1186606 1194609 1201519 1204844 1208194 1209741 1210702 1211576 1212434 1213185 1213282 1213575 1213873 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3388-1 Released: Wed Aug 23 17:14:22 2023 Summary: Recommended update for binutils Type: recommended Severity: important References: 1213282 This update for binutils fixes the following issues: - Add `binutils-disable-dt-relr.sh` to address compatibility problems with the glibc version included in future SUSE Linux Enterprise releases (bsc#1213282, jsc#PED-1435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) The following package changes have been done: - libudev1-249.16-150400.8.33.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libctf-nobfd0-2.39-150100.7.43.2 updated - libctf0-2.39-150100.7.43.2 updated - binutils-2.39-150100.7.43.2 updated - container:sles15-image-15.0.0-36.5.28 updated From sle-updates at lists.suse.com Fri Sep 1 07:10:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Sep 2023 09:10:48 +0200 (CEST) Subject: SUSE-CU-2023:2812-1: Security update of bci/openjdk Message-ID: <20230901071048.259D2F78A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2812-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-9.39 Container Release : 9.39 Severity : moderate Type : security References : 1186606 1194609 1201519 1204844 1208194 1209741 1210419 1210702 1211576 1212434 1213185 1213575 1213873 CVE-2023-2004 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3461-1 Released: Mon Aug 28 17:25:09 2023 Summary: Security update for freetype2 Type: security Severity: moderate References: 1210419,CVE-2023-2004 This update for freetype2 fixes the following issues: - CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419). The following package changes have been done: - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libfreetype6-2.10.4-150000.4.15.1 updated - container:sles15-image-15.0.0-36.5.28 updated From sle-updates at lists.suse.com Fri Sep 1 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 01 Sep 2023 12:30:03 -0000 Subject: SUSE-RU-2023:3510-1: low: Recommended update for package-translations Message-ID: <169357140386.18490.7953855023850871907@smelt2.suse.de> # Recommended update for package-translations Announcement ID: SUSE-RU-2023:3510-1 Rating: low References: Affected Products: * openSUSE Leap 15.5 An update that can now be installed. ## Description: This update for package-translations fixes the following issues: * Update to version 89.87.20230508.84161a4: * Translated using Weblate (Arabic) * Translated using Weblate (Swedish) * Translated using Weblate (Czech) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3510=1 openSUSE-SLE-15.5-2023-3510=1 ## Package List: * openSUSE Leap 15.5 (noarch) * package-translations-89.87.20230508.84161a4-150500.3.3.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 1 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 01 Sep 2023 12:30:05 -0000 Subject: SUSE-RU-2023:3509-1: low: Recommended update for xdm Message-ID: <169357140574.18490.7367662739972266398@smelt2.suse.de> # Recommended update for xdm Announcement ID: SUSE-RU-2023:3509-1 Rating: low References: * #1211267 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for xdm fixes the following issues: * Requires cpp because it uses preprocessor directives in Xresources (bsc#1211267) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3509=1 SUSE-2023-3509=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3509=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3509=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3509=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * xdm-1.1.11-150400.25.3.1 * xdm-xsession-1.1.11-150400.25.3.1 * xdm-debuginfo-1.1.11-150400.25.3.1 * xdm-debugsource-1.1.11-150400.25.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * xdm-1.1.11-150400.25.3.1 * xdm-xsession-1.1.11-150400.25.3.1 * xdm-debuginfo-1.1.11-150400.25.3.1 * xdm-debugsource-1.1.11-150400.25.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * xdm-1.1.11-150400.25.3.1 * xdm-debuginfo-1.1.11-150400.25.3.1 * xdm-debugsource-1.1.11-150400.25.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * xdm-1.1.11-150400.25.3.1 * xdm-debuginfo-1.1.11-150400.25.3.1 * xdm-debugsource-1.1.11-150400.25.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211267 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 1 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 01 Sep 2023 12:30:07 -0000 Subject: SUSE-SU-2023:3508-1: important: Security update for terraform-provider-helm Message-ID: <169357140738.18490.1997423786700184816@smelt2.suse.de> # Security update for terraform-provider-helm Announcement ID: SUSE-SU-2023:3508-1 Rating: important References: * #1212475 Affected Products: * Public Cloud Module 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that has one fix can now be installed. ## Description: This update of terraform-provider-helm fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-3508=1 ## Package List: * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150100.3.10.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 1 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 01 Sep 2023 16:30:05 -0000 Subject: SUSE-RU-2023:3515-1: moderate: Recommended update for libzypp, zypper Message-ID: <169358580523.8850.4940954125163967889@smelt2.suse.de> # Recommended update for libzypp, zypper Announcement ID: SUSE-RU-2023:3515-1 Rating: moderate References: * #1158763 * #1210740 * #1213231 * #1213557 * #1213673 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has five recommended fixes can now be installed. ## Description: This update for libzypp, zypper fixes the following issues: * Fix occasional isue with downloading very small files (bsc#1213673) * Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) * Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) * Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) * Revised explanation of --force-resolution in man page (bsc#1213557) * Print summary hint if policies were violated due to --force-resolution (bsc#1213557) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP2 zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2023-3515=1 * SUSE Linux Enterprise Server 15 SP3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2023-3515=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3515=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3515=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3515=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3515=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3515=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3515=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3515=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3515=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3515=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3515=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3515=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3515=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3515=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3515=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3515=1 ## Package List: * SUSE Linux Enterprise Server 15 SP2 (aarch64 ppc64le s390x x86_64) * libzypp-17.31.20-150200.75.1 * SUSE Linux Enterprise Server 15 SP3 (aarch64 ppc64le s390x x86_64) * libzypp-17.31.20-150200.75.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * zypper-debuginfo-1.14.63-150200.59.1 * libzypp-17.31.20-150200.75.1 * zypper-debugsource-1.14.63-150200.59.1 * libzypp-debuginfo-17.31.20-150200.75.1 * zypper-1.14.63-150200.59.1 * libzypp-debugsource-17.31.20-150200.75.1 * libzypp-devel-17.31.20-150200.75.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * zypper-log-1.14.63-150200.59.1 * zypper-needs-restarting-1.14.63-150200.59.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * zypper-debuginfo-1.14.63-150200.59.1 * libzypp-17.31.20-150200.75.1 * zypper-debugsource-1.14.63-150200.59.1 * libzypp-debuginfo-17.31.20-150200.75.1 * zypper-1.14.63-150200.59.1 * libzypp-debugsource-17.31.20-150200.75.1 * libzypp-devel-17.31.20-150200.75.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * zypper-log-1.14.63-150200.59.1 * zypper-needs-restarting-1.14.63-150200.59.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * zypper-debuginfo-1.14.63-150200.59.1 * libzypp-17.31.20-150200.75.1 * zypper-debugsource-1.14.63-150200.59.1 * libzypp-debuginfo-17.31.20-150200.75.1 * zypper-1.14.63-150200.59.1 * libzypp-debugsource-17.31.20-150200.75.1 * libzypp-devel-17.31.20-150200.75.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * zypper-log-1.14.63-150200.59.1 * zypper-needs-restarting-1.14.63-150200.59.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * zypper-debuginfo-1.14.63-150200.59.1 * libzypp-17.31.20-150200.75.1 * zypper-debugsource-1.14.63-150200.59.1 * libzypp-debuginfo-17.31.20-150200.75.1 * zypper-1.14.63-150200.59.1 * libzypp-debugsource-17.31.20-150200.75.1 * libzypp-devel-17.31.20-150200.75.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * zypper-log-1.14.63-150200.59.1 * zypper-needs-restarting-1.14.63-150200.59.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * zypper-debuginfo-1.14.63-150200.59.1 * libzypp-17.31.20-150200.75.1 * zypper-debugsource-1.14.63-150200.59.1 * libzypp-debuginfo-17.31.20-150200.75.1 * zypper-1.14.63-150200.59.1 * libzypp-debugsource-17.31.20-150200.75.1 * libzypp-devel-17.31.20-150200.75.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * zypper-log-1.14.63-150200.59.1 * zypper-needs-restarting-1.14.63-150200.59.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * zypper-debuginfo-1.14.63-150200.59.1 * libzypp-17.31.20-150200.75.1 * zypper-debugsource-1.14.63-150200.59.1 * libzypp-debuginfo-17.31.20-150200.75.1 * zypper-1.14.63-150200.59.1 * libzypp-debugsource-17.31.20-150200.75.1 * libzypp-devel-17.31.20-150200.75.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * zypper-log-1.14.63-150200.59.1 * zypper-needs-restarting-1.14.63-150200.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * zypper-debuginfo-1.14.63-150200.59.1 * libzypp-17.31.20-150200.75.1 * zypper-debugsource-1.14.63-150200.59.1 * libzypp-debuginfo-17.31.20-150200.75.1 * zypper-1.14.63-150200.59.1 * libzypp-debugsource-17.31.20-150200.75.1 * libzypp-devel-17.31.20-150200.75.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * zypper-log-1.14.63-150200.59.1 * zypper-needs-restarting-1.14.63-150200.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * zypper-debuginfo-1.14.63-150200.59.1 * libzypp-17.31.20-150200.75.1 * zypper-debugsource-1.14.63-150200.59.1 * libzypp-debuginfo-17.31.20-150200.75.1 * zypper-1.14.63-150200.59.1 * libzypp-debugsource-17.31.20-150200.75.1 * libzypp-devel-17.31.20-150200.75.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * zypper-log-1.14.63-150200.59.1 * zypper-needs-restarting-1.14.63-150200.59.1 * SUSE Manager Proxy 4.2 (x86_64) * zypper-debuginfo-1.14.63-150200.59.1 * libzypp-17.31.20-150200.75.1 * zypper-debugsource-1.14.63-150200.59.1 * libzypp-debuginfo-17.31.20-150200.75.1 * zypper-1.14.63-150200.59.1 * libzypp-debugsource-17.31.20-150200.75.1 * libzypp-devel-17.31.20-150200.75.1 * SUSE Manager Proxy 4.2 (noarch) * zypper-log-1.14.63-150200.59.1 * zypper-needs-restarting-1.14.63-150200.59.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * zypper-debuginfo-1.14.63-150200.59.1 * libzypp-17.31.20-150200.75.1 * zypper-debugsource-1.14.63-150200.59.1 * libzypp-debuginfo-17.31.20-150200.75.1 * zypper-1.14.63-150200.59.1 * libzypp-debugsource-17.31.20-150200.75.1 * libzypp-devel-17.31.20-150200.75.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * zypper-log-1.14.63-150200.59.1 * zypper-needs-restarting-1.14.63-150200.59.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * zypper-debuginfo-1.14.63-150200.59.1 * libzypp-17.31.20-150200.75.1 * zypper-debugsource-1.14.63-150200.59.1 * libzypp-debuginfo-17.31.20-150200.75.1 * zypper-1.14.63-150200.59.1 * libzypp-debugsource-17.31.20-150200.75.1 * libzypp-devel-17.31.20-150200.75.1 * SUSE Manager Server 4.2 (noarch) * zypper-log-1.14.63-150200.59.1 * zypper-needs-restarting-1.14.63-150200.59.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * zypper-debuginfo-1.14.63-150200.59.1 * libzypp-17.31.20-150200.75.1 * zypper-debugsource-1.14.63-150200.59.1 * libzypp-debuginfo-17.31.20-150200.75.1 * zypper-1.14.63-150200.59.1 * libzypp-debugsource-17.31.20-150200.75.1 * libzypp-devel-17.31.20-150200.75.1 * SUSE Enterprise Storage 7.1 (noarch) * zypper-log-1.14.63-150200.59.1 * zypper-needs-restarting-1.14.63-150200.59.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * zypper-debuginfo-1.14.63-150200.59.1 * libzypp-17.31.20-150200.75.1 * zypper-debugsource-1.14.63-150200.59.1 * libzypp-debuginfo-17.31.20-150200.75.1 * zypper-1.14.63-150200.59.1 * libzypp-debugsource-17.31.20-150200.75.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * zypper-needs-restarting-1.14.63-150200.59.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * zypper-debuginfo-1.14.63-150200.59.1 * libzypp-17.31.20-150200.75.1 * zypper-debugsource-1.14.63-150200.59.1 * libzypp-debuginfo-17.31.20-150200.75.1 * zypper-1.14.63-150200.59.1 * libzypp-debugsource-17.31.20-150200.75.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * zypper-needs-restarting-1.14.63-150200.59.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * zypper-debuginfo-1.14.63-150200.59.1 * libzypp-17.31.20-150200.75.1 * zypper-debugsource-1.14.63-150200.59.1 * libzypp-debuginfo-17.31.20-150200.75.1 * zypper-1.14.63-150200.59.1 * libzypp-debugsource-17.31.20-150200.75.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * zypper-needs-restarting-1.14.63-150200.59.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1158763 * https://bugzilla.suse.com/show_bug.cgi?id=1210740 * https://bugzilla.suse.com/show_bug.cgi?id=1213231 * https://bugzilla.suse.com/show_bug.cgi?id=1213557 * https://bugzilla.suse.com/show_bug.cgi?id=1213673 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 1 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 01 Sep 2023 16:30:08 -0000 Subject: SUSE-RU-2023:3514-1: moderate: Recommended update for libzypp, zypper Message-ID: <169358580811.8850.13700456574506153933@smelt2.suse.de> # Recommended update for libzypp, zypper Announcement ID: SUSE-RU-2023:3514-1 Rating: moderate References: * #1158763 * #1210740 * #1213231 * #1213557 * #1213673 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has five recommended fixes can now be installed. ## Description: This update for libzypp, zypper fixes the following issues: * Fix occasional isue with downloading very small files (bsc#1213673) * Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) * Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) * Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) * Revised explanation of --force-resolution in man page (bsc#1213557) * Print summary hint if policies were violated due to --force-resolution (bsc#1213557) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3514=1 SUSE-2023-3514=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3514=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3514=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3514=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3514=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3514=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3514=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3514=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3514=1 * SUSE Linux Enterprise High Performance Computing 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-3514=1 * SUSE Linux Enterprise Server 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-3514=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-3514=1 * SUSE Linux Enterprise Desktop 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-3514=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3514=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3514=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3514=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3514=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3514=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3514=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libzypp-17.31.20-150400.3.40.1 * zypper-1.14.63-150400.3.29.1 * libzypp-devel-17.31.20-150400.3.40.1 * libzypp-devel-doc-17.31.20-150400.3.40.1 * zypper-debuginfo-1.14.63-150400.3.29.1 * libzypp-debuginfo-17.31.20-150400.3.40.1 * libzypp-debugsource-17.31.20-150400.3.40.1 * zypper-debugsource-1.14.63-150400.3.29.1 * openSUSE Leap 15.4 (noarch) * zypper-aptitude-1.14.63-150400.3.29.1 * zypper-needs-restarting-1.14.63-150400.3.29.1 * zypper-log-1.14.63-150400.3.29.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libzypp-17.31.20-150400.3.40.1 * zypper-1.14.63-150400.3.29.1 * libzypp-devel-17.31.20-150400.3.40.1 * libzypp-devel-doc-17.31.20-150400.3.40.1 * zypper-debuginfo-1.14.63-150400.3.29.1 * libzypp-debuginfo-17.31.20-150400.3.40.1 * libzypp-debugsource-17.31.20-150400.3.40.1 * zypper-debugsource-1.14.63-150400.3.29.1 * openSUSE Leap 15.5 (noarch) * zypper-aptitude-1.14.63-150400.3.29.1 * zypper-needs-restarting-1.14.63-150400.3.29.1 * zypper-log-1.14.63-150400.3.29.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * libzypp-17.31.20-150400.3.40.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * libzypp-17.31.20-150400.3.40.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libzypp-17.31.20-150400.3.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libzypp-17.31.20-150400.3.40.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * libzypp-17.31.20-150400.3.40.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libzypp-17.31.20-150400.3.40.1 * SUSE Manager Proxy 4.3 (x86_64) * libzypp-17.31.20-150400.3.40.1 * SUSE Linux Enterprise High Performance Computing 15 SP5 (aarch64 x86_64) * libzypp-17.31.20-150400.3.40.1 * SUSE Linux Enterprise Server 15 SP5 (aarch64 ppc64le s390x x86_64) * libzypp-17.31.20-150400.3.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libzypp-17.31.20-150400.3.40.1 * SUSE Linux Enterprise Desktop 15 SP5 (x86_64) * libzypp-17.31.20-150400.3.40.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libzypp-17.31.20-150400.3.40.1 * zypper-1.14.63-150400.3.29.1 * libzypp-debuginfo-17.31.20-150400.3.40.1 * libzypp-debugsource-17.31.20-150400.3.40.1 * zypper-debuginfo-1.14.63-150400.3.29.1 * zypper-debugsource-1.14.63-150400.3.29.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * zypper-needs-restarting-1.14.63-150400.3.29.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libzypp-17.31.20-150400.3.40.1 * zypper-1.14.63-150400.3.29.1 * libzypp-debuginfo-17.31.20-150400.3.40.1 * libzypp-debugsource-17.31.20-150400.3.40.1 * zypper-debuginfo-1.14.63-150400.3.29.1 * zypper-debugsource-1.14.63-150400.3.29.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * zypper-needs-restarting-1.14.63-150400.3.29.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libzypp-17.31.20-150400.3.40.1 * zypper-1.14.63-150400.3.29.1 * libzypp-debuginfo-17.31.20-150400.3.40.1 * libzypp-debugsource-17.31.20-150400.3.40.1 * zypper-debuginfo-1.14.63-150400.3.29.1 * zypper-debugsource-1.14.63-150400.3.29.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * zypper-needs-restarting-1.14.63-150400.3.29.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libzypp-17.31.20-150400.3.40.1 * zypper-1.14.63-150400.3.29.1 * libzypp-debuginfo-17.31.20-150400.3.40.1 * libzypp-debugsource-17.31.20-150400.3.40.1 * zypper-debuginfo-1.14.63-150400.3.29.1 * zypper-debugsource-1.14.63-150400.3.29.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * zypper-needs-restarting-1.14.63-150400.3.29.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libzypp-17.31.20-150400.3.40.1 * zypper-1.14.63-150400.3.29.1 * libzypp-devel-17.31.20-150400.3.40.1 * zypper-debuginfo-1.14.63-150400.3.29.1 * libzypp-debuginfo-17.31.20-150400.3.40.1 * libzypp-debugsource-17.31.20-150400.3.40.1 * zypper-debugsource-1.14.63-150400.3.29.1 * Basesystem Module 15-SP4 (noarch) * zypper-log-1.14.63-150400.3.29.1 * zypper-needs-restarting-1.14.63-150400.3.29.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libzypp-17.31.20-150400.3.40.1 * zypper-1.14.63-150400.3.29.1 * libzypp-devel-17.31.20-150400.3.40.1 * zypper-debuginfo-1.14.63-150400.3.29.1 * libzypp-debuginfo-17.31.20-150400.3.40.1 * libzypp-debugsource-17.31.20-150400.3.40.1 * zypper-debugsource-1.14.63-150400.3.29.1 * Basesystem Module 15-SP5 (noarch) * zypper-log-1.14.63-150400.3.29.1 * zypper-needs-restarting-1.14.63-150400.3.29.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1158763 * https://bugzilla.suse.com/show_bug.cgi?id=1210740 * https://bugzilla.suse.com/show_bug.cgi?id=1213231 * https://bugzilla.suse.com/show_bug.cgi?id=1213557 * https://bugzilla.suse.com/show_bug.cgi?id=1213673 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 1 16:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 01 Sep 2023 16:30:11 -0000 Subject: SUSE-RU-2023:3513-1: moderate: Recommended update for libzypp, zypper Message-ID: <169358581100.8850.6117655385900894670@smelt2.suse.de> # Recommended update for libzypp, zypper Announcement ID: SUSE-RU-2023:3513-1 Rating: moderate References: * #1158763 * #1210740 * #1213231 * #1213557 * #1213673 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that has five recommended fixes can now be installed. ## Description: This update for libzypp, zypper fixes the following issues: * Fix occasional isue with downloading very small files (bsc#1213673) * Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) * Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) * Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) * Revised explanation of --force-resolution in man page (bsc#1213557) * Print summary hint if policies were violated due to --force-resolution (bsc#1213557) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2023-3513=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3513=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3513=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3513=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise Server 15 SP1 (aarch64 ppc64le s390x x86_64) * libzypp-17.31.20-150100.3.117.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libzypp-debuginfo-17.31.20-150100.3.117.1 * libzypp-17.31.20-150100.3.117.1 * libzypp-debugsource-17.31.20-150100.3.117.1 * zypper-debuginfo-1.14.63-150100.3.84.1 * libzypp-devel-17.31.20-150100.3.117.1 * zypper-debugsource-1.14.63-150100.3.84.1 * zypper-1.14.63-150100.3.84.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * zypper-log-1.14.63-150100.3.84.1 * zypper-needs-restarting-1.14.63-150100.3.84.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libzypp-debuginfo-17.31.20-150100.3.117.1 * libzypp-17.31.20-150100.3.117.1 * libzypp-debugsource-17.31.20-150100.3.117.1 * zypper-debuginfo-1.14.63-150100.3.84.1 * libzypp-devel-17.31.20-150100.3.117.1 * zypper-debugsource-1.14.63-150100.3.84.1 * zypper-1.14.63-150100.3.84.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * zypper-log-1.14.63-150100.3.84.1 * zypper-needs-restarting-1.14.63-150100.3.84.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libzypp-debuginfo-17.31.20-150100.3.117.1 * libzypp-17.31.20-150100.3.117.1 * libzypp-debugsource-17.31.20-150100.3.117.1 * zypper-debuginfo-1.14.63-150100.3.84.1 * libzypp-devel-17.31.20-150100.3.117.1 * zypper-debugsource-1.14.63-150100.3.84.1 * zypper-1.14.63-150100.3.84.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * zypper-log-1.14.63-150100.3.84.1 * zypper-needs-restarting-1.14.63-150100.3.84.1 * SUSE CaaS Platform 4.0 (x86_64) * libzypp-debuginfo-17.31.20-150100.3.117.1 * libzypp-17.31.20-150100.3.117.1 * libzypp-debugsource-17.31.20-150100.3.117.1 * zypper-debuginfo-1.14.63-150100.3.84.1 * libzypp-devel-17.31.20-150100.3.117.1 * zypper-debugsource-1.14.63-150100.3.84.1 * zypper-1.14.63-150100.3.84.1 * SUSE CaaS Platform 4.0 (noarch) * zypper-log-1.14.63-150100.3.84.1 * zypper-needs-restarting-1.14.63-150100.3.84.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1158763 * https://bugzilla.suse.com/show_bug.cgi?id=1210740 * https://bugzilla.suse.com/show_bug.cgi?id=1213231 * https://bugzilla.suse.com/show_bug.cgi?id=1213557 * https://bugzilla.suse.com/show_bug.cgi?id=1213673 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 1 16:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 01 Sep 2023 16:30:12 -0000 Subject: SUSE-RU-2023:3512-1: moderate: Recommended update for openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp Message-ID: <169358581219.8850.11435825946977939975@smelt2.suse.de> # Recommended update for openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp Announcement ID: SUSE-RU-2023:3512-1 Rating: moderate References: Affected Products: * SUSE Linux Enterprise Server 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that can now be installed. ## Description: This update for openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp contains the following fixes: Changes in openstack-horizon-plugin-gbp-ui: * Add Antelope Support Changes in openstack-neutron-gbp: \- Update to version group-based- policy-14.0.1.dev67: * Support for multi external networks extention. * Update to version group-based-policy-14.0.1.dev65: * Fix Log.warn. * Update to version group-based-policy-14.0.1.dev63: * Changed /usr/bin/python2 to /usr/bin/python3. * Remove Monkey patch. * Update to version group-based-policy-14.0.1.dev60: * Fix port notifications when extension is updated. * Update to version group-based-policy-14.0.1.dev59: * Fix VRF subnets DB query. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-3512=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-3512=1 ## Package List: * SUSE OpenStack Cloud 9 (noarch) * openstack-neutron-gbp-14.0.1~dev67-3.43.2 * python-horizon-plugin-gbp-ui-14.0.1~dev7-3.18.2 * python-neutron-gbp-14.0.1~dev67-3.43.2 * openstack-horizon-plugin-gbp-ui-14.0.1~dev7-3.18.2 * venv-openstack-horizon-x86_64-14.1.1~dev11-4.49.2 * venv-openstack-neutron-x86_64-13.0.8~dev209-6.49.2 * SUSE OpenStack Cloud Crowbar 9 (noarch) * openstack-horizon-plugin-gbp-ui-14.0.1~dev7-3.18.2 * python-horizon-plugin-gbp-ui-14.0.1~dev7-3.18.2 * openstack-neutron-gbp-14.0.1~dev67-3.43.2 * python-neutron-gbp-14.0.1~dev67-3.43.2 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Sep 2 07:07:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Sep 2023 09:07:20 +0200 (CEST) Subject: SUSE-CU-2023:2817-1: Security update of suse/sles12sp5 Message-ID: <20230902070720.E1607F78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2817-1 Container Tags : suse/sles12sp5:6.5.507 , suse/sles12sp5:latest Container Release : 6.5.507 Severity : important Type : security References : 1214054 1214248 1214290 CVE-2023-36054 CVE-2023-4016 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3398-1 Released: Wed Aug 23 18:48:55 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3405-1 Released: Wed Aug 23 19:17:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3471-1 Released: Tue Aug 29 10:53:48 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). The following package changes have been done: - ca-certificates-mozilla-2.62-12.43.1 updated - krb5-1.12.5-40.52.1 updated - libprocps3-3.3.9-11.27.1 updated - procps-3.3.9-11.27.1 updated From sle-updates at lists.suse.com Sat Sep 2 07:10:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Sep 2023 09:10:21 +0200 (CEST) Subject: SUSE-CU-2023:2818-1: Security update of suse/sle15 Message-ID: <20230902071021.89AF2F78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2818-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.810 Container Release : 6.2.810 Severity : important Type : security References : 1214054 1214248 1214290 CVE-2023-36054 CVE-2023-4016 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3434-1 Released: Thu Aug 24 15:05:22 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3462-1 Released: Mon Aug 28 19:14:38 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). The following package changes have been done: - ca-certificates-mozilla-2.62-150000.4.41.1 updated - krb5-1.16.3-150100.3.30.1 updated - libprocps7-3.3.15-150000.7.34.1 updated - procps-3.3.15-150000.7.34.1 updated From sle-updates at lists.suse.com Sat Sep 2 07:12:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Sep 2023 09:12:29 +0200 (CEST) Subject: SUSE-CU-2023:2819-1: Security update of suse/sle15 Message-ID: <20230902071229.3A7A7F78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2819-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.337 Container Release : 9.5.337 Severity : important Type : security References : 1214054 1214248 1214290 CVE-2023-36054 CVE-2023-4016 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3434-1 Released: Thu Aug 24 15:05:22 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). The following package changes have been done: - ca-certificates-mozilla-2.62-150200.30.1 updated - krb5-1.16.3-150100.3.30.1 updated - libprocps7-3.3.15-150000.7.34.1 updated - procps-3.3.15-150000.7.34.1 updated From sle-updates at lists.suse.com Sun Sep 3 07:05:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 3 Sep 2023 09:05:41 +0200 (CEST) Subject: SUSE-CU-2023:2822-1: Recommended update of suse/sle15 Message-ID: <20230903070541.F3B1EFCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2822-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.177 , suse/sle15:15.3 , suse/sle15:15.3.17.20.177 Container Release : 17.20.177 Severity : moderate Type : recommended References : 1158763 1210740 1213231 1213557 1213673 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3515-1 Released: Fri Sep 1 15:54:25 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) The following package changes have been done: - libzypp-17.31.20-150200.75.1 updated - zypper-1.14.63-150200.59.1 updated From sle-updates at lists.suse.com Sun Sep 3 07:11:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 3 Sep 2023 09:11:21 +0200 (CEST) Subject: SUSE-CU-2023:2827-1: Recommended update of suse/sle15 Message-ID: <20230903071121.A8594FCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2827-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.94 , suse/sle15:15.4 , suse/sle15:15.4.27.14.94 Container Release : 27.14.94 Severity : moderate Type : recommended References : 1158763 1210740 1213231 1213557 1213673 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3514-1 Released: Fri Sep 1 15:48:52 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) The following package changes have been done: - libzypp-17.31.20-150400.3.40.1 updated - zypper-1.14.63-150400.3.29.1 updated From sle-updates at lists.suse.com Sun Sep 3 07:17:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 3 Sep 2023 09:17:34 +0200 (CEST) Subject: SUSE-CU-2023:2852-1: Recommended update of suse/sle15 Message-ID: <20230903071734.080DBFCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2852-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.30 , suse/sle15:15.5 , suse/sle15:15.5.36.5.30 Container Release : 36.5.30 Severity : moderate Type : recommended References : 1158763 1210740 1213231 1213557 1213673 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3514-1 Released: Fri Sep 1 15:48:52 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) The following package changes have been done: - libzypp-17.31.20-150400.3.40.1 updated - zypper-1.14.63-150400.3.29.1 updated From sle-updates at lists.suse.com Mon Sep 4 07:05:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Sep 2023 09:05:45 +0200 (CEST) Subject: SUSE-CU-2023:2853-1: Recommended update of suse/sle15 Message-ID: <20230904070545.CD48AFCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2853-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.338 Container Release : 9.5.338 Severity : moderate Type : recommended References : 1158763 1210740 1213231 1213557 1213673 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3515-1 Released: Fri Sep 1 15:54:25 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) The following package changes have been done: - libzypp-17.31.20-150200.75.1 updated - zypper-1.14.63-150200.59.1 updated From sle-updates at lists.suse.com Mon Sep 4 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 04 Sep 2023 08:30:03 -0000 Subject: SUSE-SU-2023:3516-1: important: Security update for terraform Message-ID: <169381620349.7909.15408248073892642813@smelt2.suse.de> # Security update for terraform Announcement ID: SUSE-SU-2023:3516-1 Rating: important References: * #1212475 Affected Products: * Public Cloud Module 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that has one fix can now be installed. ## Description: This update of terraform fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-3516=1 ## Package List: * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * terraform-0.13.4-150100.3.15.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 5 07:02:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Sep 2023 09:02:16 +0200 (CEST) Subject: SUSE-IU-2023:602-1: Security update of suse-sles-15-sp4-chost-byos-v20230901-x86_64-gen2 Message-ID: <20230905070216.CF914FCA4@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230901-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:602-1 Image Tags : suse-sles-15-sp4-chost-byos-v20230901-x86_64-gen2:20230901 Image Release : Severity : critical Type : security References : 1027519 1118088 1158763 1179534 1182142 1184177 1184758 1186606 1193412 1193752 1194038 1194609 1194900 1201253 1201519 1204844 1206418 1206627 1207129 1207805 1208194 1208574 1209741 1210070 1210273 1210323 1210419 1210627 1210702 1210740 1210780 1211079 1211131 1211461 1211576 1211738 1211757 1212434 1212502 1212604 1212879 1212901 1212928 1213049 1213167 1213185 1213189 1213212 1213231 1213272 1213287 1213304 1213443 1213472 1213514 1213517 1213557 1213575 1213582 1213585 1213586 1213588 1213616 1213620 1213653 1213673 1213713 1213715 1213747 1213756 1213759 1213777 1213810 1213812 1213842 1213853 1213856 1213857 1213863 1213867 1213870 1213871 1213873 1213951 1214025 1214054 1214071 1214082 1214083 1214248 1214290 CVE-2018-19787 CVE-2020-27783 CVE-2021-28957 CVE-2021-30560 CVE-2021-3429 CVE-2021-43818 CVE-2022-2309 CVE-2022-40982 CVE-2022-40982 CVE-2022-41409 CVE-2022-48468 CVE-2023-0459 CVE-2023-1786 CVE-2023-2004 CVE-2023-20569 CVE-2023-20569 CVE-2023-20593 CVE-2023-21400 CVE-2023-2156 CVE-2023-2166 CVE-2023-26112 CVE-2023-31083 CVE-2023-3268 CVE-2023-33460 CVE-2023-3567 CVE-2023-36054 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 CVE-2023-3817 CVE-2023-4004 CVE-2023-4016 CVE-2023-4156 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20230901-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:803-1 Released: Thu Mar 10 17:35:53 2022 Summary: Security update for python-lxml Type: security Severity: important References: 1118088,1179534,1184177,1193752,CVE-2018-19787,CVE-2020-27783,CVE-2021-28957,CVE-2021-43818 This update for python-lxml fixes the following issues: - CVE-2018-19787: Fixed XSS vulnerability via unescaped URL (bsc#1118088). - CVE-2021-28957: Fixed XSS vulnerability ia HTML5 attributes unescaped (bsc#1184177). - CVE-2021-43818: Fixed XSS vulnerability via script content in SVG images using data URIs (bnc#1193752). - CVE-2020-27783: Fixed mutation XSS with improper parser use (bnc#1179534). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2548-1 Released: Tue Jul 26 13:48:28 2022 Summary: Critical update for python-cssselect Type: recommended Severity: critical References: This update for python-cssselect implements packages to the unrestrictied repository. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2908-1 Released: Fri Aug 26 11:36:03 2022 Summary: Security update for python-lxml Type: security Severity: important References: 1201253,CVE-2022-2309 This update for python-lxml fixes the following issues: - CVE-2022-2309: Fixed NULL pointer dereference due to state leak between parser runs (bsc#1201253). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:557-1 Released: Tue Feb 28 09:29:15 2023 Summary: Security update for libxslt Type: security Severity: important References: 1208574,CVE-2021-30560 This update for libxslt fixes the following issues: - CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2143-1 Released: Tue May 9 14:49:45 2023 Summary: Security update for protobuf-c Type: security Severity: important References: 1210323,CVE-2022-48468 This update for protobuf-c fixes the following issues: - CVE-2022-48468: Fixed an unsigned integer overflow. (bsc#1210323) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2898-1 Released: Thu Jul 20 09:15:33 2023 Summary: Recommended update for python-instance-billing-flavor-check Type: feature Severity: critical References: This update for python-instance-billing-flavor-check fixes the following issues: - Include PAYG checker package in SLE (jsc#PED-4791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2905-1 Released: Thu Jul 20 10:17:54 2023 Summary: Recommended update for fstrm Type: recommended Severity: moderate References: This update for fstrm fixes the following issues: - Update to 0.6.1: - fstrm_capture: ignore SIGPIPE, which will cause the interrupted connections to generate an EPIPE instead. - Fix truncation in snprintf calls in argument processing. - fstrm_capture: Fix output printf format. - Update to 0.6.0 It adds a new feature for fstrm_capture. It can perform output file rotation when a SIGUSR1 signal is received by fstrm_capture. (See the --gmtime or --localtime options.) This allows fstrm_capture's output file to be rotated by logrotate or a similar external utility. (Output rotation is suppressed if fstrm_capture is writing to stdout.) Update to 0.5.0 - Change license to modern MIT license for compatibility with GPLv2 software. Contact software at farsightsecurity.com for alternate licensing. - src/fstrm_replay.c: For OpenBSD and Posix portability include netinet/in.h and sys/socket.h to get struct sockaddr_in and the AF_* defines respectively. - Fix various compiler warnings. Update to 0.4.0 The C implementation of the Frame Streams data transport protocol, fstrm version 0.4.0, was released. It adds TCP support, a new tool, new documentation, and several improvements. - Added manual pages for fstrm_capture and fstrm_dump. - Added new tool, fstrm_replay, for replaying saved Frame Streams data to a socket connection. - Adds TCP support. Add tcp_writer to the core library which implements a bi-directional Frame Streams writer as a TCP socket client. Introduces new developer API: fstrm_tcp_writer_init, fstrm_tcp_writer_options_init, fstrm_tcp_writer_options_destroy, fstrm_tcp_writer_options_set_socket_address, and fstrm_tcp_writer_options_set_socket_port. - fstrm_capture: new options for reading from TCP socket. - fstrm_capture: add '-c' / '--connections' option to limit the number of concurrent connections it will accept. - fstrm_capture: add '-b / --buffer-size' option to set the read buffer size (effectively the maximum frame size) to a value other than the default 256 KiB. - fstrm_capture: skip oversize messages to fix stalled connections caused by messages larger than the read highwater mark of the input buffer. Discarded messages are logged for the purposes of tuning the input buffer size. - fstrm_capture: complete sending of FINISH frame before closing connection. - Various test additions and improvements. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3196-1 Released: Fri Aug 4 10:02:04 2023 Summary: Recommended update for protobuf-c Type: recommended Severity: moderate References: 1213443 This update for protobuf-c fixes the following issues: - Include executables required to generate Protocol Buffers glue code in the devel subpackage (bsc#1213443) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3217-1 Released: Mon Aug 7 16:51:10 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3270-1 Released: Thu Aug 10 19:34:35 2023 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1211461 This update for vim fixes the following issues: - Calling vim on xterm leads to missing first character of the command prompt (bsc#1211461) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3275-1 Released: Fri Aug 11 10:19:36 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1213472 This update for apparmor fixes the following issues: - Add pam_apparmor README (bsc#1213472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3282-1 Released: Fri Aug 11 10:26:23 2023 Summary: Recommended update for blog Type: recommended Severity: moderate References: This update for blog fixes the following issues: - Fix big endian cast problems to be able to read commands and ansers as well as passphrases ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:3283-1 Released: Fri Aug 11 10:28:34 2023 Summary: Feature update for cloud-init Type: feature Severity: moderate References: 1184758,1210273,1212879,CVE-2021-3429,CVE-2023-1786 This update for cloud-init fixes the following issues: - Default route is not configured (bsc#1212879) - cloud-final service failing in powerVS (bsc#1210273) - Randomly generated passwords logged in clear-text to world-readable file (bsc#1184758, CVE-2021-3429) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3286-1 Released: Fri Aug 11 10:32:03 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1194900 This update for util-linux fixes the following issues: - Fix blkid for floppy drives (bsc#1194900) - Fix rpmbuild %checks fail when @ in the directory path (bsc#1194038) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3288-1 Released: Fri Aug 11 12:30:14 2023 Summary: Recommended update for python-apipkg Type: recommended Severity: moderate References: 1213582 This update for python-apipkg provides python3-apipkg to SUSE Linux Enterprise Micro 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3301-1 Released: Mon Aug 14 07:24:59 2023 Summary: Security update for libyajl Type: security Severity: moderate References: 1212928,CVE-2023-33460 This update for libyajl fixes the following issues: - CVE-2023-33460: Fixed memory leak which could cause out-of-memory in server (bsc#1212928). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3313-1 Released: Mon Aug 14 17:34:46 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1206418,1207129,1210627,1210780,1211131,1211738,1212502,1212604,1212901,1213167,1213272,1213287,1213304,1213585,1213586,1213588,1213620,1213653,1213713,1213715,1213747,1213756,1213759,1213777,1213810,1213812,1213842,1213856,1213857,1213863,1213867,1213870,1213871,CVE-2022-40982,CVE-2023-0459,CVE-2023-20569,CVE-2023-21400,CVE-2023-2156,CVE-2023-2166,CVE-2023-31083,CVE-2023-3268,CVE-2023-3567,CVE-2023-3609,CVE-2023-3611,CVE-2023-3776,CVE-2023-4004 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418). - CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). - CVE-2023-20569: Fixed side channel attack ???Inception??? or ???RAS Poisoning??? (bsc#1213287). - CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627). - CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). - CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502). - CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). - CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). - CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588). - CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). The following non-security bugs were fixed: - afs: Fix access after dec in put functions (git-fixes). - afs: Fix afs_getattr() to refetch file status if callback break occurred (git-fixes). - afs: Fix dynamic root getattr (git-fixes). - afs: Fix fileserver probe RTT handling (git-fixes). - afs: Fix infinite loop found by xfstest generic/676 (git-fixes). - afs: Fix lost servers_outstanding count (git-fixes). - afs: Fix server->active leak in afs_put_server (git-fixes). - afs: Fix setting of mtime when creating a file/dir/symlink (git-fixes). - afs: Fix updating of i_size with dv jump from server (git-fixes). - afs: Fix vlserver probe RTT handling (git-fixes). - afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (git-fixes). - afs: Use refcount_t rather than atomic_t (git-fixes). - afs: Use the operation issue time instead of the reply time for callbacks (git-fixes). - afs: adjust ack interpretation to try and cope with nat (git-fixes). - alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes). - alsa: hda/realtek: support asus g713pv laptop (git-fixes). - alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes). - alsa: usb-audio: add quirk for microsoft modern wireless headset (bsc#1207129). - alsa: usb-audio: update for native dsd support quirks (git-fixes). - asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes). - asoc: codecs: es8316: fix dmic config (git-fixes). - asoc: da7219: check for failure reading aad irq events (git-fixes). - asoc: da7219: flush pending aad irq when suspending (git-fixes). - asoc: fsl_sai: disable bit clock with transmitter (git-fixes). - asoc: fsl_spdif: silence output on stop (git-fixes). - asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes). - ata: pata_ns87415: mark ns87560_tf_read static (git-fixes). - block, bfq: Fix division by zero error on zero wsum (bsc#1213653). - block: Fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes). - can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED (git-fixes). - ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856). - coda: Avoid partial allocation of sig_inputArgs (git-fixes). - dlm: fix missing lkb refcount handling (git-fixes). - dlm: fix plock invalid read (git-fixes). - documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-fixes). - drm/amd/display: Disable MPC split by default on special asic (git-fixes). - drm/amd/display: Keep PHY active for DP displays on DCN31 (git-fixes). - drm/client: Fix memory leak in drm_client_modeset_probe (git-fixes). - drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes). - drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes). - drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() (git-fixes). - drm/radeon: Fix integer overflow in radeon_cs_parser_init (git-fixes). - file: always lock position for FMODE_ATOMIC_POS (bsc#1213759). - fs: dlm: add midcomms init/start functions (git-fixes). - fs: dlm: do not set stop rx flag after node reset (git-fixes). - fs: dlm: filter user dlm messages for kernel locks (git-fixes). - fs: dlm: fix log of lowcomms vs midcomms (git-fixes). - fs: dlm: fix race between test_bit() and queue_work() (git-fixes). - fs: dlm: fix race in lowcomms (git-fixes). - fs: dlm: handle -EBUSY first in lock arg validation (git-fixes). - fs: dlm: move sending fin message into state change handling (git-fixes). - fs: dlm: retry accept() until -EAGAIN or error returns (git-fixes). - fs: dlm: return positive pid value for F_GETLK (git-fixes). - fs: dlm: start midcomms before scand (git-fixes). - fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (git-fixes). - fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (git-fixes). - fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes). - fs: jfs: fix null-ptr-deref read in txbegin (git-fixes). - gve: Set default duplex configuration to full (git-fixes). - gve: unify driver name usage (git-fixes). - hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature (git-fixes). - hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled (git-fixes). - iavf: Fix out-of-bounds when setting channels on remove (git-fixes). - iavf: Fix use-after-free in free_netdev (git-fixes). - iavf: use internal state to free traffic IRQs (git-fixes). - igc: Check if hardware TX timestamping is enabled earlier (git-fixes). - igc: Enable and fix RX hash usage by netstack (git-fixes). - igc: Fix Kernel Panic during ndo_tx_timeout callback (git-fixes). - igc: Fix inserting of empty frame for launchtime (git-fixes). - igc: Fix launchtime before start of cycle (git-fixes). - igc: Fix race condition in PTP tx code (git-fixes). - igc: Handle PPS start time programming for past time values (git-fixes). - igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes). - igc: Remove delay during TX ring configuration (git-fixes). - igc: Work around HW bug causing missing timestamps (git-fixes). - igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes). - input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes). - input: iqs269a - do not poll during ati (git-fixes). - input: iqs269a - do not poll during suspend or resume (git-fixes). - jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (git-fixes). - jffs2: fix memory leak in jffs2_do_fill_super (git-fixes). - jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes). - jffs2: fix memory leak in jffs2_scan_medium (git-fixes). - jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes). - jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes). - jfs: jfs_dmap: Validate db_l2nbperpage while mounting (git-fixes). - kvm: arm64: do not read a hw interrupt pending state in user context (git-fixes) - kvm: arm64: warn if accessing timer pending state outside of vcpu (bsc#1213620) - kvm: do not null dereference ops->destroy (git-fixes) - kvm: downgrade two bug_ons to warn_on_once (git-fixes) - kvm: initialize debugfs_dentry when a vm is created to avoid null (git-fixes) - kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867). - kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git-fixes). - kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git-fixes). - kvm: vmx: restore vmx_vmexit alignment (git-fixes). - kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes). - libceph: harden msgr2.1 frame segment length checks (bsc#1213857). - media: staging: atomisp: select V4L2_FWNODE (git-fixes). - net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). - net/sched: sch_qfq: reintroduce lmax bound check for MTU (bsc#1213585). - net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes). - net: mana: Batch ringing RX queue doorbell on receiving packets (bsc#1212901). - net: mana: Use the correct WQE count for ringing RQ doorbell (bsc#1212901). - net: phy: marvell10g: fix 88x3310 power up (git-fixes). - nfsd: add encoding of op_recall flag for write delegation (git-fixes). - nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes). - nfsd: fix sparse warning (git-fixes). - nfsd: remove open coding of string copy (git-fixes). - nfsv4.1: always send a reclaim_complete after establishing lease (git-fixes). - nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git-fixes). - nvme-pci: fix DMA direction of unmapping integrity data (git-fixes). - nvme-pci: remove nvme_queue from nvme_iod (git-fixes). - octeontx-af: fix hardware timestamp configuration (git-fixes). - octeontx2-af: Move validation of ptp pointer before its usage (git-fixes). - octeontx2-pf: Add additional check for MCAM rules (git-fixes). - phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() (git-fixes). - pinctrl: amd: Do not show `Invalid config param` errors (git-fixes). - pinctrl: amd: Use amd_pinconf_set() for all config options (git-fixes). - platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 (git-fixes). - rdma/bnxt_re: fix hang during driver unload (git-fixes) - rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes) - rdma/core: update cma destination address on rdma_resolve_addr (git-fixes) - rdma/irdma: add missing read barriers (git-fixes) - rdma/irdma: fix data race on cqp completion stats (git-fixes) - rdma/irdma: fix data race on cqp request done (git-fixes) - rdma/irdma: fix op_type reporting in cqes (git-fixes) - rdma/irdma: report correct wc error (git-fixes) - rdma/mlx4: make check for invalid flags stricter (git-fixes) - rdma/mthca: fix crash when polling cq for shared qps (git-fixes) - regmap: Account for register length in SMBus I/O limits (git-fixes). - regmap: Drop initial version of maximum transfer length fixes (git-fixes). - revert 'debugfs, coccinelle: check for obsolete define_simple_attribute() usage' (git-fixes). - revert 'nfsv4: retry lock on old_stateid during delegation return' (git-fixes). - revert 'usb: dwc3: core: enable autoretry feature in the controller' (git-fixes). - revert 'usb: gadget: tegra-xudc: fix error check in tegra_xudc_powerdomain_init()' (git-fixes). - revert 'usb: xhci: tegra: fix error check' (git-fixes). - revert 'xhci: add quirk for host controllers that do not update endpoint dcs' (git-fixes). - rxrpc, afs: Fix selection of abort codes (git-fixes). - s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870). - s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810). - s390/decompressor: specify __decompress() buf len to avoid overflow (git-fixes bsc#1213863). - s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871). - s390/qeth: Fix vipa deletion (git-fixes bsc#1213713). - s390/vmem: fix empty page tables cleanup under KASAN (git-fixes bsc#1213715). - s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870). - scftorture: Count reschedule IPIs (git-fixes). - scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is detected (bsc#1213756). - scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756). - scsi: lpfc: Clean up SLI-4 sysfs resource reporting (bsc#1213756). - scsi: lpfc: Copyright updates for 14.2.0.14 patches (bsc#1213756). - scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756). - scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path (bsc#1213756). - scsi: lpfc: Fix incorrect big endian type assignments in FDMI and VMID paths (bsc#1213756). - scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756). - scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited LOGO (bsc#1213756). - scsi: lpfc: Pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756). - scsi: lpfc: Qualify ndlp discovery state when processing RSCN (bsc#1213756). - scsi: lpfc: Refactor cpu affinity assignment paths (bsc#1213756). - scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl for loop topology (bsc#1213756). - scsi: lpfc: Replace all non-returning strlcpy() with strscpy() (bsc#1213756). - scsi: lpfc: Replace one-element array with flexible-array member (bsc#1213756). - scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756). - scsi: lpfc: Set Establish Image Pair service parameter only for Target Functions (bsc#1213756). - scsi: lpfc: Simplify fcp_abort transport callback log message (bsc#1213756). - scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756). - scsi: lpfc: Use struct_size() helper (bsc#1213756). - scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747). - scsi: qla2xxx: Array index may go out of bound (bsc#1213747). - scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747). - scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() (bsc#1213747). - scsi: qla2xxx: Correct the index of array (bsc#1213747). - scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747). - scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747). - scsi: qla2xxx: Fix TMF leak through (bsc#1213747). - scsi: qla2xxx: Fix buffer overrun (bsc#1213747). - scsi: qla2xxx: Fix command flush during TMF (bsc#1213747). - scsi: qla2xxx: Fix deletion race condition (bsc#1213747). - scsi: qla2xxx: Fix end of loop test (bsc#1213747). - scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747). - scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1213747). - scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747). - scsi: qla2xxx: Fix session hang in gnl (bsc#1213747). - scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747). - scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747). - scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue (bsc#1213747). - scsi: qla2xxx: Replace one-element array with DECLARE_FLEX_ARRAY() helper (bsc#1213747). - scsi: qla2xxx: Silence a static checker warning (bsc#1213747). - scsi: qla2xxx: Turn off noisy message log (bsc#1213747). - scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747). - scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747). - scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747). - scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747). - serial: qcom-geni: drop bogus runtime pm state update (git-fixes). - serial: sifive: Fix sifive_serial_console_setup() section (git-fixes). - soundwire: qcom: update status correctly with mask (git-fixes). - staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-fixes). - staging: r8712: Fix memory leak in _r8712_init_xmit_priv() (git-fixes). - sunrpc: always free ctxt when freeing deferred request (git-fixes). - sunrpc: double free xprt_ctxt while still in use (git-fixes). - sunrpc: fix trace_svc_register() call site (git-fixes). - sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes). - sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes). - sunrpc: remove the maximum number of retries in call_bind_status (git-fixes). - svcrdma: Prevent page release when nothing was received (git-fixes). - tpm_tis: Explicitly check for error code (git-fixes). - tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes). - ubifs: Add missing iput if do_tmpfile() failed in rename whiteout (git-fixes). - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes). - ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work (git-fixes). - ubifs: Fix AA deadlock when setting xattr for encrypted file (git-fixes). - ubifs: Fix build errors as symbol undefined (git-fixes). - ubifs: Fix deadlock in concurrent rename whiteout and inode writeback (git-fixes). - ubifs: Fix memory leak in alloc_wbufs() (git-fixes). - ubifs: Fix memory leak in do_rename (git-fixes). - ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes). - ubifs: Fix to add refcount once page is set private (git-fixes). - ubifs: Fix wrong dirty space budget for dirty inode (git-fixes). - ubifs: Free memory for tmpfile name (git-fixes). - ubifs: Rectify space amount budget for mkdir/tmpfile operations (git-fixes). - ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes). - ubifs: Rectify space budget for ubifs_xrename() (git-fixes). - ubifs: Rename whiteout atomically (git-fixes). - ubifs: Reserve one leb for each journal head while doing budget (git-fixes). - ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 (git-fixes). - ubifs: rename_whiteout: Fix double free for whiteout_ui->data (git-fixes). - ubifs: rename_whiteout: correct old_dir size computing (git-fixes). - ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes). - ubifs: ubifs_writepage: Mark page dirty after writing inode failed (git-fixes). - usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes). - usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy (git-fixes). - usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). - usb: xhci-mtk: set the dma max_seg_size (git-fixes). - vhost: support PACKED when setting-getting vring_base (git-fixes). - vhost_net: revert upend_idx only on retriable error (git-fixes). - virtio-net: Maintain reverse cleanup order (git-fixes). - virtio_net: Fix error unwinding of XDP initialization (git-fixes). - x86/PVH: obtain VGA console info in Dom0 (git-fixes). - xen/blkfront: Only check REQ_FUA for writes (git-fixes). - xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3330-1 Released: Wed Aug 16 08:59:33 2023 Summary: Recommended update for python-pyasn1 Type: recommended Severity: important References: 1207805 This update for python-pyasn1 fixes the following issues: - To avoid users of this package having to recompile bytecode files, change the mtime of any __init__.py. (bsc#1207805) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3363-1 Released: Fri Aug 18 14:54:16 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3369-1 Released: Tue Aug 22 11:12:02 2023 Summary: Security update for python-configobj Type: security Severity: low References: 1210070,CVE-2023-26112 This update for python-configobj fixes the following issues: - CVE-2023-26112: Fixed regular expression denial of service vulnerability in validate.py (bsc#1210070). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3371-1 Released: Tue Aug 22 13:30:18 2023 Summary: Recommended update for liblognorm Type: recommended Severity: moderate References: This update for liblognorm fixes the following issues: - Update to liblognorm v2.0.6 (jsc#PED-4883) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3372-1 Released: Tue Aug 22 13:44:38 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1211757,1213212 This update for rsyslog fixes the following issues: - Fix removal of imfile state files (bsc#1213212) - Fix segfaults in modExit() of imklog.c (bsc#1211757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3395-1 Released: Wed Aug 23 18:09:24 2023 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1213616,1214082,1214083,CVE-2022-40982,CVE-2023-20569,CVE-2023-20593 This update for xen fixes the following issues: - CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434) - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435) - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3397-1 Released: Wed Aug 23 18:35:56 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) - Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3452-1 Released: Mon Aug 28 12:41:11 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1213951 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update from version 1.0.7 to 1.0.8 (bsc#1213951) - Capture CSP billing adapter config and log - Accept upper case Amazon string in DMI table ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3461-1 Released: Mon Aug 28 17:25:09 2023 Summary: Security update for freetype2 Type: security Severity: moderate References: 1210419,CVE-2023-2004 This update for freetype2 fixes the following issues: - CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3468-1 Released: Tue Aug 29 09:22:18 2023 Summary: Recommended update for python3 Type: recommended Severity: low References: This update for python3 fixes the following issue: - Rename sources in preparation of python3.11 (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3470-1 Released: Tue Aug 29 10:49:33 2023 Summary: Recommended update for parted Type: recommended Severity: low References: 1182142,1193412 This update for parted fixes the following issues: - fix null pointer dereference (bsc#1193412) - update mkpart options in manpage (bsc#1182142) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:3484-1 Released: Tue Aug 29 13:49:29 2023 Summary: Feature update for bind Type: feature Severity: moderate References: 1213049 This update for bind fixes the following issues: - Add dnstap support (jsc#PED-4852, jsc#PED-4853) - Log named-checkconf output (bsc#1213049) - Update to release 9.16.43 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3486-1 Released: Tue Aug 29 14:25:23 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3514-1 Released: Fri Sep 1 15:48:52 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) The following package changes have been done: - apparmor-abstractions-3.0.4-150400.5.6.1 updated - apparmor-parser-3.0.4-150400.5.6.1 updated - audit-3.0.6-150400.4.13.1 updated - bind-utils-9.16.43-150400.5.34.1 updated - blog-2.26-150300.4.6.1 updated - ca-certificates-mozilla-2.62-150200.30.1 updated - cloud-init-config-suse-23.1-150100.8.66.1 updated - cloud-init-23.1-150100.8.66.1 updated - gawk-4.2.1-150000.3.3.1 updated - kernel-default-5.14.21-150400.24.81.1 updated - krb5-1.19.2-150400.3.6.1 updated - libapparmor1-3.0.4-150400.5.6.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libauparse0-3.0.6-150400.4.13.1 updated - libblkid1-2.37.2-150400.8.20.1 updated - libblogger2-2.26-150300.4.6.1 updated - libcryptsetup12-2.4.3-150400.3.3.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.188.1 updated - libfdisk1-2.37.2-150400.8.20.1 updated - libfreetype6-2.10.4-150000.4.15.1 updated - libfstrm0-0.6.1-150300.9.3.1 added - liblognorm5-2.0.6-150000.3.3.1 updated - libmount1-2.37.2-150400.8.20.1 updated - libopenssl1_1-1.1.1l-150400.7.53.1 updated - libparted0-3.2-150300.21.3.1 updated - libpcre2-8-0-10.39-150400.4.9.1 updated - libprocps7-3.3.15-150000.7.34.1 updated - libprotobuf-c1-1.3.2-150200.3.6.1 added - libsmartcols1-2.37.2-150400.8.20.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libudev1-249.16-150400.8.33.1 updated - libuuid1-2.37.2-150400.8.20.1 updated - libxslt1-1.1.34-150400.3.3.1 added - libyajl2-2.1.0-150000.4.6.1 updated - libzypp-17.31.20-150400.3.40.1 updated - login_defs-4.8.1-150400.10.9.1 updated - openssl-1_1-1.1.1l-150400.7.53.1 updated - parted-3.2-150300.21.3.1 updated - procps-3.3.15-150000.7.34.1 updated - python-instance-billing-flavor-check-0.0.2-150000.1.3.1 added - python3-apipkg-1.4-150000.3.6.1 updated - python3-bind-9.16.43-150400.5.34.1 updated - python3-configobj-5.0.6-150000.3.3.1 updated - python3-cssselect-1.0.3-150000.3.3.1 added - python3-lxml-4.7.1-150200.3.10.1 added - python3-more-itertools-8.10.0-150400.5.69 updated - python3-ordered-set-4.0.2-150400.8.34 updated - python3-pyOpenSSL-21.0.0-150400.7.62 updated - python3-pyasn1-0.4.2-150000.3.5.1 updated - rsyslog-module-relp-8.2306.0-150400.5.18.1 updated - rsyslog-8.2306.0-150400.5.18.1 updated - shadow-4.8.1-150400.10.9.1 updated - supportutils-plugin-suse-public-cloud-1.0.8-150000.3.17.1 updated - system-group-audit-3.0.6-150400.4.13.1 updated - systemd-sysvinit-249.16-150400.8.33.1 updated - systemd-249.16-150400.8.33.1 updated - udev-249.16-150400.8.33.1 updated - util-linux-systemd-2.37.2-150400.8.20.1 updated - util-linux-2.37.2-150400.8.20.1 updated - vim-data-common-9.0.1572-150000.5.49.1 updated - vim-9.0.1572-150000.5.49.1 updated - xen-libs-4.16.5_02-150400.4.31.1 updated - zypper-1.14.63-150400.3.29.1 updated From sle-updates at lists.suse.com Tue Sep 5 07:02:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Sep 2023 09:02:27 +0200 (CEST) Subject: SUSE-IU-2023:603-1: Security update of suse-sles-15-sp4-chost-byos-v20230901-hvm-ssd-x86_64 Message-ID: <20230905070227.8D78CFCA4@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230901-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:603-1 Image Tags : suse-sles-15-sp4-chost-byos-v20230901-hvm-ssd-x86_64:20230901 Image Release : Severity : critical Type : security References : 1027519 1118088 1158763 1179534 1182142 1184177 1184758 1186606 1193412 1193752 1194038 1194609 1194900 1201253 1201519 1204844 1206418 1206627 1207129 1207805 1208194 1208574 1209741 1210070 1210273 1210323 1210419 1210627 1210702 1210740 1210780 1211079 1211131 1211461 1211576 1211738 1211757 1212434 1212502 1212604 1212879 1212901 1212928 1213049 1213167 1213185 1213189 1213212 1213231 1213272 1213287 1213304 1213443 1213472 1213514 1213517 1213557 1213575 1213582 1213585 1213586 1213588 1213616 1213620 1213653 1213673 1213713 1213715 1213747 1213756 1213759 1213777 1213810 1213812 1213842 1213853 1213856 1213857 1213863 1213867 1213870 1213871 1213873 1213951 1214025 1214054 1214071 1214082 1214083 1214248 1214290 CVE-2018-19787 CVE-2020-27783 CVE-2021-28957 CVE-2021-30560 CVE-2021-3429 CVE-2021-43818 CVE-2022-2309 CVE-2022-40982 CVE-2022-40982 CVE-2022-41409 CVE-2022-48468 CVE-2023-0459 CVE-2023-1786 CVE-2023-2004 CVE-2023-20569 CVE-2023-20569 CVE-2023-20593 CVE-2023-21400 CVE-2023-2156 CVE-2023-2166 CVE-2023-26112 CVE-2023-31083 CVE-2023-3268 CVE-2023-33460 CVE-2023-3567 CVE-2023-36054 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 CVE-2023-3817 CVE-2023-4004 CVE-2023-4016 CVE-2023-4156 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20230901-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:803-1 Released: Thu Mar 10 17:35:53 2022 Summary: Security update for python-lxml Type: security Severity: important References: 1118088,1179534,1184177,1193752,CVE-2018-19787,CVE-2020-27783,CVE-2021-28957,CVE-2021-43818 This update for python-lxml fixes the following issues: - CVE-2018-19787: Fixed XSS vulnerability via unescaped URL (bsc#1118088). - CVE-2021-28957: Fixed XSS vulnerability ia HTML5 attributes unescaped (bsc#1184177). - CVE-2021-43818: Fixed XSS vulnerability via script content in SVG images using data URIs (bnc#1193752). - CVE-2020-27783: Fixed mutation XSS with improper parser use (bnc#1179534). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2548-1 Released: Tue Jul 26 13:48:28 2022 Summary: Critical update for python-cssselect Type: recommended Severity: critical References: This update for python-cssselect implements packages to the unrestrictied repository. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2908-1 Released: Fri Aug 26 11:36:03 2022 Summary: Security update for python-lxml Type: security Severity: important References: 1201253,CVE-2022-2309 This update for python-lxml fixes the following issues: - CVE-2022-2309: Fixed NULL pointer dereference due to state leak between parser runs (bsc#1201253). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:557-1 Released: Tue Feb 28 09:29:15 2023 Summary: Security update for libxslt Type: security Severity: important References: 1208574,CVE-2021-30560 This update for libxslt fixes the following issues: - CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2143-1 Released: Tue May 9 14:49:45 2023 Summary: Security update for protobuf-c Type: security Severity: important References: 1210323,CVE-2022-48468 This update for protobuf-c fixes the following issues: - CVE-2022-48468: Fixed an unsigned integer overflow. (bsc#1210323) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2898-1 Released: Thu Jul 20 09:15:33 2023 Summary: Recommended update for python-instance-billing-flavor-check Type: feature Severity: critical References: This update for python-instance-billing-flavor-check fixes the following issues: - Include PAYG checker package in SLE (jsc#PED-4791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2905-1 Released: Thu Jul 20 10:17:54 2023 Summary: Recommended update for fstrm Type: recommended Severity: moderate References: This update for fstrm fixes the following issues: - Update to 0.6.1: - fstrm_capture: ignore SIGPIPE, which will cause the interrupted connections to generate an EPIPE instead. - Fix truncation in snprintf calls in argument processing. - fstrm_capture: Fix output printf format. - Update to 0.6.0 It adds a new feature for fstrm_capture. It can perform output file rotation when a SIGUSR1 signal is received by fstrm_capture. (See the --gmtime or --localtime options.) This allows fstrm_capture's output file to be rotated by logrotate or a similar external utility. (Output rotation is suppressed if fstrm_capture is writing to stdout.) Update to 0.5.0 - Change license to modern MIT license for compatibility with GPLv2 software. Contact software at farsightsecurity.com for alternate licensing. - src/fstrm_replay.c: For OpenBSD and Posix portability include netinet/in.h and sys/socket.h to get struct sockaddr_in and the AF_* defines respectively. - Fix various compiler warnings. Update to 0.4.0 The C implementation of the Frame Streams data transport protocol, fstrm version 0.4.0, was released. It adds TCP support, a new tool, new documentation, and several improvements. - Added manual pages for fstrm_capture and fstrm_dump. - Added new tool, fstrm_replay, for replaying saved Frame Streams data to a socket connection. - Adds TCP support. Add tcp_writer to the core library which implements a bi-directional Frame Streams writer as a TCP socket client. Introduces new developer API: fstrm_tcp_writer_init, fstrm_tcp_writer_options_init, fstrm_tcp_writer_options_destroy, fstrm_tcp_writer_options_set_socket_address, and fstrm_tcp_writer_options_set_socket_port. - fstrm_capture: new options for reading from TCP socket. - fstrm_capture: add '-c' / '--connections' option to limit the number of concurrent connections it will accept. - fstrm_capture: add '-b / --buffer-size' option to set the read buffer size (effectively the maximum frame size) to a value other than the default 256 KiB. - fstrm_capture: skip oversize messages to fix stalled connections caused by messages larger than the read highwater mark of the input buffer. Discarded messages are logged for the purposes of tuning the input buffer size. - fstrm_capture: complete sending of FINISH frame before closing connection. - Various test additions and improvements. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3196-1 Released: Fri Aug 4 10:02:04 2023 Summary: Recommended update for protobuf-c Type: recommended Severity: moderate References: 1213443 This update for protobuf-c fixes the following issues: - Include executables required to generate Protocol Buffers glue code in the devel subpackage (bsc#1213443) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3217-1 Released: Mon Aug 7 16:51:10 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3270-1 Released: Thu Aug 10 19:34:35 2023 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1211461 This update for vim fixes the following issues: - Calling vim on xterm leads to missing first character of the command prompt (bsc#1211461) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3275-1 Released: Fri Aug 11 10:19:36 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1213472 This update for apparmor fixes the following issues: - Add pam_apparmor README (bsc#1213472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3282-1 Released: Fri Aug 11 10:26:23 2023 Summary: Recommended update for blog Type: recommended Severity: moderate References: This update for blog fixes the following issues: - Fix big endian cast problems to be able to read commands and ansers as well as passphrases ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:3283-1 Released: Fri Aug 11 10:28:34 2023 Summary: Feature update for cloud-init Type: feature Severity: moderate References: 1184758,1210273,1212879,CVE-2021-3429,CVE-2023-1786 This update for cloud-init fixes the following issues: - Default route is not configured (bsc#1212879) - cloud-final service failing in powerVS (bsc#1210273) - Randomly generated passwords logged in clear-text to world-readable file (bsc#1184758, CVE-2021-3429) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3286-1 Released: Fri Aug 11 10:32:03 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1194900 This update for util-linux fixes the following issues: - Fix blkid for floppy drives (bsc#1194900) - Fix rpmbuild %checks fail when @ in the directory path (bsc#1194038) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3288-1 Released: Fri Aug 11 12:30:14 2023 Summary: Recommended update for python-apipkg Type: recommended Severity: moderate References: 1213582 This update for python-apipkg provides python3-apipkg to SUSE Linux Enterprise Micro 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3301-1 Released: Mon Aug 14 07:24:59 2023 Summary: Security update for libyajl Type: security Severity: moderate References: 1212928,CVE-2023-33460 This update for libyajl fixes the following issues: - CVE-2023-33460: Fixed memory leak which could cause out-of-memory in server (bsc#1212928). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3313-1 Released: Mon Aug 14 17:34:46 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1206418,1207129,1210627,1210780,1211131,1211738,1212502,1212604,1212901,1213167,1213272,1213287,1213304,1213585,1213586,1213588,1213620,1213653,1213713,1213715,1213747,1213756,1213759,1213777,1213810,1213812,1213842,1213856,1213857,1213863,1213867,1213870,1213871,CVE-2022-40982,CVE-2023-0459,CVE-2023-20569,CVE-2023-21400,CVE-2023-2156,CVE-2023-2166,CVE-2023-31083,CVE-2023-3268,CVE-2023-3567,CVE-2023-3609,CVE-2023-3611,CVE-2023-3776,CVE-2023-4004 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418). - CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). - CVE-2023-20569: Fixed side channel attack ???Inception??? or ???RAS Poisoning??? (bsc#1213287). - CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627). - CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). - CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502). - CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). - CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). - CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588). - CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). The following non-security bugs were fixed: - afs: Fix access after dec in put functions (git-fixes). - afs: Fix afs_getattr() to refetch file status if callback break occurred (git-fixes). - afs: Fix dynamic root getattr (git-fixes). - afs: Fix fileserver probe RTT handling (git-fixes). - afs: Fix infinite loop found by xfstest generic/676 (git-fixes). - afs: Fix lost servers_outstanding count (git-fixes). - afs: Fix server->active leak in afs_put_server (git-fixes). - afs: Fix setting of mtime when creating a file/dir/symlink (git-fixes). - afs: Fix updating of i_size with dv jump from server (git-fixes). - afs: Fix vlserver probe RTT handling (git-fixes). - afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (git-fixes). - afs: Use refcount_t rather than atomic_t (git-fixes). - afs: Use the operation issue time instead of the reply time for callbacks (git-fixes). - afs: adjust ack interpretation to try and cope with nat (git-fixes). - alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes). - alsa: hda/realtek: support asus g713pv laptop (git-fixes). - alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes). - alsa: usb-audio: add quirk for microsoft modern wireless headset (bsc#1207129). - alsa: usb-audio: update for native dsd support quirks (git-fixes). - asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes). - asoc: codecs: es8316: fix dmic config (git-fixes). - asoc: da7219: check for failure reading aad irq events (git-fixes). - asoc: da7219: flush pending aad irq when suspending (git-fixes). - asoc: fsl_sai: disable bit clock with transmitter (git-fixes). - asoc: fsl_spdif: silence output on stop (git-fixes). - asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes). - ata: pata_ns87415: mark ns87560_tf_read static (git-fixes). - block, bfq: Fix division by zero error on zero wsum (bsc#1213653). - block: Fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes). - can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED (git-fixes). - ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856). - coda: Avoid partial allocation of sig_inputArgs (git-fixes). - dlm: fix missing lkb refcount handling (git-fixes). - dlm: fix plock invalid read (git-fixes). - documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-fixes). - drm/amd/display: Disable MPC split by default on special asic (git-fixes). - drm/amd/display: Keep PHY active for DP displays on DCN31 (git-fixes). - drm/client: Fix memory leak in drm_client_modeset_probe (git-fixes). - drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes). - drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes). - drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() (git-fixes). - drm/radeon: Fix integer overflow in radeon_cs_parser_init (git-fixes). - file: always lock position for FMODE_ATOMIC_POS (bsc#1213759). - fs: dlm: add midcomms init/start functions (git-fixes). - fs: dlm: do not set stop rx flag after node reset (git-fixes). - fs: dlm: filter user dlm messages for kernel locks (git-fixes). - fs: dlm: fix log of lowcomms vs midcomms (git-fixes). - fs: dlm: fix race between test_bit() and queue_work() (git-fixes). - fs: dlm: fix race in lowcomms (git-fixes). - fs: dlm: handle -EBUSY first in lock arg validation (git-fixes). - fs: dlm: move sending fin message into state change handling (git-fixes). - fs: dlm: retry accept() until -EAGAIN or error returns (git-fixes). - fs: dlm: return positive pid value for F_GETLK (git-fixes). - fs: dlm: start midcomms before scand (git-fixes). - fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (git-fixes). - fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (git-fixes). - fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes). - fs: jfs: fix null-ptr-deref read in txbegin (git-fixes). - gve: Set default duplex configuration to full (git-fixes). - gve: unify driver name usage (git-fixes). - hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature (git-fixes). - hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled (git-fixes). - iavf: Fix out-of-bounds when setting channels on remove (git-fixes). - iavf: Fix use-after-free in free_netdev (git-fixes). - iavf: use internal state to free traffic IRQs (git-fixes). - igc: Check if hardware TX timestamping is enabled earlier (git-fixes). - igc: Enable and fix RX hash usage by netstack (git-fixes). - igc: Fix Kernel Panic during ndo_tx_timeout callback (git-fixes). - igc: Fix inserting of empty frame for launchtime (git-fixes). - igc: Fix launchtime before start of cycle (git-fixes). - igc: Fix race condition in PTP tx code (git-fixes). - igc: Handle PPS start time programming for past time values (git-fixes). - igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes). - igc: Remove delay during TX ring configuration (git-fixes). - igc: Work around HW bug causing missing timestamps (git-fixes). - igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes). - input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes). - input: iqs269a - do not poll during ati (git-fixes). - input: iqs269a - do not poll during suspend or resume (git-fixes). - jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (git-fixes). - jffs2: fix memory leak in jffs2_do_fill_super (git-fixes). - jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes). - jffs2: fix memory leak in jffs2_scan_medium (git-fixes). - jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes). - jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes). - jfs: jfs_dmap: Validate db_l2nbperpage while mounting (git-fixes). - kvm: arm64: do not read a hw interrupt pending state in user context (git-fixes) - kvm: arm64: warn if accessing timer pending state outside of vcpu (bsc#1213620) - kvm: do not null dereference ops->destroy (git-fixes) - kvm: downgrade two bug_ons to warn_on_once (git-fixes) - kvm: initialize debugfs_dentry when a vm is created to avoid null (git-fixes) - kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867). - kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git-fixes). - kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git-fixes). - kvm: vmx: restore vmx_vmexit alignment (git-fixes). - kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes). - libceph: harden msgr2.1 frame segment length checks (bsc#1213857). - media: staging: atomisp: select V4L2_FWNODE (git-fixes). - net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). - net/sched: sch_qfq: reintroduce lmax bound check for MTU (bsc#1213585). - net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes). - net: mana: Batch ringing RX queue doorbell on receiving packets (bsc#1212901). - net: mana: Use the correct WQE count for ringing RQ doorbell (bsc#1212901). - net: phy: marvell10g: fix 88x3310 power up (git-fixes). - nfsd: add encoding of op_recall flag for write delegation (git-fixes). - nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes). - nfsd: fix sparse warning (git-fixes). - nfsd: remove open coding of string copy (git-fixes). - nfsv4.1: always send a reclaim_complete after establishing lease (git-fixes). - nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git-fixes). - nvme-pci: fix DMA direction of unmapping integrity data (git-fixes). - nvme-pci: remove nvme_queue from nvme_iod (git-fixes). - octeontx-af: fix hardware timestamp configuration (git-fixes). - octeontx2-af: Move validation of ptp pointer before its usage (git-fixes). - octeontx2-pf: Add additional check for MCAM rules (git-fixes). - phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() (git-fixes). - pinctrl: amd: Do not show `Invalid config param` errors (git-fixes). - pinctrl: amd: Use amd_pinconf_set() for all config options (git-fixes). - platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 (git-fixes). - rdma/bnxt_re: fix hang during driver unload (git-fixes) - rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes) - rdma/core: update cma destination address on rdma_resolve_addr (git-fixes) - rdma/irdma: add missing read barriers (git-fixes) - rdma/irdma: fix data race on cqp completion stats (git-fixes) - rdma/irdma: fix data race on cqp request done (git-fixes) - rdma/irdma: fix op_type reporting in cqes (git-fixes) - rdma/irdma: report correct wc error (git-fixes) - rdma/mlx4: make check for invalid flags stricter (git-fixes) - rdma/mthca: fix crash when polling cq for shared qps (git-fixes) - regmap: Account for register length in SMBus I/O limits (git-fixes). - regmap: Drop initial version of maximum transfer length fixes (git-fixes). - revert 'debugfs, coccinelle: check for obsolete define_simple_attribute() usage' (git-fixes). - revert 'nfsv4: retry lock on old_stateid during delegation return' (git-fixes). - revert 'usb: dwc3: core: enable autoretry feature in the controller' (git-fixes). - revert 'usb: gadget: tegra-xudc: fix error check in tegra_xudc_powerdomain_init()' (git-fixes). - revert 'usb: xhci: tegra: fix error check' (git-fixes). - revert 'xhci: add quirk for host controllers that do not update endpoint dcs' (git-fixes). - rxrpc, afs: Fix selection of abort codes (git-fixes). - s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870). - s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810). - s390/decompressor: specify __decompress() buf len to avoid overflow (git-fixes bsc#1213863). - s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871). - s390/qeth: Fix vipa deletion (git-fixes bsc#1213713). - s390/vmem: fix empty page tables cleanup under KASAN (git-fixes bsc#1213715). - s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870). - scftorture: Count reschedule IPIs (git-fixes). - scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is detected (bsc#1213756). - scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756). - scsi: lpfc: Clean up SLI-4 sysfs resource reporting (bsc#1213756). - scsi: lpfc: Copyright updates for 14.2.0.14 patches (bsc#1213756). - scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756). - scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path (bsc#1213756). - scsi: lpfc: Fix incorrect big endian type assignments in FDMI and VMID paths (bsc#1213756). - scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756). - scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited LOGO (bsc#1213756). - scsi: lpfc: Pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756). - scsi: lpfc: Qualify ndlp discovery state when processing RSCN (bsc#1213756). - scsi: lpfc: Refactor cpu affinity assignment paths (bsc#1213756). - scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl for loop topology (bsc#1213756). - scsi: lpfc: Replace all non-returning strlcpy() with strscpy() (bsc#1213756). - scsi: lpfc: Replace one-element array with flexible-array member (bsc#1213756). - scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756). - scsi: lpfc: Set Establish Image Pair service parameter only for Target Functions (bsc#1213756). - scsi: lpfc: Simplify fcp_abort transport callback log message (bsc#1213756). - scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756). - scsi: lpfc: Use struct_size() helper (bsc#1213756). - scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747). - scsi: qla2xxx: Array index may go out of bound (bsc#1213747). - scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747). - scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() (bsc#1213747). - scsi: qla2xxx: Correct the index of array (bsc#1213747). - scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747). - scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747). - scsi: qla2xxx: Fix TMF leak through (bsc#1213747). - scsi: qla2xxx: Fix buffer overrun (bsc#1213747). - scsi: qla2xxx: Fix command flush during TMF (bsc#1213747). - scsi: qla2xxx: Fix deletion race condition (bsc#1213747). - scsi: qla2xxx: Fix end of loop test (bsc#1213747). - scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747). - scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1213747). - scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747). - scsi: qla2xxx: Fix session hang in gnl (bsc#1213747). - scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747). - scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747). - scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue (bsc#1213747). - scsi: qla2xxx: Replace one-element array with DECLARE_FLEX_ARRAY() helper (bsc#1213747). - scsi: qla2xxx: Silence a static checker warning (bsc#1213747). - scsi: qla2xxx: Turn off noisy message log (bsc#1213747). - scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747). - scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747). - scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747). - scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747). - serial: qcom-geni: drop bogus runtime pm state update (git-fixes). - serial: sifive: Fix sifive_serial_console_setup() section (git-fixes). - soundwire: qcom: update status correctly with mask (git-fixes). - staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-fixes). - staging: r8712: Fix memory leak in _r8712_init_xmit_priv() (git-fixes). - sunrpc: always free ctxt when freeing deferred request (git-fixes). - sunrpc: double free xprt_ctxt while still in use (git-fixes). - sunrpc: fix trace_svc_register() call site (git-fixes). - sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes). - sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes). - sunrpc: remove the maximum number of retries in call_bind_status (git-fixes). - svcrdma: Prevent page release when nothing was received (git-fixes). - tpm_tis: Explicitly check for error code (git-fixes). - tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes). - ubifs: Add missing iput if do_tmpfile() failed in rename whiteout (git-fixes). - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes). - ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work (git-fixes). - ubifs: Fix AA deadlock when setting xattr for encrypted file (git-fixes). - ubifs: Fix build errors as symbol undefined (git-fixes). - ubifs: Fix deadlock in concurrent rename whiteout and inode writeback (git-fixes). - ubifs: Fix memory leak in alloc_wbufs() (git-fixes). - ubifs: Fix memory leak in do_rename (git-fixes). - ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes). - ubifs: Fix to add refcount once page is set private (git-fixes). - ubifs: Fix wrong dirty space budget for dirty inode (git-fixes). - ubifs: Free memory for tmpfile name (git-fixes). - ubifs: Rectify space amount budget for mkdir/tmpfile operations (git-fixes). - ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes). - ubifs: Rectify space budget for ubifs_xrename() (git-fixes). - ubifs: Rename whiteout atomically (git-fixes). - ubifs: Reserve one leb for each journal head while doing budget (git-fixes). - ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 (git-fixes). - ubifs: rename_whiteout: Fix double free for whiteout_ui->data (git-fixes). - ubifs: rename_whiteout: correct old_dir size computing (git-fixes). - ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes). - ubifs: ubifs_writepage: Mark page dirty after writing inode failed (git-fixes). - usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes). - usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy (git-fixes). - usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). - usb: xhci-mtk: set the dma max_seg_size (git-fixes). - vhost: support PACKED when setting-getting vring_base (git-fixes). - vhost_net: revert upend_idx only on retriable error (git-fixes). - virtio-net: Maintain reverse cleanup order (git-fixes). - virtio_net: Fix error unwinding of XDP initialization (git-fixes). - x86/PVH: obtain VGA console info in Dom0 (git-fixes). - xen/blkfront: Only check REQ_FUA for writes (git-fixes). - xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3330-1 Released: Wed Aug 16 08:59:33 2023 Summary: Recommended update for python-pyasn1 Type: recommended Severity: important References: 1207805 This update for python-pyasn1 fixes the following issues: - To avoid users of this package having to recompile bytecode files, change the mtime of any __init__.py. (bsc#1207805) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3363-1 Released: Fri Aug 18 14:54:16 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3369-1 Released: Tue Aug 22 11:12:02 2023 Summary: Security update for python-configobj Type: security Severity: low References: 1210070,CVE-2023-26112 This update for python-configobj fixes the following issues: - CVE-2023-26112: Fixed regular expression denial of service vulnerability in validate.py (bsc#1210070). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3371-1 Released: Tue Aug 22 13:30:18 2023 Summary: Recommended update for liblognorm Type: recommended Severity: moderate References: This update for liblognorm fixes the following issues: - Update to liblognorm v2.0.6 (jsc#PED-4883) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3372-1 Released: Tue Aug 22 13:44:38 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1211757,1213212 This update for rsyslog fixes the following issues: - Fix removal of imfile state files (bsc#1213212) - Fix segfaults in modExit() of imklog.c (bsc#1211757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3395-1 Released: Wed Aug 23 18:09:24 2023 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1213616,1214082,1214083,CVE-2022-40982,CVE-2023-20569,CVE-2023-20593 This update for xen fixes the following issues: - CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434) - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435) - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3397-1 Released: Wed Aug 23 18:35:56 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) - Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3452-1 Released: Mon Aug 28 12:41:11 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1213951 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update from version 1.0.7 to 1.0.8 (bsc#1213951) - Capture CSP billing adapter config and log - Accept upper case Amazon string in DMI table ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3461-1 Released: Mon Aug 28 17:25:09 2023 Summary: Security update for freetype2 Type: security Severity: moderate References: 1210419,CVE-2023-2004 This update for freetype2 fixes the following issues: - CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3468-1 Released: Tue Aug 29 09:22:18 2023 Summary: Recommended update for python3 Type: recommended Severity: low References: This update for python3 fixes the following issue: - Rename sources in preparation of python3.11 (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3470-1 Released: Tue Aug 29 10:49:33 2023 Summary: Recommended update for parted Type: recommended Severity: low References: 1182142,1193412 This update for parted fixes the following issues: - fix null pointer dereference (bsc#1193412) - update mkpart options in manpage (bsc#1182142) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:3484-1 Released: Tue Aug 29 13:49:29 2023 Summary: Feature update for bind Type: feature Severity: moderate References: 1213049 This update for bind fixes the following issues: - Add dnstap support (jsc#PED-4852, jsc#PED-4853) - Log named-checkconf output (bsc#1213049) - Update to release 9.16.43 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3486-1 Released: Tue Aug 29 14:25:23 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3514-1 Released: Fri Sep 1 15:48:52 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) The following package changes have been done: - apparmor-abstractions-3.0.4-150400.5.6.1 updated - apparmor-parser-3.0.4-150400.5.6.1 updated - audit-3.0.6-150400.4.13.1 updated - bind-utils-9.16.43-150400.5.34.1 updated - blog-2.26-150300.4.6.1 updated - ca-certificates-mozilla-2.62-150200.30.1 updated - cloud-init-config-suse-23.1-150100.8.66.1 updated - cloud-init-23.1-150100.8.66.1 updated - gawk-4.2.1-150000.3.3.1 updated - kernel-default-5.14.21-150400.24.81.1 updated - krb5-1.19.2-150400.3.6.1 updated - libapparmor1-3.0.4-150400.5.6.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libauparse0-3.0.6-150400.4.13.1 updated - libblkid1-2.37.2-150400.8.20.1 updated - libblogger2-2.26-150300.4.6.1 updated - libcryptsetup12-2.4.3-150400.3.3.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.188.1 updated - libfdisk1-2.37.2-150400.8.20.1 updated - libfreetype6-2.10.4-150000.4.15.1 updated - libfstrm0-0.6.1-150300.9.3.1 added - liblognorm5-2.0.6-150000.3.3.1 updated - libmount1-2.37.2-150400.8.20.1 updated - libopenssl1_1-1.1.1l-150400.7.53.1 updated - libparted0-3.2-150300.21.3.1 updated - libpcre2-8-0-10.39-150400.4.9.1 updated - libprocps7-3.3.15-150000.7.34.1 updated - libprotobuf-c1-1.3.2-150200.3.6.1 added - libsmartcols1-2.37.2-150400.8.20.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libudev1-249.16-150400.8.33.1 updated - libuuid1-2.37.2-150400.8.20.1 updated - libxslt1-1.1.34-150400.3.3.1 added - libyajl2-2.1.0-150000.4.6.1 updated - libzypp-17.31.20-150400.3.40.1 updated - login_defs-4.8.1-150400.10.9.1 updated - openssl-1_1-1.1.1l-150400.7.53.1 updated - parted-3.2-150300.21.3.1 updated - procps-3.3.15-150000.7.34.1 updated - python-instance-billing-flavor-check-0.0.2-150000.1.3.1 added - python3-apipkg-1.4-150000.3.6.1 updated - python3-bind-9.16.43-150400.5.34.1 updated - python3-configobj-5.0.6-150000.3.3.1 updated - python3-cssselect-1.0.3-150000.3.3.1 added - python3-lxml-4.7.1-150200.3.10.1 added - python3-more-itertools-8.10.0-150400.5.69 updated - python3-ordered-set-4.0.2-150400.8.34 updated - python3-pyOpenSSL-21.0.0-150400.7.62 updated - python3-pyasn1-0.4.2-150000.3.5.1 updated - rsyslog-module-relp-8.2306.0-150400.5.18.1 updated - rsyslog-8.2306.0-150400.5.18.1 updated - shadow-4.8.1-150400.10.9.1 updated - supportutils-plugin-suse-public-cloud-1.0.8-150000.3.17.1 updated - system-group-audit-3.0.6-150400.4.13.1 updated - systemd-sysvinit-249.16-150400.8.33.1 updated - systemd-249.16-150400.8.33.1 updated - udev-249.16-150400.8.33.1 updated - util-linux-systemd-2.37.2-150400.8.20.1 updated - util-linux-2.37.2-150400.8.20.1 updated - vim-data-common-9.0.1572-150000.5.49.1 updated - vim-9.0.1572-150000.5.49.1 updated - xen-libs-4.16.5_02-150400.4.31.1 updated - xen-tools-domU-4.16.5_02-150400.4.31.1 updated - zypper-1.14.63-150400.3.29.1 updated From sle-updates at lists.suse.com Tue Sep 5 07:02:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Sep 2023 09:02:43 +0200 (CEST) Subject: SUSE-IU-2023:604-1: Security update of sles-15-sp4-chost-byos-v20230901-arm64 Message-ID: <20230905070243.1D067FCA4@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20230901-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:604-1 Image Tags : sles-15-sp4-chost-byos-v20230901-arm64:20230901 Image Release : Severity : critical Type : security References : 1002895 1027519 1102408 1107105 1118088 1138666 1138715 1138746 1158763 1167732 1176389 1177120 1179534 1179805 1182142 1182421 1182422 1184177 1184505 1186606 1187045 1193412 1193752 1194038 1194609 1194900 1195916 1196696 1198331 1200771 1201253 1201519 1202498 1202498 1204145 1204364 1204844 1206212 1206418 1206627 1207129 1207805 1208036 1208194 1208574 1209741 1210323 1210419 1210627 1210702 1210740 1210780 1211079 1211131 1211461 1211576 1211674 1211738 1211757 1212434 1212502 1212604 1212901 1212928 1213049 1213167 1213185 1213189 1213212 1213231 1213272 1213287 1213304 1213443 1213472 1213514 1213517 1213557 1213575 1213582 1213585 1213586 1213588 1213616 1213620 1213653 1213673 1213713 1213715 1213747 1213756 1213759 1213777 1213810 1213812 1213842 1213853 1213856 1213857 1213863 1213867 1213870 1213871 1213873 1213951 1214025 1214054 1214071 1214082 1214083 1214248 1214290 CVE-2018-19787 CVE-2020-25659 CVE-2020-26137 CVE-2020-27783 CVE-2020-29651 CVE-2020-29651 CVE-2021-28957 CVE-2021-30560 CVE-2021-33503 CVE-2021-43818 CVE-2022-2309 CVE-2022-23491 CVE-2022-40982 CVE-2022-40982 CVE-2022-41409 CVE-2022-42969 CVE-2022-48468 CVE-2023-0459 CVE-2023-2004 CVE-2023-20569 CVE-2023-20569 CVE-2023-20593 CVE-2023-21400 CVE-2023-2156 CVE-2023-2166 CVE-2023-23931 CVE-2023-31083 CVE-2023-3268 CVE-2023-32681 CVE-2023-33460 CVE-2023-3567 CVE-2023-36054 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 CVE-2023-3817 CVE-2023-4004 CVE-2023-4016 CVE-2023-4156 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20230901-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1037-1 Released: Mon Apr 20 10:49:39 2020 Summary: Recommended update for python-pytest Type: recommended Severity: low References: 1002895,1107105,1138666,1167732 This update fixes the following issues: New python-pytest versions are provided. In Basesystem: - python3-pexpect: updated to 4.8.0 - python3-py: updated to 1.8.1 - python3-zipp: shipped as dependency in version 0.6.0 In Python2: - python2-pexpect: updated to 4.8.0 - python2-py: updated to 1.8.1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1859-1 Released: Fri Jun 4 09:02:38 2021 Summary: Security update for python-py Type: security Severity: moderate References: 1179805,1184505,CVE-2020-29651 This update for python-py fixes the following issues: - CVE-2020-29651: Fixed regular expression denial of service in svnwc.py (bsc#1179805, bsc#1184505). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2012-1 Released: Fri Jun 18 09:15:13 2021 Summary: Security update for python-urllib3 Type: security Severity: important References: 1187045,CVE-2021-33503 This update for python-urllib3 fixes the following issues: - CVE-2021-33503: Fixed a denial of service when the URL contained many @ characters in the authority component (bsc#1187045) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2817-1 Released: Mon Aug 23 15:03:36 2021 Summary: Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 Type: security Severity: moderate References: 1102408,1138715,1138746,1176389,1177120,1182421,1182422,CVE-2020-26137 This patch updates the Python AWS SDK stack in SLE 15: General: # aws-cli - Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-boto3 - Version updated to upstream release 1.17.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-botocore - Version updated to upstream release 1.20.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-urllib3 - Version updated to upstream release 1.25.10 For a detailed list of all changes, please refer to the changelog file of this package. # python-service_identity - Added this new package to resolve runtime dependencies for other packages. Version: 18.1.0 # python-trustme - Added this new package to resolve runtime dependencies for other packages. Version: 0.6.0 Security fixes: # python-urllib3: - CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:803-1 Released: Thu Mar 10 17:35:53 2022 Summary: Security update for python-lxml Type: security Severity: important References: 1118088,1179534,1184177,1193752,CVE-2018-19787,CVE-2020-27783,CVE-2021-28957,CVE-2021-43818 This update for python-lxml fixes the following issues: - CVE-2018-19787: Fixed XSS vulnerability via unescaped URL (bsc#1118088). - CVE-2021-28957: Fixed XSS vulnerability ia HTML5 attributes unescaped (bsc#1184177). - CVE-2021-43818: Fixed XSS vulnerability via script content in SVG images using data URIs (bnc#1193752). - CVE-2020-27783: Fixed mutation XSS with improper parser use (bnc#1179534). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2355-1 Released: Mon Jul 11 12:44:33 2022 Summary: Recommended update for python-cryptography Type: recommended Severity: moderate References: 1198331,CVE-2020-25659 This update for python-cryptography fixes the following issues: python-cryptography was updated to 3.3.2. update to 3.3.0: * BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit to 1024-bit (8 byte to 128 byte) initialization vectors. This change is to conform with an upcoming OpenSSL release that will no longer support sizes outside this window. * BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we now raise ValueError rather than UnsupportedAlgorithm when an unsupported cipher is used. This change is to conform with an upcoming OpenSSL release that will no longer distinguish between error types. * BACKWARDS INCOMPATIBLE: We no longer allow loading of finite field Diffie-Hellman parameters of less than 512 bits in length. This change is to conform with an upcoming OpenSSL release that no longer supports smaller sizes. These keys were already wildly insecure and should not have been used in any application outside of testing. * Added the recover_data_from_signature() function to RSAPublicKey for recovering the signed data from an RSA signature. Update to 3.2.1: Disable blinding on RSA public keys to address an error with some versions of OpenSSL. update to 3.2 (bsc#1178168, CVE-2020-25659): * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability. * Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder. update to 3.1: * **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based :term:`U-label` parsing in various X.509 classes. This support was originally deprecated in version 2.1 and moved to an extra in 2.5. * ``backend`` arguments to functions are no longer required and the default backend will automatically be selected if no ``backend`` is provided. * Added initial support for parsing certificates from PKCS7 files with :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates` and :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates` . * Calling ``update`` or ``update_into`` on :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data`` longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This also resolves the same issue in :doc:`/fernet`. update to 3.0: * RSA generate_private_key() no longer accepts public_exponent values except 65537 and 3 (the latter for legacy purposes). * X.509 certificate parsing now enforces that the version field contains a valid value, rather than deferring this check until version is accessed. * Deprecated support for Python 2 * Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa private keys: load_ssh_private_key() for loading and OpenSSH for writing. * Added support for OpenSSH certificates to load_ssh_public_key(). * Added encrypt_at_time() and decrypt_at_time() to Fernet. * Added support for the SubjectInformationAccess X.509 extension. * Added support for parsing SignedCertificateTimestamps in OCSP responses. * Added support for parsing attributes in certificate signing requests via get_attribute_for_oid(). * Added support for encoding attributes in certificate signing requests via add_attribute(). * On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL???s built-in CSPRNG instead of its own OS random engine because these versions of OpenSSL properly reseed on fork. * Added initial support for creating PKCS12 files with serialize_key_and_certificates(). Update to 2.9: * BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden. * BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade. * BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed. * Removed support for calling public_bytes() with no arguments, as per our deprecation policy. You must now pass encoding and format. * BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string() returns the RDNs as required by RFC 4514. * Added support for parsing single_extensions in an OCSP response. * NameAttribute values can now be empty strings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2548-1 Released: Tue Jul 26 13:48:28 2022 Summary: Critical update for python-cssselect Type: recommended Severity: critical References: This update for python-cssselect implements packages to the unrestrictied repository. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2831-1 Released: Wed Aug 17 14:41:04 2022 Summary: Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins Type: security Severity: moderate References: 1195916,1196696,CVE-2020-29651 This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues: - Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972) - Remove redundant python3 dependency from Requires - Update regular expression to fix python shebang - Style is enforced upstream and triggers unnecessary build version requirements - Allow specifying fs_id in cloudwatch log group name - Includes fix for stunnel path - Added hardening to systemd service(s). - Raise minimal pytest version - Fix typo in the ansi2html Requires - Cleanup with spec-cleaner - Make sure the tests are really executed - Remove useless devel dependency - Multiprocessing support in Python 3.8 was broken, but is now fixed - Bumpy the URL to point to github rather than to docs ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2853-1 Released: Fri Aug 19 15:59:42 2022 Summary: Recommended update for sle-module-legacy-release Type: recommended Severity: low References: 1202498 This update for python-iniconfig provides the following fix: - Ship python3-iniconfig also to openSUSE 15.3 and 15.4 (bsc#1202498) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2908-1 Released: Fri Aug 26 11:36:03 2022 Summary: Security update for python-lxml Type: security Severity: important References: 1201253,CVE-2022-2309 This update for python-lxml fixes the following issues: - CVE-2022-2309: Fixed NULL pointer dereference due to state leak between parser runs (bsc#1201253). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2943-1 Released: Tue Aug 30 15:42:16 2022 Summary: Recommended update for python-iniconfig Type: recommended Severity: low References: 1202498 This update for python-iniconfig provides the following fix: - Ship missing python2-iniconfig to openSUSE 15.3 (bsc#1202498) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3022-1 Released: Mon Sep 5 15:16:02 2022 Summary: Recommended update for python-pyOpenSSL Type: recommended Severity: moderate References: 1200771 This update for python-pyOpenSSL fixes the following issues: - Fixed checks for invalid ALPN lists before calling OpenSSL (gh#pyca/pyopenssl#1056). python-pyOpenSSL was updated to 21.0.0 (bsc#1200771, jsc#SLE-24519): - The minimum ``cryptography`` version is now 3.3. - Raise an error when an invalid ALPN value is set. - Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version`` - Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3985-1 Released: Tue Nov 15 12:54:11 2022 Summary: Recommended update for python-apipkg Type: recommended Severity: moderate References: 1204145 This update fixes for python3-apipkg the following issues: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:139-1 Released: Wed Jan 25 14:41:55 2023 Summary: Security update for python-certifi Type: security Severity: important References: 1206212,CVE-2022-23491 This update for python-certifi fixes the following issues: - remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle certs (bsc#1206212 CVE-2022-23491) - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 - Add removeTrustCor.patch ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:161-1 Released: Thu Jan 26 18:23:16 2023 Summary: Security update for python-py Type: security Severity: moderate References: 1204364,CVE-2022-42969 This update for python-py fixes the following issues: - CVE-2022-42969: Fixed an excessive resource consumption that could be triggered when interacting with a Subversion repository containing crated data (bsc#1204364). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:557-1 Released: Tue Feb 28 09:29:15 2023 Summary: Security update for libxslt Type: security Severity: important References: 1208574,CVE-2021-30560 This update for libxslt fixes the following issues: - CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:722-1 Released: Tue Mar 14 14:57:15 2023 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1208036,CVE-2023-23931 This update for python-cryptography fixes the following issues: - CVE-2023-23931: Fixed memory corruption due to invalidly changed immutable object (bsc#1208036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2143-1 Released: Tue May 9 14:49:45 2023 Summary: Security update for protobuf-c Type: security Severity: important References: 1210323,CVE-2022-48468 This update for protobuf-c fixes the following issues: - CVE-2022-48468: Fixed an unsigned integer overflow. (bsc#1210323) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2866-1 Released: Tue Jul 18 11:09:03 2023 Summary: Security update for python-requests Type: security Severity: moderate References: 1211674,CVE-2023-32681 This update for python-requests fixes the following issues: - CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2898-1 Released: Thu Jul 20 09:15:33 2023 Summary: Recommended update for python-instance-billing-flavor-check Type: feature Severity: critical References: This update for python-instance-billing-flavor-check fixes the following issues: - Include PAYG checker package in SLE (jsc#PED-4791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2905-1 Released: Thu Jul 20 10:17:54 2023 Summary: Recommended update for fstrm Type: recommended Severity: moderate References: This update for fstrm fixes the following issues: - Update to 0.6.1: - fstrm_capture: ignore SIGPIPE, which will cause the interrupted connections to generate an EPIPE instead. - Fix truncation in snprintf calls in argument processing. - fstrm_capture: Fix output printf format. - Update to 0.6.0 It adds a new feature for fstrm_capture. It can perform output file rotation when a SIGUSR1 signal is received by fstrm_capture. (See the --gmtime or --localtime options.) This allows fstrm_capture's output file to be rotated by logrotate or a similar external utility. (Output rotation is suppressed if fstrm_capture is writing to stdout.) Update to 0.5.0 - Change license to modern MIT license for compatibility with GPLv2 software. Contact software at farsightsecurity.com for alternate licensing. - src/fstrm_replay.c: For OpenBSD and Posix portability include netinet/in.h and sys/socket.h to get struct sockaddr_in and the AF_* defines respectively. - Fix various compiler warnings. Update to 0.4.0 The C implementation of the Frame Streams data transport protocol, fstrm version 0.4.0, was released. It adds TCP support, a new tool, new documentation, and several improvements. - Added manual pages for fstrm_capture and fstrm_dump. - Added new tool, fstrm_replay, for replaying saved Frame Streams data to a socket connection. - Adds TCP support. Add tcp_writer to the core library which implements a bi-directional Frame Streams writer as a TCP socket client. Introduces new developer API: fstrm_tcp_writer_init, fstrm_tcp_writer_options_init, fstrm_tcp_writer_options_destroy, fstrm_tcp_writer_options_set_socket_address, and fstrm_tcp_writer_options_set_socket_port. - fstrm_capture: new options for reading from TCP socket. - fstrm_capture: add '-c' / '--connections' option to limit the number of concurrent connections it will accept. - fstrm_capture: add '-b / --buffer-size' option to set the read buffer size (effectively the maximum frame size) to a value other than the default 256 KiB. - fstrm_capture: skip oversize messages to fix stalled connections caused by messages larger than the read highwater mark of the input buffer. Discarded messages are logged for the purposes of tuning the input buffer size. - fstrm_capture: complete sending of FINISH frame before closing connection. - Various test additions and improvements. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3196-1 Released: Fri Aug 4 10:02:04 2023 Summary: Recommended update for protobuf-c Type: recommended Severity: moderate References: 1213443 This update for protobuf-c fixes the following issues: - Include executables required to generate Protocol Buffers glue code in the devel subpackage (bsc#1213443) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3217-1 Released: Mon Aug 7 16:51:10 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3270-1 Released: Thu Aug 10 19:34:35 2023 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1211461 This update for vim fixes the following issues: - Calling vim on xterm leads to missing first character of the command prompt (bsc#1211461) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3275-1 Released: Fri Aug 11 10:19:36 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1213472 This update for apparmor fixes the following issues: - Add pam_apparmor README (bsc#1213472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3282-1 Released: Fri Aug 11 10:26:23 2023 Summary: Recommended update for blog Type: recommended Severity: moderate References: This update for blog fixes the following issues: - Fix big endian cast problems to be able to read commands and ansers as well as passphrases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3286-1 Released: Fri Aug 11 10:32:03 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1194900 This update for util-linux fixes the following issues: - Fix blkid for floppy drives (bsc#1194900) - Fix rpmbuild %checks fail when @ in the directory path (bsc#1194038) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3288-1 Released: Fri Aug 11 12:30:14 2023 Summary: Recommended update for python-apipkg Type: recommended Severity: moderate References: 1213582 This update for python-apipkg provides python3-apipkg to SUSE Linux Enterprise Micro 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3301-1 Released: Mon Aug 14 07:24:59 2023 Summary: Security update for libyajl Type: security Severity: moderate References: 1212928,CVE-2023-33460 This update for libyajl fixes the following issues: - CVE-2023-33460: Fixed memory leak which could cause out-of-memory in server (bsc#1212928). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3313-1 Released: Mon Aug 14 17:34:46 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1206418,1207129,1210627,1210780,1211131,1211738,1212502,1212604,1212901,1213167,1213272,1213287,1213304,1213585,1213586,1213588,1213620,1213653,1213713,1213715,1213747,1213756,1213759,1213777,1213810,1213812,1213842,1213856,1213857,1213863,1213867,1213870,1213871,CVE-2022-40982,CVE-2023-0459,CVE-2023-20569,CVE-2023-21400,CVE-2023-2156,CVE-2023-2166,CVE-2023-31083,CVE-2023-3268,CVE-2023-3567,CVE-2023-3609,CVE-2023-3611,CVE-2023-3776,CVE-2023-4004 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418). - CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). - CVE-2023-20569: Fixed side channel attack ???Inception??? or ???RAS Poisoning??? (bsc#1213287). - CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627). - CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). - CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502). - CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). - CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). - CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588). - CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). The following non-security bugs were fixed: - afs: Fix access after dec in put functions (git-fixes). - afs: Fix afs_getattr() to refetch file status if callback break occurred (git-fixes). - afs: Fix dynamic root getattr (git-fixes). - afs: Fix fileserver probe RTT handling (git-fixes). - afs: Fix infinite loop found by xfstest generic/676 (git-fixes). - afs: Fix lost servers_outstanding count (git-fixes). - afs: Fix server->active leak in afs_put_server (git-fixes). - afs: Fix setting of mtime when creating a file/dir/symlink (git-fixes). - afs: Fix updating of i_size with dv jump from server (git-fixes). - afs: Fix vlserver probe RTT handling (git-fixes). - afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (git-fixes). - afs: Use refcount_t rather than atomic_t (git-fixes). - afs: Use the operation issue time instead of the reply time for callbacks (git-fixes). - afs: adjust ack interpretation to try and cope with nat (git-fixes). - alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes). - alsa: hda/realtek: support asus g713pv laptop (git-fixes). - alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes). - alsa: usb-audio: add quirk for microsoft modern wireless headset (bsc#1207129). - alsa: usb-audio: update for native dsd support quirks (git-fixes). - asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes). - asoc: codecs: es8316: fix dmic config (git-fixes). - asoc: da7219: check for failure reading aad irq events (git-fixes). - asoc: da7219: flush pending aad irq when suspending (git-fixes). - asoc: fsl_sai: disable bit clock with transmitter (git-fixes). - asoc: fsl_spdif: silence output on stop (git-fixes). - asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes). - ata: pata_ns87415: mark ns87560_tf_read static (git-fixes). - block, bfq: Fix division by zero error on zero wsum (bsc#1213653). - block: Fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes). - can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED (git-fixes). - ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856). - coda: Avoid partial allocation of sig_inputArgs (git-fixes). - dlm: fix missing lkb refcount handling (git-fixes). - dlm: fix plock invalid read (git-fixes). - documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-fixes). - drm/amd/display: Disable MPC split by default on special asic (git-fixes). - drm/amd/display: Keep PHY active for DP displays on DCN31 (git-fixes). - drm/client: Fix memory leak in drm_client_modeset_probe (git-fixes). - drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes). - drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes). - drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() (git-fixes). - drm/radeon: Fix integer overflow in radeon_cs_parser_init (git-fixes). - file: always lock position for FMODE_ATOMIC_POS (bsc#1213759). - fs: dlm: add midcomms init/start functions (git-fixes). - fs: dlm: do not set stop rx flag after node reset (git-fixes). - fs: dlm: filter user dlm messages for kernel locks (git-fixes). - fs: dlm: fix log of lowcomms vs midcomms (git-fixes). - fs: dlm: fix race between test_bit() and queue_work() (git-fixes). - fs: dlm: fix race in lowcomms (git-fixes). - fs: dlm: handle -EBUSY first in lock arg validation (git-fixes). - fs: dlm: move sending fin message into state change handling (git-fixes). - fs: dlm: retry accept() until -EAGAIN or error returns (git-fixes). - fs: dlm: return positive pid value for F_GETLK (git-fixes). - fs: dlm: start midcomms before scand (git-fixes). - fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (git-fixes). - fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (git-fixes). - fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes). - fs: jfs: fix null-ptr-deref read in txbegin (git-fixes). - gve: Set default duplex configuration to full (git-fixes). - gve: unify driver name usage (git-fixes). - hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature (git-fixes). - hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled (git-fixes). - iavf: Fix out-of-bounds when setting channels on remove (git-fixes). - iavf: Fix use-after-free in free_netdev (git-fixes). - iavf: use internal state to free traffic IRQs (git-fixes). - igc: Check if hardware TX timestamping is enabled earlier (git-fixes). - igc: Enable and fix RX hash usage by netstack (git-fixes). - igc: Fix Kernel Panic during ndo_tx_timeout callback (git-fixes). - igc: Fix inserting of empty frame for launchtime (git-fixes). - igc: Fix launchtime before start of cycle (git-fixes). - igc: Fix race condition in PTP tx code (git-fixes). - igc: Handle PPS start time programming for past time values (git-fixes). - igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes). - igc: Remove delay during TX ring configuration (git-fixes). - igc: Work around HW bug causing missing timestamps (git-fixes). - igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes). - input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes). - input: iqs269a - do not poll during ati (git-fixes). - input: iqs269a - do not poll during suspend or resume (git-fixes). - jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (git-fixes). - jffs2: fix memory leak in jffs2_do_fill_super (git-fixes). - jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes). - jffs2: fix memory leak in jffs2_scan_medium (git-fixes). - jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes). - jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes). - jfs: jfs_dmap: Validate db_l2nbperpage while mounting (git-fixes). - kvm: arm64: do not read a hw interrupt pending state in user context (git-fixes) - kvm: arm64: warn if accessing timer pending state outside of vcpu (bsc#1213620) - kvm: do not null dereference ops->destroy (git-fixes) - kvm: downgrade two bug_ons to warn_on_once (git-fixes) - kvm: initialize debugfs_dentry when a vm is created to avoid null (git-fixes) - kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867). - kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git-fixes). - kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git-fixes). - kvm: vmx: restore vmx_vmexit alignment (git-fixes). - kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes). - libceph: harden msgr2.1 frame segment length checks (bsc#1213857). - media: staging: atomisp: select V4L2_FWNODE (git-fixes). - net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). - net/sched: sch_qfq: reintroduce lmax bound check for MTU (bsc#1213585). - net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes). - net: mana: Batch ringing RX queue doorbell on receiving packets (bsc#1212901). - net: mana: Use the correct WQE count for ringing RQ doorbell (bsc#1212901). - net: phy: marvell10g: fix 88x3310 power up (git-fixes). - nfsd: add encoding of op_recall flag for write delegation (git-fixes). - nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes). - nfsd: fix sparse warning (git-fixes). - nfsd: remove open coding of string copy (git-fixes). - nfsv4.1: always send a reclaim_complete after establishing lease (git-fixes). - nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git-fixes). - nvme-pci: fix DMA direction of unmapping integrity data (git-fixes). - nvme-pci: remove nvme_queue from nvme_iod (git-fixes). - octeontx-af: fix hardware timestamp configuration (git-fixes). - octeontx2-af: Move validation of ptp pointer before its usage (git-fixes). - octeontx2-pf: Add additional check for MCAM rules (git-fixes). - phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() (git-fixes). - pinctrl: amd: Do not show `Invalid config param` errors (git-fixes). - pinctrl: amd: Use amd_pinconf_set() for all config options (git-fixes). - platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 (git-fixes). - rdma/bnxt_re: fix hang during driver unload (git-fixes) - rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes) - rdma/core: update cma destination address on rdma_resolve_addr (git-fixes) - rdma/irdma: add missing read barriers (git-fixes) - rdma/irdma: fix data race on cqp completion stats (git-fixes) - rdma/irdma: fix data race on cqp request done (git-fixes) - rdma/irdma: fix op_type reporting in cqes (git-fixes) - rdma/irdma: report correct wc error (git-fixes) - rdma/mlx4: make check for invalid flags stricter (git-fixes) - rdma/mthca: fix crash when polling cq for shared qps (git-fixes) - regmap: Account for register length in SMBus I/O limits (git-fixes). - regmap: Drop initial version of maximum transfer length fixes (git-fixes). - revert 'debugfs, coccinelle: check for obsolete define_simple_attribute() usage' (git-fixes). - revert 'nfsv4: retry lock on old_stateid during delegation return' (git-fixes). - revert 'usb: dwc3: core: enable autoretry feature in the controller' (git-fixes). - revert 'usb: gadget: tegra-xudc: fix error check in tegra_xudc_powerdomain_init()' (git-fixes). - revert 'usb: xhci: tegra: fix error check' (git-fixes). - revert 'xhci: add quirk for host controllers that do not update endpoint dcs' (git-fixes). - rxrpc, afs: Fix selection of abort codes (git-fixes). - s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870). - s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810). - s390/decompressor: specify __decompress() buf len to avoid overflow (git-fixes bsc#1213863). - s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871). - s390/qeth: Fix vipa deletion (git-fixes bsc#1213713). - s390/vmem: fix empty page tables cleanup under KASAN (git-fixes bsc#1213715). - s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870). - scftorture: Count reschedule IPIs (git-fixes). - scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is detected (bsc#1213756). - scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756). - scsi: lpfc: Clean up SLI-4 sysfs resource reporting (bsc#1213756). - scsi: lpfc: Copyright updates for 14.2.0.14 patches (bsc#1213756). - scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756). - scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path (bsc#1213756). - scsi: lpfc: Fix incorrect big endian type assignments in FDMI and VMID paths (bsc#1213756). - scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756). - scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited LOGO (bsc#1213756). - scsi: lpfc: Pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756). - scsi: lpfc: Qualify ndlp discovery state when processing RSCN (bsc#1213756). - scsi: lpfc: Refactor cpu affinity assignment paths (bsc#1213756). - scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl for loop topology (bsc#1213756). - scsi: lpfc: Replace all non-returning strlcpy() with strscpy() (bsc#1213756). - scsi: lpfc: Replace one-element array with flexible-array member (bsc#1213756). - scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756). - scsi: lpfc: Set Establish Image Pair service parameter only for Target Functions (bsc#1213756). - scsi: lpfc: Simplify fcp_abort transport callback log message (bsc#1213756). - scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756). - scsi: lpfc: Use struct_size() helper (bsc#1213756). - scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747). - scsi: qla2xxx: Array index may go out of bound (bsc#1213747). - scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747). - scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() (bsc#1213747). - scsi: qla2xxx: Correct the index of array (bsc#1213747). - scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747). - scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747). - scsi: qla2xxx: Fix TMF leak through (bsc#1213747). - scsi: qla2xxx: Fix buffer overrun (bsc#1213747). - scsi: qla2xxx: Fix command flush during TMF (bsc#1213747). - scsi: qla2xxx: Fix deletion race condition (bsc#1213747). - scsi: qla2xxx: Fix end of loop test (bsc#1213747). - scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747). - scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1213747). - scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747). - scsi: qla2xxx: Fix session hang in gnl (bsc#1213747). - scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747). - scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747). - scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue (bsc#1213747). - scsi: qla2xxx: Replace one-element array with DECLARE_FLEX_ARRAY() helper (bsc#1213747). - scsi: qla2xxx: Silence a static checker warning (bsc#1213747). - scsi: qla2xxx: Turn off noisy message log (bsc#1213747). - scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747). - scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747). - scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747). - scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747). - serial: qcom-geni: drop bogus runtime pm state update (git-fixes). - serial: sifive: Fix sifive_serial_console_setup() section (git-fixes). - soundwire: qcom: update status correctly with mask (git-fixes). - staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-fixes). - staging: r8712: Fix memory leak in _r8712_init_xmit_priv() (git-fixes). - sunrpc: always free ctxt when freeing deferred request (git-fixes). - sunrpc: double free xprt_ctxt while still in use (git-fixes). - sunrpc: fix trace_svc_register() call site (git-fixes). - sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes). - sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes). - sunrpc: remove the maximum number of retries in call_bind_status (git-fixes). - svcrdma: Prevent page release when nothing was received (git-fixes). - tpm_tis: Explicitly check for error code (git-fixes). - tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes). - ubifs: Add missing iput if do_tmpfile() failed in rename whiteout (git-fixes). - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes). - ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work (git-fixes). - ubifs: Fix AA deadlock when setting xattr for encrypted file (git-fixes). - ubifs: Fix build errors as symbol undefined (git-fixes). - ubifs: Fix deadlock in concurrent rename whiteout and inode writeback (git-fixes). - ubifs: Fix memory leak in alloc_wbufs() (git-fixes). - ubifs: Fix memory leak in do_rename (git-fixes). - ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes). - ubifs: Fix to add refcount once page is set private (git-fixes). - ubifs: Fix wrong dirty space budget for dirty inode (git-fixes). - ubifs: Free memory for tmpfile name (git-fixes). - ubifs: Rectify space amount budget for mkdir/tmpfile operations (git-fixes). - ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes). - ubifs: Rectify space budget for ubifs_xrename() (git-fixes). - ubifs: Rename whiteout atomically (git-fixes). - ubifs: Reserve one leb for each journal head while doing budget (git-fixes). - ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 (git-fixes). - ubifs: rename_whiteout: Fix double free for whiteout_ui->data (git-fixes). - ubifs: rename_whiteout: correct old_dir size computing (git-fixes). - ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes). - ubifs: ubifs_writepage: Mark page dirty after writing inode failed (git-fixes). - usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes). - usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy (git-fixes). - usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). - usb: xhci-mtk: set the dma max_seg_size (git-fixes). - vhost: support PACKED when setting-getting vring_base (git-fixes). - vhost_net: revert upend_idx only on retriable error (git-fixes). - virtio-net: Maintain reverse cleanup order (git-fixes). - virtio_net: Fix error unwinding of XDP initialization (git-fixes). - x86/PVH: obtain VGA console info in Dom0 (git-fixes). - xen/blkfront: Only check REQ_FUA for writes (git-fixes). - xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3330-1 Released: Wed Aug 16 08:59:33 2023 Summary: Recommended update for python-pyasn1 Type: recommended Severity: important References: 1207805 This update for python-pyasn1 fixes the following issues: - To avoid users of this package having to recompile bytecode files, change the mtime of any __init__.py. (bsc#1207805) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3363-1 Released: Fri Aug 18 14:54:16 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3371-1 Released: Tue Aug 22 13:30:18 2023 Summary: Recommended update for liblognorm Type: recommended Severity: moderate References: This update for liblognorm fixes the following issues: - Update to liblognorm v2.0.6 (jsc#PED-4883) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3372-1 Released: Tue Aug 22 13:44:38 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1211757,1213212 This update for rsyslog fixes the following issues: - Fix removal of imfile state files (bsc#1213212) - Fix segfaults in modExit() of imklog.c (bsc#1211757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3395-1 Released: Wed Aug 23 18:09:24 2023 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1213616,1214082,1214083,CVE-2022-40982,CVE-2023-20569,CVE-2023-20593 This update for xen fixes the following issues: - CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434) - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435) - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3397-1 Released: Wed Aug 23 18:35:56 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) - Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3452-1 Released: Mon Aug 28 12:41:11 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1213951 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update from version 1.0.7 to 1.0.8 (bsc#1213951) - Capture CSP billing adapter config and log - Accept upper case Amazon string in DMI table ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3461-1 Released: Mon Aug 28 17:25:09 2023 Summary: Security update for freetype2 Type: security Severity: moderate References: 1210419,CVE-2023-2004 This update for freetype2 fixes the following issues: - CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3468-1 Released: Tue Aug 29 09:22:18 2023 Summary: Recommended update for python3 Type: recommended Severity: low References: This update for python3 fixes the following issue: - Rename sources in preparation of python3.11 (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3470-1 Released: Tue Aug 29 10:49:33 2023 Summary: Recommended update for parted Type: recommended Severity: low References: 1182142,1193412 This update for parted fixes the following issues: - fix null pointer dereference (bsc#1193412) - update mkpart options in manpage (bsc#1182142) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:3484-1 Released: Tue Aug 29 13:49:29 2023 Summary: Feature update for bind Type: feature Severity: moderate References: 1213049 This update for bind fixes the following issues: - Add dnstap support (jsc#PED-4852, jsc#PED-4853) - Log named-checkconf output (bsc#1213049) - Update to release 9.16.43 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3486-1 Released: Tue Aug 29 14:25:23 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3514-1 Released: Fri Sep 1 15:48:52 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) The following package changes have been done: - apparmor-abstractions-3.0.4-150400.5.6.1 updated - apparmor-parser-3.0.4-150400.5.6.1 updated - audit-3.0.6-150400.4.13.1 updated - bind-utils-9.16.43-150400.5.34.1 updated - blog-2.26-150300.4.6.1 updated - ca-certificates-mozilla-2.62-150200.30.1 updated - gawk-4.2.1-150000.3.3.1 updated - hostname-3.16-2.22 added - kernel-default-5.14.21-150400.24.81.1 updated - krb5-1.19.2-150400.3.6.1 updated - libapparmor1-3.0.4-150400.5.6.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libauparse0-3.0.6-150400.4.13.1 updated - libblkid1-2.37.2-150400.8.20.1 updated - libblogger2-2.26-150300.4.6.1 updated - libcryptsetup12-2.4.3-150400.3.3.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.188.1 updated - libfdisk1-2.37.2-150400.8.20.1 updated - libfreetype6-2.10.4-150000.4.15.1 updated - libfstrm0-0.6.1-150300.9.3.1 added - liblognorm5-2.0.6-150000.3.3.1 updated - libmount1-2.37.2-150400.8.20.1 updated - libopenssl1_1-1.1.1l-150400.7.53.1 updated - libparted0-3.2-150300.21.3.1 updated - libpcre2-8-0-10.39-150400.4.9.1 updated - libprocps7-3.3.15-150000.7.34.1 updated - libprotobuf-c1-1.3.2-150200.3.6.1 added - libsmartcols1-2.37.2-150400.8.20.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libudev1-249.16-150400.8.33.1 updated - libuuid1-2.37.2-150400.8.20.1 updated - libxslt1-1.1.34-150400.3.3.1 added - libyajl2-2.1.0-150000.4.6.1 updated - libzypp-17.31.20-150400.3.40.1 updated - login_defs-4.8.1-150400.10.9.1 updated - openssl-1_1-1.1.1l-150400.7.53.1 updated - parted-3.2-150300.21.3.1 updated - procps-3.3.15-150000.7.34.1 updated - python-instance-billing-flavor-check-0.0.2-150000.1.3.1 added - python3-apipkg-1.4-150000.3.6.1 added - python3-asn1crypto-0.24.0-3.2.1 added - python3-bind-9.16.43-150400.5.34.1 updated - python3-certifi-2018.1.18-150000.3.3.1 added - python3-cffi-1.13.2-3.2.5 added - python3-chardet-3.0.4-3.23 added - python3-cryptography-3.3.2-150400.16.6.1 added - python3-cssselect-1.0.3-150000.3.3.1 added - python3-idna-2.6-1.20 added - python3-iniconfig-1.1.1-150000.1.9.1 added - python3-lxml-4.7.1-150200.3.10.1 added - python3-ordered-set-4.0.2-150400.8.34 updated - python3-pyOpenSSL-21.0.0-150400.7.62 added - python3-pyasn1-0.4.2-150000.3.5.1 added - python3-pycparser-2.17-3.2.1 added - python3-py-1.10.0-150100.5.12.1 added - python3-requests-2.24.0-150300.3.3.1 added - python3-urllib3-1.25.10-4.3.1 added - rsyslog-module-relp-8.2306.0-150400.5.18.1 updated - rsyslog-8.2306.0-150400.5.18.1 updated - shadow-4.8.1-150400.10.9.1 updated - supportutils-plugin-suse-public-cloud-1.0.8-150000.3.17.1 updated - system-group-audit-3.0.6-150400.4.13.1 updated - systemd-sysvinit-249.16-150400.8.33.1 updated - systemd-249.16-150400.8.33.1 updated - udev-249.16-150400.8.33.1 updated - util-linux-systemd-2.37.2-150400.8.20.1 updated - util-linux-2.37.2-150400.8.20.1 updated - vim-data-common-9.0.1572-150000.5.49.1 updated - vim-9.0.1572-150000.5.49.1 updated - xen-libs-4.16.5_02-150400.4.31.1 updated - zypper-1.14.63-150400.3.29.1 updated From sle-updates at lists.suse.com Tue Sep 5 07:06:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Sep 2023 09:06:35 +0200 (CEST) Subject: SUSE-CU-2023:2854-1: Security update of suse/sle15 Message-ID: <20230905070635.867CBFCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2854-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.811 Container Release : 6.2.811 Severity : important Type : security References : 1099269 1133277 1144068 1158763 1162343 1177127 1178168 1182066 1184753 1194530 1197726 1198331 1199282 1203681 1204256 1210740 1213231 1213557 1213673 CVE-2018-1000518 CVE-2020-25659 CVE-2020-36242 CVE-2021-22569 CVE-2021-22570 CVE-2022-1941 CVE-2022-3171 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2783-1 Released: Tue Jul 4 21:54:25 2023 Summary: Security update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets Type: security Severity: important References: 1099269,1133277,1144068,1162343,1177127,1178168,1182066,1184753,1194530,1197726,1198331,1199282,1203681,1204256,CVE-2018-1000518,CVE-2020-25659,CVE-2020-36242,CVE-2021-22569,CVE-2021-22570,CVE-2022-1941,CVE-2022-3171 This update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets fixes the following issues: grpc: - Update in SLE-15 (bsc#1197726, bsc#1144068) protobuf: - Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941, bsc#1203681 - Fix a potential DoS issue when parsing with binary data in protobuf-java, CVE-2022-3171, bsc#1204256 - Fix potential Denial of Service in protobuf-java in the parsing procedure for binary data, CVE-2021-22569, bsc#1194530 - Add missing dependency of python subpackages on python-six (bsc#1177127) - Updated to version 3.9.2 (bsc#1162343) * Remove OSReadLittle* due to alignment requirements. * Don't use unions and instead use memcpy for the type swaps. - Disable LTO (bsc#1133277) python-aiocontextvars: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-avro: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-cryptography: - update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331) * SECURITY ISSUE: Fixed a bug where certain sequences of update() calls when symmetrically encrypting very large payloads (>2GB) could result in an integer overflow, leading to buffer overflows. CVE-2020-36242 python-cryptography-vectors: - update to 3.2 (bsc#1178168, CVE-2020-25659): * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability. * Support for OpenSSL 1.0.2 has been removed. * Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder. - update to 3.3.2 (bsc#1198331) python-Deprecated: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - update to 1.2.13: python-google-api-core: - Update to 1.14.2 python-googleapis-common-protos: - Update to 1.6.0 python-grpcio-gcp: - Initial spec for v0.2.2 python-humanfriendly: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to 10.0 python-jsondiff: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to version 1.3.0 python-knack: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to version 0.9.0 python-opencensus: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Disable Python2 build - Update to 0.8.0 python-opencensus-context: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-opencensus-ext-threading: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Initial build version 0.1.2 python-opentelemetry-api: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Version update to 1.5.0 python-psutil: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - update to 5.9.1 - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS. (bsc#1184753) - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-PyGithub: - Update to 1.43.5: python-pytest-asyncio: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Initial release of python-pytest-asyncio 0.8.0 python-requests: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-websocket-client: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to version 1.3.2 python-websockets: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - update to 9.1: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3513-1 Released: Fri Sep 1 15:47:41 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) The following package changes have been done: - libprotobuf-lite20-3.9.2-150100.8.3.3 added - libzypp-17.31.20-150100.3.117.1 updated - zypper-1.14.63-150100.3.84.1 updated - libprotobuf-lite15-3.5.0-5.5.1 removed From sle-updates at lists.suse.com Tue Sep 5 12:41:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 05 Sep 2023 12:41:35 -0000 Subject: SUSE-SU-2023:3532-1: important: Security update for kubernetes1.18 Message-ID: <169391769519.22711.14335347116946940025@smelt2.suse.de> # Security update for kubernetes1.18 Announcement ID: SUSE-SU-2023:3532-1 Rating: important References: * #1212475 Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one security fix can now be installed. ## Description: This update of kubernetes1.18 fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3532=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3532=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-3532=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3532=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3532=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3532=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3532=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3532=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3532=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3532=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3532=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3532=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.17.1 * kubernetes1.18-client-1.18.10-150200.5.17.1 * openSUSE Leap 15.4 (ppc64le) * kubernetes1.18-client-debuginfo-1.18.10-150200.5.17.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.17.1 * kubernetes1.18-client-1.18.10-150200.5.17.1 * openSUSE Leap 15.5 (ppc64le) * kubernetes1.18-client-debuginfo-1.18.10-150200.5.17.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x) * kubernetes1.18-client-common-1.18.10-150200.5.17.1 * kubernetes1.18-client-1.18.10-150200.5.17.1 * Containers Module 15-SP4 (ppc64le) * kubernetes1.18-client-debuginfo-1.18.10-150200.5.17.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64) * kubernetes1.18-client-common-1.18.10-150200.5.17.1 * kubernetes1.18-client-1.18.10-150200.5.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64) * kubernetes1.18-client-common-1.18.10-150200.5.17.1 * kubernetes1.18-client-1.18.10-150200.5.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * kubernetes1.18-client-common-1.18.10-150200.5.17.1 * kubernetes1.18-client-1.18.10-150200.5.17.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x) * kubernetes1.18-client-common-1.18.10-150200.5.17.1 * kubernetes1.18-client-1.18.10-150200.5.17.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x) * kubernetes1.18-client-common-1.18.10-150200.5.17.1 * kubernetes1.18-client-1.18.10-150200.5.17.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le) * kubernetes1.18-client-debuginfo-1.18.10-150200.5.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le) * kubernetes1.18-client-common-1.18.10-150200.5.17.1 * kubernetes1.18-client-1.18.10-150200.5.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le) * kubernetes1.18-client-debuginfo-1.18.10-150200.5.17.1 * kubernetes1.18-client-common-1.18.10-150200.5.17.1 * kubernetes1.18-client-1.18.10-150200.5.17.1 * SUSE Enterprise Storage 7.1 (aarch64) * kubernetes1.18-client-common-1.18.10-150200.5.17.1 * kubernetes1.18-client-1.18.10-150200.5.17.1 * SUSE Enterprise Storage 7 (aarch64) * kubernetes1.18-client-common-1.18.10-150200.5.17.1 * kubernetes1.18-client-1.18.10-150200.5.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 5 12:41:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 05 Sep 2023 12:41:38 -0000 Subject: SUSE-SU-2023:3531-1: important: Security update for buildah Message-ID: <169391769826.22711.11814240691212526682@smelt2.suse.de> # Security update for buildah Announcement ID: SUSE-SU-2023:3531-1 Rating: important References: * #1212475 Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one security fix can now be installed. ## Description: This update of buildah fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3531=1 SUSE-2023-3531=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-3531=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * buildah-1.29.1-150400.3.20.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x) * buildah-1.29.1-150400.3.20.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 5 12:41:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 05 Sep 2023 12:41:41 -0000 Subject: SUSE-RU-2023:3530-1: critical: Recommended update for SAPHanaSR-ScaleOut Message-ID: <169391770163.22711.6946969953245488223@smelt2.suse.de> # Recommended update for SAPHanaSR-ScaleOut Announcement ID: SUSE-RU-2023:3530-1 Rating: critical References: * #1210728 * #1214613 * PED-1739 * PED-2608 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SAP Applications Module 15-SP2 * SAP Applications Module 15-SP1 * SAP Applications Module 15-SP3 * SAP Applications Module 15-SP4 * SAP Applications Module 15-SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains two features and has two fixes can now be installed. ## Description: This update for SAPHanaSR-ScaleOut fixes the following issues: * Version bump to 0.185.1 * Improve supportability by providing the current process ID of the RA, which is logged in the RA outputs, to HANA tracefiles too. This allows a mapping of the SAP related command invocations from the RA and the HANA executions which might have a delay in between. (bsc#1214613) * Fixed an issue when stopping SAPHanaController retuns exit code 0 but it is failing due to /tmp is full. (bsc#1210728) * Add improvements from SAP to the RA scripts. (jsc#PED-1739, jsc#PED-2608) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3530=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3530=1 * SAP Applications Module 15-SP1 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2023-3530=1 * SAP Applications Module 15-SP2 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2023-3530=1 * SAP Applications Module 15-SP3 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2023-3530=1 * SAP Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-3530=1 * SAP Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP5-2023-3530=1 ## Package List: * openSUSE Leap 15.4 (noarch) * SAPHanaSR-ScaleOut-doc-0.185.1-150000.39.1 * SAPHanaSR-ScaleOut-0.185.1-150000.39.1 * openSUSE Leap 15.5 (noarch) * SAPHanaSR-ScaleOut-doc-0.185.1-150000.39.1 * SAPHanaSR-ScaleOut-0.185.1-150000.39.1 * SAP Applications Module 15-SP1 (noarch) * SAPHanaSR-ScaleOut-doc-0.185.1-150000.39.1 * SAPHanaSR-ScaleOut-0.185.1-150000.39.1 * SAP Applications Module 15-SP2 (noarch) * SAPHanaSR-ScaleOut-doc-0.185.1-150000.39.1 * SAPHanaSR-ScaleOut-0.185.1-150000.39.1 * SAP Applications Module 15-SP3 (noarch) * SAPHanaSR-ScaleOut-doc-0.185.1-150000.39.1 * SAPHanaSR-ScaleOut-0.185.1-150000.39.1 * SAP Applications Module 15-SP4 (noarch) * SAPHanaSR-ScaleOut-doc-0.185.1-150000.39.1 * SAPHanaSR-ScaleOut-0.185.1-150000.39.1 * SAP Applications Module 15-SP5 (noarch) * SAPHanaSR-ScaleOut-doc-0.185.1-150000.39.1 * SAPHanaSR-ScaleOut-0.185.1-150000.39.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210728 * https://bugzilla.suse.com/show_bug.cgi?id=1214613 * https://jira.suse.com/browse/PED-1739 * https://jira.suse.com/browse/PED-2608 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 5 12:41:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 05 Sep 2023 12:41:43 -0000 Subject: SUSE-SU-2023:3529-1: important: Security update for busybox Message-ID: <169391770356.22711.1602700144353874513@smelt2.suse.de> # Security update for busybox Announcement ID: SUSE-SU-2023:3529-1 Rating: important References: * #1214538 Cross-References: * CVE-2022-48174 CVSS scores: * CVE-2022-48174 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-48174 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for busybox fixes the following issues: * CVE-2022-48174: Fixed stack overflow vulnerability. (bsc#1214538) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3529=1 openSUSE-SLE-15.4-2023-3529=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3529=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3529=1 ## Package List: * openSUSE Leap 15.4 (noarch) * busybox-adduser-1.35.0-150400.4.5.1 * busybox-xz-1.35.0-150400.4.5.1 * busybox-vi-1.35.0-150400.4.5.1 * busybox-less-1.35.0-150400.4.5.1 * busybox-misc-1.35.0-150400.4.5.1 * busybox-whois-1.35.0-150400.4.5.1 * busybox-net-tools-1.35.0-150400.4.5.1 * busybox-which-1.35.0-150400.4.5.1 * busybox-sed-1.35.0-150400.4.5.1 * busybox-bzip2-1.35.0-150400.4.5.1 * busybox-tar-1.35.0-150400.4.5.1 * busybox-cpio-1.35.0-150400.4.5.1 * busybox-telnet-1.35.0-150400.4.5.1 * busybox-syslogd-1.35.0-150400.4.5.1 * busybox-unzip-1.35.0-150400.4.5.1 * busybox-psmisc-1.35.0-150400.4.5.1 * busybox-procps-1.35.0-150400.4.5.1 * busybox-ed-1.35.0-150400.4.5.1 * busybox-traceroute-1.35.0-150400.4.5.1 * busybox-dos2unix-1.35.0-150400.4.5.1 * busybox-hostname-1.35.0-150400.4.5.1 * busybox-sendmail-1.35.0-150400.4.5.1 * busybox-sysvinit-tools-1.35.0-150400.4.5.1 * busybox-man-1.35.0-150400.4.5.1 * busybox-findutils-1.35.0-150400.4.5.1 * busybox-bind-utils-1.35.0-150400.4.5.1 * busybox-netcat-1.35.0-150400.4.5.1 * busybox-tunctl-1.35.0-150400.4.5.1 * busybox-patch-1.35.0-150400.4.5.1 * busybox-sh-1.35.0-150400.4.5.1 * busybox-links-1.35.0-150400.4.5.1 * busybox-coreutils-1.35.0-150400.4.5.1 * busybox-bc-1.35.0-150400.4.5.1 * busybox-grep-1.35.0-150400.4.5.1 * busybox-gzip-1.35.0-150400.4.5.1 * busybox-sharutils-1.35.0-150400.4.5.1 * busybox-util-linux-1.35.0-150400.4.5.1 * busybox-iproute2-1.35.0-150400.4.5.1 * busybox-attr-1.35.0-150400.4.5.1 * busybox-wget-1.35.0-150400.4.5.1 * busybox-policycoreutils-1.35.0-150400.4.5.1 * busybox-selinux-tools-1.35.0-150400.4.5.1 * busybox-time-1.35.0-150400.4.5.1 * busybox-vlan-1.35.0-150400.4.5.1 * busybox-tftp-1.35.0-150400.4.5.1 * busybox-kmod-1.35.0-150400.4.5.1 * busybox-diffutils-1.35.0-150400.4.5.1 * busybox-gawk-1.35.0-150400.4.5.1 * busybox-kbd-1.35.0-150400.4.5.1 * busybox-iputils-1.35.0-150400.4.5.1 * busybox-ncurses-utils-1.35.0-150400.4.5.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * busybox-static-1.35.0-150400.3.11.1 * busybox-testsuite-1.35.0-150400.3.11.1 * busybox-1.35.0-150400.3.11.1 * openSUSE Leap 15.4 (aarch64 x86_64 i586) * busybox-warewulf3-1.35.0-150400.3.11.1 * openSUSE Leap 15.5 (noarch) * busybox-adduser-1.35.0-150400.4.5.1 * busybox-xz-1.35.0-150400.4.5.1 * busybox-vi-1.35.0-150400.4.5.1 * busybox-less-1.35.0-150400.4.5.1 * busybox-misc-1.35.0-150400.4.5.1 * busybox-whois-1.35.0-150400.4.5.1 * busybox-net-tools-1.35.0-150400.4.5.1 * busybox-which-1.35.0-150400.4.5.1 * busybox-sed-1.35.0-150400.4.5.1 * busybox-bzip2-1.35.0-150400.4.5.1 * busybox-tar-1.35.0-150400.4.5.1 * busybox-cpio-1.35.0-150400.4.5.1 * busybox-telnet-1.35.0-150400.4.5.1 * busybox-syslogd-1.35.0-150400.4.5.1 * busybox-unzip-1.35.0-150400.4.5.1 * busybox-psmisc-1.35.0-150400.4.5.1 * busybox-procps-1.35.0-150400.4.5.1 * busybox-ed-1.35.0-150400.4.5.1 * busybox-traceroute-1.35.0-150400.4.5.1 * busybox-dos2unix-1.35.0-150400.4.5.1 * busybox-hostname-1.35.0-150400.4.5.1 * busybox-sendmail-1.35.0-150400.4.5.1 * busybox-sysvinit-tools-1.35.0-150400.4.5.1 * busybox-man-1.35.0-150400.4.5.1 * busybox-findutils-1.35.0-150400.4.5.1 * busybox-bind-utils-1.35.0-150400.4.5.1 * busybox-netcat-1.35.0-150400.4.5.1 * busybox-tunctl-1.35.0-150400.4.5.1 * busybox-patch-1.35.0-150400.4.5.1 * busybox-sh-1.35.0-150400.4.5.1 * busybox-links-1.35.0-150400.4.5.1 * busybox-coreutils-1.35.0-150400.4.5.1 * busybox-bc-1.35.0-150400.4.5.1 * busybox-grep-1.35.0-150400.4.5.1 * busybox-gzip-1.35.0-150400.4.5.1 * busybox-sharutils-1.35.0-150400.4.5.1 * busybox-util-linux-1.35.0-150400.4.5.1 * busybox-iproute2-1.35.0-150400.4.5.1 * busybox-attr-1.35.0-150400.4.5.1 * busybox-wget-1.35.0-150400.4.5.1 * busybox-policycoreutils-1.35.0-150400.4.5.1 * busybox-selinux-tools-1.35.0-150400.4.5.1 * busybox-time-1.35.0-150400.4.5.1 * busybox-vlan-1.35.0-150400.4.5.1 * busybox-tftp-1.35.0-150400.4.5.1 * busybox-kmod-1.35.0-150400.4.5.1 * busybox-diffutils-1.35.0-150400.4.5.1 * busybox-gawk-1.35.0-150400.4.5.1 * busybox-kbd-1.35.0-150400.4.5.1 * busybox-iputils-1.35.0-150400.4.5.1 * busybox-ncurses-utils-1.35.0-150400.4.5.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x) * busybox-static-1.35.0-150400.3.11.1 * busybox-1.35.0-150400.3.11.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48174.html * https://bugzilla.suse.com/show_bug.cgi?id=1214538 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 5 12:41:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 05 Sep 2023 12:41:47 -0000 Subject: SUSE-SU-2023:3528-1: important: Security update for php7 Message-ID: <169391770795.22711.6300455914087879181@smelt2.suse.de> # Security update for php7 Announcement ID: SUSE-SU-2023:3528-1 Rating: important References: * #1214103 * #1214106 Cross-References: * CVE-2023-3823 * CVE-2023-3824 CVSS scores: * CVE-2023-3823 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3823 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L * CVE-2023-3824 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-3824 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP4 * Web and Scripting Module 15-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for php7 fixes the following issues: * CVE-2023-3823: Fixed an issue with external entity loading in XML without enabling it. (bsc#1214106) * CVE-2023-3824: Fixed a buffer overflow in phar_dir_read(). (bsc#1214103) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3528=1 openSUSE-SLE-15.4-2023-3528=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3528=1 * Web and Scripting Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-3528=1 * Web and Scripting Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2023-3528=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * php8-xsl-8.0.30-150400.4.37.1 * php8-ftp-debuginfo-8.0.30-150400.4.37.1 * php8-ldap-debuginfo-8.0.30-150400.4.37.1 * php8-bcmath-debuginfo-8.0.30-150400.4.37.1 * php8-iconv-8.0.30-150400.4.37.1 * php8-gmp-debuginfo-8.0.30-150400.4.37.1 * php8-8.0.30-150400.4.37.1 * php8-xmlreader-8.0.30-150400.4.37.1 * php8-sockets-8.0.30-150400.4.37.1 * php8-iconv-debuginfo-8.0.30-150400.4.37.1 * php8-bcmath-8.0.30-150400.4.37.1 * php8-calendar-8.0.30-150400.4.37.1 * php8-shmop-debuginfo-8.0.30-150400.4.37.1 * php8-tokenizer-8.0.30-150400.4.37.1 * php8-bz2-8.0.30-150400.4.37.1 * php8-gmp-8.0.30-150400.4.37.1 * php8-tokenizer-debuginfo-8.0.30-150400.4.37.1 * php8-debuginfo-8.0.30-150400.4.37.1 * php8-gd-8.0.30-150400.4.37.1 * php8-intl-8.0.30-150400.4.37.1 * php8-dom-8.0.30-150400.4.37.1 * php8-gd-debuginfo-8.0.30-150400.4.37.1 * php8-zip-8.0.30-150400.4.37.1 * php8-sysvsem-8.0.30-150400.4.37.1 * php8-exif-8.0.30-150400.4.37.1 * php8-openssl-debuginfo-8.0.30-150400.4.37.1 * php8-exif-debuginfo-8.0.30-150400.4.37.1 * php8-tidy-debuginfo-8.0.30-150400.4.37.1 * php8-sysvsem-debuginfo-8.0.30-150400.4.37.1 * php8-xmlwriter-debuginfo-8.0.30-150400.4.37.1 * php8-curl-debuginfo-8.0.30-150400.4.37.1 * php8-dom-debuginfo-8.0.30-150400.4.37.1 * php8-snmp-debuginfo-8.0.30-150400.4.37.1 * php8-sodium-8.0.30-150400.4.37.1 * php8-pdo-8.0.30-150400.4.37.1 * php8-embed-8.0.30-150400.4.37.1 * php8-fpm-debugsource-8.0.30-150400.4.37.1 * php8-zip-debuginfo-8.0.30-150400.4.37.1 * php8-intl-debuginfo-8.0.30-150400.4.37.1 * php8-debugsource-8.0.30-150400.4.37.1 * php8-gettext-debuginfo-8.0.30-150400.4.37.1 * php8-pcntl-8.0.30-150400.4.37.1 * php8-odbc-8.0.30-150400.4.37.1 * php8-xsl-debuginfo-8.0.30-150400.4.37.1 * php8-odbc-debuginfo-8.0.30-150400.4.37.1 * php8-dba-8.0.30-150400.4.37.1 * php8-curl-8.0.30-150400.4.37.1 * php8-zlib-8.0.30-150400.4.37.1 * php8-soap-8.0.30-150400.4.37.1 * php8-mbstring-debuginfo-8.0.30-150400.4.37.1 * php8-pcntl-debuginfo-8.0.30-150400.4.37.1 * php8-cli-8.0.30-150400.4.37.1 * php8-fastcgi-debugsource-8.0.30-150400.4.37.1 * php8-devel-8.0.30-150400.4.37.1 * php8-phar-debuginfo-8.0.30-150400.4.37.1 * php8-sysvshm-debuginfo-8.0.30-150400.4.37.1 * php8-opcache-8.0.30-150400.4.37.1 * php8-sqlite-debuginfo-8.0.30-150400.4.37.1 * php8-ftp-8.0.30-150400.4.37.1 * php8-fileinfo-debuginfo-8.0.30-150400.4.37.1 * php8-ctype-debuginfo-8.0.30-150400.4.37.1 * php8-sysvmsg-8.0.30-150400.4.37.1 * php8-openssl-8.0.30-150400.4.37.1 * php8-fpm-8.0.30-150400.4.37.1 * php8-mbstring-8.0.30-150400.4.37.1 * php8-readline-debuginfo-8.0.30-150400.4.37.1 * php8-xmlreader-debuginfo-8.0.30-150400.4.37.1 * php8-readline-8.0.30-150400.4.37.1 * php8-sodium-debuginfo-8.0.30-150400.4.37.1 * php8-tidy-8.0.30-150400.4.37.1 * apache2-mod_php8-debugsource-8.0.30-150400.4.37.1 * php8-cli-debuginfo-8.0.30-150400.4.37.1 * php8-sysvmsg-debuginfo-8.0.30-150400.4.37.1 * php8-test-8.0.30-150400.4.37.1 * php8-fpm-debuginfo-8.0.30-150400.4.37.1 * php8-xmlwriter-8.0.30-150400.4.37.1 * php8-sysvshm-8.0.30-150400.4.37.1 * php8-fileinfo-8.0.30-150400.4.37.1 * php8-bz2-debuginfo-8.0.30-150400.4.37.1 * php8-embed-debugsource-8.0.30-150400.4.37.1 * php8-fastcgi-debuginfo-8.0.30-150400.4.37.1 * php8-sockets-debuginfo-8.0.30-150400.4.37.1 * apache2-mod_php8-8.0.30-150400.4.37.1 * php8-fastcgi-8.0.30-150400.4.37.1 * php8-ldap-8.0.30-150400.4.37.1 * php8-zlib-debuginfo-8.0.30-150400.4.37.1 * php8-opcache-debuginfo-8.0.30-150400.4.37.1 * php8-gettext-8.0.30-150400.4.37.1 * apache2-mod_php8-debuginfo-8.0.30-150400.4.37.1 * php8-mysql-8.0.30-150400.4.37.1 * php8-posix-debuginfo-8.0.30-150400.4.37.1 * php8-mysql-debuginfo-8.0.30-150400.4.37.1 * php8-enchant-debuginfo-8.0.30-150400.4.37.1 * php8-enchant-8.0.30-150400.4.37.1 * php8-calendar-debuginfo-8.0.30-150400.4.37.1 * php8-soap-debuginfo-8.0.30-150400.4.37.1 * php8-snmp-8.0.30-150400.4.37.1 * php8-sqlite-8.0.30-150400.4.37.1 * php8-dba-debuginfo-8.0.30-150400.4.37.1 * php8-posix-8.0.30-150400.4.37.1 * php8-pgsql-8.0.30-150400.4.37.1 * php8-phar-8.0.30-150400.4.37.1 * php8-shmop-8.0.30-150400.4.37.1 * php8-pgsql-debuginfo-8.0.30-150400.4.37.1 * php8-ctype-8.0.30-150400.4.37.1 * php8-pdo-debuginfo-8.0.30-150400.4.37.1 * php8-embed-debuginfo-8.0.30-150400.4.37.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * php8-xsl-8.0.30-150400.4.37.1 * php8-ftp-debuginfo-8.0.30-150400.4.37.1 * php8-ldap-debuginfo-8.0.30-150400.4.37.1 * php8-bcmath-debuginfo-8.0.30-150400.4.37.1 * php8-iconv-8.0.30-150400.4.37.1 * php8-gmp-debuginfo-8.0.30-150400.4.37.1 * php8-8.0.30-150400.4.37.1 * php8-xmlreader-8.0.30-150400.4.37.1 * php8-sockets-8.0.30-150400.4.37.1 * php8-iconv-debuginfo-8.0.30-150400.4.37.1 * php8-bcmath-8.0.30-150400.4.37.1 * php8-calendar-8.0.30-150400.4.37.1 * php8-shmop-debuginfo-8.0.30-150400.4.37.1 * php8-tokenizer-8.0.30-150400.4.37.1 * php8-bz2-8.0.30-150400.4.37.1 * php8-gmp-8.0.30-150400.4.37.1 * php8-tokenizer-debuginfo-8.0.30-150400.4.37.1 * php8-debuginfo-8.0.30-150400.4.37.1 * php8-gd-8.0.30-150400.4.37.1 * php8-intl-8.0.30-150400.4.37.1 * php8-dom-8.0.30-150400.4.37.1 * php8-gd-debuginfo-8.0.30-150400.4.37.1 * php8-zip-8.0.30-150400.4.37.1 * php8-sysvsem-8.0.30-150400.4.37.1 * php8-exif-8.0.30-150400.4.37.1 * php8-openssl-debuginfo-8.0.30-150400.4.37.1 * php8-exif-debuginfo-8.0.30-150400.4.37.1 * php8-tidy-debuginfo-8.0.30-150400.4.37.1 * php8-sysvsem-debuginfo-8.0.30-150400.4.37.1 * php8-xmlwriter-debuginfo-8.0.30-150400.4.37.1 * php8-curl-debuginfo-8.0.30-150400.4.37.1 * php8-dom-debuginfo-8.0.30-150400.4.37.1 * php8-snmp-debuginfo-8.0.30-150400.4.37.1 * php8-sodium-8.0.30-150400.4.37.1 * php8-pdo-8.0.30-150400.4.37.1 * php8-embed-8.0.30-150400.4.37.1 * php8-fpm-debugsource-8.0.30-150400.4.37.1 * php8-zip-debuginfo-8.0.30-150400.4.37.1 * php8-intl-debuginfo-8.0.30-150400.4.37.1 * php8-debugsource-8.0.30-150400.4.37.1 * php8-gettext-debuginfo-8.0.30-150400.4.37.1 * php8-pcntl-8.0.30-150400.4.37.1 * php8-odbc-8.0.30-150400.4.37.1 * php8-xsl-debuginfo-8.0.30-150400.4.37.1 * php8-odbc-debuginfo-8.0.30-150400.4.37.1 * php8-dba-8.0.30-150400.4.37.1 * php8-curl-8.0.30-150400.4.37.1 * php8-zlib-8.0.30-150400.4.37.1 * php8-soap-8.0.30-150400.4.37.1 * php8-mbstring-debuginfo-8.0.30-150400.4.37.1 * php8-pcntl-debuginfo-8.0.30-150400.4.37.1 * php8-cli-8.0.30-150400.4.37.1 * php8-fastcgi-debugsource-8.0.30-150400.4.37.1 * php8-devel-8.0.30-150400.4.37.1 * php8-phar-debuginfo-8.0.30-150400.4.37.1 * php8-sysvshm-debuginfo-8.0.30-150400.4.37.1 * php8-ftp-8.0.30-150400.4.37.1 * php8-opcache-8.0.30-150400.4.37.1 * php8-sqlite-debuginfo-8.0.30-150400.4.37.1 * php8-fileinfo-debuginfo-8.0.30-150400.4.37.1 * php8-ctype-debuginfo-8.0.30-150400.4.37.1 * php8-sysvmsg-8.0.30-150400.4.37.1 * php8-openssl-8.0.30-150400.4.37.1 * php8-fpm-8.0.30-150400.4.37.1 * php8-mbstring-8.0.30-150400.4.37.1 * php8-readline-debuginfo-8.0.30-150400.4.37.1 * php8-xmlreader-debuginfo-8.0.30-150400.4.37.1 * php8-readline-8.0.30-150400.4.37.1 * php8-sodium-debuginfo-8.0.30-150400.4.37.1 * php8-tidy-8.0.30-150400.4.37.1 * apache2-mod_php8-debugsource-8.0.30-150400.4.37.1 * php8-cli-debuginfo-8.0.30-150400.4.37.1 * php8-sysvmsg-debuginfo-8.0.30-150400.4.37.1 * php8-test-8.0.30-150400.4.37.1 * php8-fpm-debuginfo-8.0.30-150400.4.37.1 * php8-xmlwriter-8.0.30-150400.4.37.1 * php8-sysvshm-8.0.30-150400.4.37.1 * php8-fileinfo-8.0.30-150400.4.37.1 * php8-bz2-debuginfo-8.0.30-150400.4.37.1 * php8-embed-debugsource-8.0.30-150400.4.37.1 * php8-fastcgi-debuginfo-8.0.30-150400.4.37.1 * php8-sockets-debuginfo-8.0.30-150400.4.37.1 * apache2-mod_php8-8.0.30-150400.4.37.1 * php8-fastcgi-8.0.30-150400.4.37.1 * php8-ldap-8.0.30-150400.4.37.1 * php8-zlib-debuginfo-8.0.30-150400.4.37.1 * apache2-mod_php8-debuginfo-8.0.30-150400.4.37.1 * php8-gettext-8.0.30-150400.4.37.1 * php8-opcache-debuginfo-8.0.30-150400.4.37.1 * php8-mysql-8.0.30-150400.4.37.1 * php8-posix-debuginfo-8.0.30-150400.4.37.1 * php8-mysql-debuginfo-8.0.30-150400.4.37.1 * php8-enchant-debuginfo-8.0.30-150400.4.37.1 * php8-enchant-8.0.30-150400.4.37.1 * php8-calendar-debuginfo-8.0.30-150400.4.37.1 * php8-soap-debuginfo-8.0.30-150400.4.37.1 * php8-snmp-8.0.30-150400.4.37.1 * php8-sqlite-8.0.30-150400.4.37.1 * php8-dba-debuginfo-8.0.30-150400.4.37.1 * php8-posix-8.0.30-150400.4.37.1 * php8-pgsql-8.0.30-150400.4.37.1 * php8-phar-8.0.30-150400.4.37.1 * php8-shmop-8.0.30-150400.4.37.1 * php8-pgsql-debuginfo-8.0.30-150400.4.37.1 * php8-ctype-8.0.30-150400.4.37.1 * php8-pdo-debuginfo-8.0.30-150400.4.37.1 * php8-embed-debuginfo-8.0.30-150400.4.37.1 * Web and Scripting Module 15-SP4 (aarch64 ppc64le s390x x86_64) * php8-xsl-8.0.30-150400.4.37.1 * php8-ftp-debuginfo-8.0.30-150400.4.37.1 * php8-ldap-debuginfo-8.0.30-150400.4.37.1 * php8-bcmath-debuginfo-8.0.30-150400.4.37.1 * php8-iconv-8.0.30-150400.4.37.1 * php8-gmp-debuginfo-8.0.30-150400.4.37.1 * php8-8.0.30-150400.4.37.1 * php8-xmlreader-8.0.30-150400.4.37.1 * php8-sockets-8.0.30-150400.4.37.1 * php8-iconv-debuginfo-8.0.30-150400.4.37.1 * php8-bcmath-8.0.30-150400.4.37.1 * php8-calendar-8.0.30-150400.4.37.1 * php8-shmop-debuginfo-8.0.30-150400.4.37.1 * php8-tokenizer-8.0.30-150400.4.37.1 * php8-bz2-8.0.30-150400.4.37.1 * php8-gmp-8.0.30-150400.4.37.1 * php8-tokenizer-debuginfo-8.0.30-150400.4.37.1 * php8-debuginfo-8.0.30-150400.4.37.1 * php8-gd-8.0.30-150400.4.37.1 * php8-intl-8.0.30-150400.4.37.1 * php8-dom-8.0.30-150400.4.37.1 * php8-gd-debuginfo-8.0.30-150400.4.37.1 * php8-zip-8.0.30-150400.4.37.1 * php8-sysvsem-8.0.30-150400.4.37.1 * php8-exif-8.0.30-150400.4.37.1 * php8-openssl-debuginfo-8.0.30-150400.4.37.1 * php8-exif-debuginfo-8.0.30-150400.4.37.1 * php8-tidy-debuginfo-8.0.30-150400.4.37.1 * php8-sysvsem-debuginfo-8.0.30-150400.4.37.1 * php8-xmlwriter-debuginfo-8.0.30-150400.4.37.1 * php8-curl-debuginfo-8.0.30-150400.4.37.1 * php8-dom-debuginfo-8.0.30-150400.4.37.1 * php8-snmp-debuginfo-8.0.30-150400.4.37.1 * php8-sodium-8.0.30-150400.4.37.1 * php8-pdo-8.0.30-150400.4.37.1 * php8-embed-8.0.30-150400.4.37.1 * php8-fpm-debugsource-8.0.30-150400.4.37.1 * php8-zip-debuginfo-8.0.30-150400.4.37.1 * php8-intl-debuginfo-8.0.30-150400.4.37.1 * php8-debugsource-8.0.30-150400.4.37.1 * php8-gettext-debuginfo-8.0.30-150400.4.37.1 * php8-pcntl-8.0.30-150400.4.37.1 * php8-odbc-8.0.30-150400.4.37.1 * php8-xsl-debuginfo-8.0.30-150400.4.37.1 * php8-odbc-debuginfo-8.0.30-150400.4.37.1 * php8-dba-8.0.30-150400.4.37.1 * php8-curl-8.0.30-150400.4.37.1 * php8-zlib-8.0.30-150400.4.37.1 * php8-soap-8.0.30-150400.4.37.1 * php8-mbstring-debuginfo-8.0.30-150400.4.37.1 * php8-pcntl-debuginfo-8.0.30-150400.4.37.1 * php8-cli-8.0.30-150400.4.37.1 * php8-fastcgi-debugsource-8.0.30-150400.4.37.1 * php8-devel-8.0.30-150400.4.37.1 * php8-phar-debuginfo-8.0.30-150400.4.37.1 * php8-sysvshm-debuginfo-8.0.30-150400.4.37.1 * php8-ftp-8.0.30-150400.4.37.1 * php8-opcache-8.0.30-150400.4.37.1 * php8-sqlite-debuginfo-8.0.30-150400.4.37.1 * php8-fileinfo-debuginfo-8.0.30-150400.4.37.1 * php8-ctype-debuginfo-8.0.30-150400.4.37.1 * php8-sysvmsg-8.0.30-150400.4.37.1 * php8-openssl-8.0.30-150400.4.37.1 * php8-fpm-8.0.30-150400.4.37.1 * php8-mbstring-8.0.30-150400.4.37.1 * php8-readline-debuginfo-8.0.30-150400.4.37.1 * php8-xmlreader-debuginfo-8.0.30-150400.4.37.1 * php8-readline-8.0.30-150400.4.37.1 * php8-sodium-debuginfo-8.0.30-150400.4.37.1 * php8-tidy-8.0.30-150400.4.37.1 * apache2-mod_php8-debugsource-8.0.30-150400.4.37.1 * php8-cli-debuginfo-8.0.30-150400.4.37.1 * php8-sysvmsg-debuginfo-8.0.30-150400.4.37.1 * php8-test-8.0.30-150400.4.37.1 * php8-fpm-debuginfo-8.0.30-150400.4.37.1 * php8-xmlwriter-8.0.30-150400.4.37.1 * php8-sysvshm-8.0.30-150400.4.37.1 * php8-fileinfo-8.0.30-150400.4.37.1 * php8-bz2-debuginfo-8.0.30-150400.4.37.1 * php8-embed-debugsource-8.0.30-150400.4.37.1 * php8-fastcgi-debuginfo-8.0.30-150400.4.37.1 * php8-sockets-debuginfo-8.0.30-150400.4.37.1 * apache2-mod_php8-8.0.30-150400.4.37.1 * php8-fastcgi-8.0.30-150400.4.37.1 * php8-ldap-8.0.30-150400.4.37.1 * php8-zlib-debuginfo-8.0.30-150400.4.37.1 * apache2-mod_php8-debuginfo-8.0.30-150400.4.37.1 * php8-gettext-8.0.30-150400.4.37.1 * php8-opcache-debuginfo-8.0.30-150400.4.37.1 * php8-mysql-8.0.30-150400.4.37.1 * php8-posix-debuginfo-8.0.30-150400.4.37.1 * php8-mysql-debuginfo-8.0.30-150400.4.37.1 * php8-enchant-debuginfo-8.0.30-150400.4.37.1 * php8-enchant-8.0.30-150400.4.37.1 * php8-calendar-debuginfo-8.0.30-150400.4.37.1 * php8-soap-debuginfo-8.0.30-150400.4.37.1 * php8-snmp-8.0.30-150400.4.37.1 * php8-sqlite-8.0.30-150400.4.37.1 * php8-dba-debuginfo-8.0.30-150400.4.37.1 * php8-posix-8.0.30-150400.4.37.1 * php8-pgsql-8.0.30-150400.4.37.1 * php8-phar-8.0.30-150400.4.37.1 * php8-shmop-8.0.30-150400.4.37.1 * php8-pgsql-debuginfo-8.0.30-150400.4.37.1 * php8-ctype-8.0.30-150400.4.37.1 * php8-pdo-debuginfo-8.0.30-150400.4.37.1 * php8-embed-debuginfo-8.0.30-150400.4.37.1 * Web and Scripting Module 15-SP5 (aarch64 ppc64le s390x x86_64) * php8-xsl-8.0.30-150400.4.37.1 * php8-ftp-debuginfo-8.0.30-150400.4.37.1 * php8-ldap-debuginfo-8.0.30-150400.4.37.1 * php8-bcmath-debuginfo-8.0.30-150400.4.37.1 * php8-iconv-8.0.30-150400.4.37.1 * php8-gmp-debuginfo-8.0.30-150400.4.37.1 * php8-8.0.30-150400.4.37.1 * php8-xmlreader-8.0.30-150400.4.37.1 * php8-sockets-8.0.30-150400.4.37.1 * php8-iconv-debuginfo-8.0.30-150400.4.37.1 * php8-bcmath-8.0.30-150400.4.37.1 * php8-calendar-8.0.30-150400.4.37.1 * php8-shmop-debuginfo-8.0.30-150400.4.37.1 * php8-tokenizer-8.0.30-150400.4.37.1 * php8-bz2-8.0.30-150400.4.37.1 * php8-gmp-8.0.30-150400.4.37.1 * php8-tokenizer-debuginfo-8.0.30-150400.4.37.1 * php8-debuginfo-8.0.30-150400.4.37.1 * php8-gd-8.0.30-150400.4.37.1 * php8-intl-8.0.30-150400.4.37.1 * php8-dom-8.0.30-150400.4.37.1 * php8-gd-debuginfo-8.0.30-150400.4.37.1 * php8-zip-8.0.30-150400.4.37.1 * php8-sysvsem-8.0.30-150400.4.37.1 * php8-exif-8.0.30-150400.4.37.1 * php8-openssl-debuginfo-8.0.30-150400.4.37.1 * php8-exif-debuginfo-8.0.30-150400.4.37.1 * php8-tidy-debuginfo-8.0.30-150400.4.37.1 * php8-sysvsem-debuginfo-8.0.30-150400.4.37.1 * php8-xmlwriter-debuginfo-8.0.30-150400.4.37.1 * php8-curl-debuginfo-8.0.30-150400.4.37.1 * php8-dom-debuginfo-8.0.30-150400.4.37.1 * php8-snmp-debuginfo-8.0.30-150400.4.37.1 * php8-sodium-8.0.30-150400.4.37.1 * php8-pdo-8.0.30-150400.4.37.1 * php8-embed-8.0.30-150400.4.37.1 * php8-fpm-debugsource-8.0.30-150400.4.37.1 * php8-zip-debuginfo-8.0.30-150400.4.37.1 * php8-intl-debuginfo-8.0.30-150400.4.37.1 * php8-debugsource-8.0.30-150400.4.37.1 * php8-gettext-debuginfo-8.0.30-150400.4.37.1 * php8-pcntl-8.0.30-150400.4.37.1 * php8-odbc-8.0.30-150400.4.37.1 * php8-xsl-debuginfo-8.0.30-150400.4.37.1 * php8-odbc-debuginfo-8.0.30-150400.4.37.1 * php8-dba-8.0.30-150400.4.37.1 * php8-curl-8.0.30-150400.4.37.1 * php8-zlib-8.0.30-150400.4.37.1 * php8-soap-8.0.30-150400.4.37.1 * php8-mbstring-debuginfo-8.0.30-150400.4.37.1 * php8-pcntl-debuginfo-8.0.30-150400.4.37.1 * php8-cli-8.0.30-150400.4.37.1 * php8-fastcgi-debugsource-8.0.30-150400.4.37.1 * php8-devel-8.0.30-150400.4.37.1 * php8-phar-debuginfo-8.0.30-150400.4.37.1 * php8-sysvshm-debuginfo-8.0.30-150400.4.37.1 * php8-ftp-8.0.30-150400.4.37.1 * php8-opcache-8.0.30-150400.4.37.1 * php8-sqlite-debuginfo-8.0.30-150400.4.37.1 * php8-fileinfo-debuginfo-8.0.30-150400.4.37.1 * php8-ctype-debuginfo-8.0.30-150400.4.37.1 * php8-sysvmsg-8.0.30-150400.4.37.1 * php8-openssl-8.0.30-150400.4.37.1 * php8-fpm-8.0.30-150400.4.37.1 * php8-mbstring-8.0.30-150400.4.37.1 * php8-readline-debuginfo-8.0.30-150400.4.37.1 * php8-xmlreader-debuginfo-8.0.30-150400.4.37.1 * php8-readline-8.0.30-150400.4.37.1 * php8-sodium-debuginfo-8.0.30-150400.4.37.1 * php8-tidy-8.0.30-150400.4.37.1 * apache2-mod_php8-debugsource-8.0.30-150400.4.37.1 * php8-cli-debuginfo-8.0.30-150400.4.37.1 * php8-sysvmsg-debuginfo-8.0.30-150400.4.37.1 * php8-test-8.0.30-150400.4.37.1 * php8-fpm-debuginfo-8.0.30-150400.4.37.1 * php8-xmlwriter-8.0.30-150400.4.37.1 * php8-sysvshm-8.0.30-150400.4.37.1 * php8-fileinfo-8.0.30-150400.4.37.1 * php8-bz2-debuginfo-8.0.30-150400.4.37.1 * php8-embed-debugsource-8.0.30-150400.4.37.1 * php8-fastcgi-debuginfo-8.0.30-150400.4.37.1 * php8-sockets-debuginfo-8.0.30-150400.4.37.1 * apache2-mod_php8-8.0.30-150400.4.37.1 * php8-fastcgi-8.0.30-150400.4.37.1 * php8-ldap-8.0.30-150400.4.37.1 * php8-zlib-debuginfo-8.0.30-150400.4.37.1 * apache2-mod_php8-debuginfo-8.0.30-150400.4.37.1 * php8-gettext-8.0.30-150400.4.37.1 * php8-opcache-debuginfo-8.0.30-150400.4.37.1 * php8-mysql-8.0.30-150400.4.37.1 * php8-posix-debuginfo-8.0.30-150400.4.37.1 * php8-mysql-debuginfo-8.0.30-150400.4.37.1 * php8-enchant-debuginfo-8.0.30-150400.4.37.1 * php8-enchant-8.0.30-150400.4.37.1 * php8-calendar-debuginfo-8.0.30-150400.4.37.1 * php8-soap-debuginfo-8.0.30-150400.4.37.1 * php8-snmp-8.0.30-150400.4.37.1 * php8-sqlite-8.0.30-150400.4.37.1 * php8-dba-debuginfo-8.0.30-150400.4.37.1 * php8-posix-8.0.30-150400.4.37.1 * php8-pgsql-8.0.30-150400.4.37.1 * php8-phar-8.0.30-150400.4.37.1 * php8-shmop-8.0.30-150400.4.37.1 * php8-pgsql-debuginfo-8.0.30-150400.4.37.1 * php8-ctype-8.0.30-150400.4.37.1 * php8-pdo-debuginfo-8.0.30-150400.4.37.1 * php8-embed-debuginfo-8.0.30-150400.4.37.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3823.html * https://www.suse.com/security/cve/CVE-2023-3824.html * https://bugzilla.suse.com/show_bug.cgi?id=1214103 * https://bugzilla.suse.com/show_bug.cgi?id=1214106 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 5 12:41:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 05 Sep 2023 12:41:50 -0000 Subject: SUSE-SU-2023:3527-1: moderate: Security update for gsl Message-ID: <169391771070.22711.14102462160071881532@smelt2.suse.de> # Security update for gsl Announcement ID: SUSE-SU-2023:3527-1 Rating: moderate References: * #1214681 Cross-References: * CVE-2020-35357 CVSS scores: * CVE-2020-35357 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-35357 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for gsl fixes the following issues: * CVE-2020-35357: Fixed a stack out of bounds read in gsl_stats_quantile_from_sorted_data(). (bsc#1214681) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-3527=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-3527=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3527=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3527=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * libgsl23-debuginfo-2.4-150100.9.4.1 * gsl-debuginfo-2.4-150100.9.4.1 * libgsl23-2.4-150100.9.4.1 * gsl-debugsource-2.4-150100.9.4.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * libgsl23-debuginfo-2.4-150100.9.4.1 * gsl-debuginfo-2.4-150100.9.4.1 * libgsl23-2.4-150100.9.4.1 * gsl-debugsource-2.4-150100.9.4.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * gsl_2_4-gnu-hpc-debuginfo-2.4-150100.9.4.1 * libgslcblas_2_4-gnu-hpc-debuginfo-2.4-150100.9.4.1 * libgsl_2_4-gnu-hpc-2.4-150100.9.4.1 * gsl_2_4-gnu-hpc-doc-2.4-150100.9.4.1 * gsl_2_4-gnu-hpc-debugsource-2.4-150100.9.4.1 * gsl_2_4-gnu-hpc-devel-2.4-150100.9.4.1 * libgslcblas_2_4-gnu-hpc-2.4-150100.9.4.1 * libgsl23-2.4-150100.9.4.1 * gsl_2_4-gnu-hpc-2.4-150100.9.4.1 * libgsl23-debuginfo-2.4-150100.9.4.1 * libgsl_2_4-gnu-hpc-debuginfo-2.4-150100.9.4.1 * openSUSE Leap 15.4 (noarch) * gsl_2_4-gnu-hpc-examples-2.4-150100.9.4.1 * gsl_2_4-gnu-hpc-module-2.4-150100.9.4.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * gsl_2_4-gnu-hpc-debuginfo-2.4-150100.9.4.1 * libgslcblas_2_4-gnu-hpc-debuginfo-2.4-150100.9.4.1 * libgsl_2_4-gnu-hpc-2.4-150100.9.4.1 * gsl_2_4-gnu-hpc-doc-2.4-150100.9.4.1 * gsl_2_4-gnu-hpc-debugsource-2.4-150100.9.4.1 * gsl_2_4-gnu-hpc-devel-2.4-150100.9.4.1 * libgslcblas_2_4-gnu-hpc-2.4-150100.9.4.1 * gsl_2_4-gnu-hpc-2.4-150100.9.4.1 * libgsl_2_4-gnu-hpc-debuginfo-2.4-150100.9.4.1 * openSUSE Leap 15.5 (noarch) * gsl_2_4-gnu-hpc-examples-2.4-150100.9.4.1 * gsl_2_4-gnu-hpc-module-2.4-150100.9.4.1 ## References: * https://www.suse.com/security/cve/CVE-2020-35357.html * https://bugzilla.suse.com/show_bug.cgi?id=1214681 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 5 12:41:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 05 Sep 2023 12:41:58 -0000 Subject: SUSE-SU-2023:3526-1: important: Security update for sccache Message-ID: <169391771855.22711.7428534229128181996@smelt2.suse.de> # Security update for sccache Announcement ID: SUSE-SU-2023:3526-1 Rating: important References: * #1181400 * #1194119 * #1196972 * #1208553 * #1212407 Cross-References: * CVE-2021-45710 * CVE-2022-24713 * CVE-2022-31394 * CVE-2023-1521 CVSS scores: * CVE-2021-45710 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2021-45710 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-24713 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-24713 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-31394 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2022-31394 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1521 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves four vulnerabilities and has one security fix can now be installed. ## Description: This update for sccache fixes the following issues: * Update to version 0.4.2. * CVE-2021-45710: Fixed a segmentation fault due to data race in tokio crate. (bsc#1194119) * CVE-2022-24713: Fixed a ReDoS issue due to vulnerable regex crate. (bsc#1196972) * CVE-2022-31394: Fixed a DoS issue due to the max header list size not settable. (bsc#1208553) * CVE-2023-1521: Fixed a local privilege escalation. (bsc#1212407) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3526=1 openSUSE-SLE-15.4-2023-3526=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3526=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3526=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3526=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * sccache-0.4.2~3-150400.3.3.1 * sccache-debuginfo-0.4.2~3-150400.3.3.1 * openSUSE Leap 15.5 (aarch64 x86_64) * sccache-0.4.2~3-150400.3.3.1 * sccache-debuginfo-0.4.2~3-150400.3.3.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * sccache-0.4.2~3-150400.3.3.1 * sccache-debuginfo-0.4.2~3-150400.3.3.1 * Development Tools Module 15-SP5 (aarch64 x86_64) * sccache-0.4.2~3-150400.3.3.1 * sccache-debuginfo-0.4.2~3-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2021-45710.html * https://www.suse.com/security/cve/CVE-2022-24713.html * https://www.suse.com/security/cve/CVE-2022-31394.html * https://www.suse.com/security/cve/CVE-2023-1521.html * https://bugzilla.suse.com/show_bug.cgi?id=1181400 * https://bugzilla.suse.com/show_bug.cgi?id=1194119 * https://bugzilla.suse.com/show_bug.cgi?id=1196972 * https://bugzilla.suse.com/show_bug.cgi?id=1208553 * https://bugzilla.suse.com/show_bug.cgi?id=1212407 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 5 12:42:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 05 Sep 2023 12:42:01 -0000 Subject: SUSE-SU-2023:3525-1: important: Security update for keylime Message-ID: <169391772170.22711.15040671521896322517@smelt2.suse.de> # Security update for keylime Announcement ID: SUSE-SU-2023:3525-1 Rating: important References: * #1213314 Cross-References: * CVE-2023-38201 CVSS scores: * CVE-2023-38201 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-38201 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for keylime fixes the following issues: * CVE-2023-38201: Fixed a bug to avoid leaks of the authorization tag. (bsc#1213314) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3525=1 openSUSE-SLE-15.4-2023-3525=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3525=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3525=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3525=1 ## Package List: * openSUSE Leap 15.4 (noarch) * keylime-config-6.3.2-150400.4.20.1 * keylime-agent-6.3.2-150400.4.20.1 * keylime-tpm_cert_store-6.3.2-150400.4.20.1 * python3-keylime-6.3.2-150400.4.20.1 * keylime-verifier-6.3.2-150400.4.20.1 * keylime-registrar-6.3.2-150400.4.20.1 * keylime-logrotate-6.3.2-150400.4.20.1 * keylime-firewalld-6.3.2-150400.4.20.1 * openSUSE Leap 15.5 (noarch) * keylime-config-6.3.2-150400.4.20.1 * keylime-agent-6.3.2-150400.4.20.1 * keylime-tpm_cert_store-6.3.2-150400.4.20.1 * python3-keylime-6.3.2-150400.4.20.1 * keylime-verifier-6.3.2-150400.4.20.1 * keylime-registrar-6.3.2-150400.4.20.1 * keylime-logrotate-6.3.2-150400.4.20.1 * keylime-firewalld-6.3.2-150400.4.20.1 * Basesystem Module 15-SP4 (noarch) * keylime-config-6.3.2-150400.4.20.1 * keylime-agent-6.3.2-150400.4.20.1 * keylime-tpm_cert_store-6.3.2-150400.4.20.1 * python3-keylime-6.3.2-150400.4.20.1 * keylime-verifier-6.3.2-150400.4.20.1 * keylime-registrar-6.3.2-150400.4.20.1 * keylime-logrotate-6.3.2-150400.4.20.1 * keylime-firewalld-6.3.2-150400.4.20.1 * Basesystem Module 15-SP5 (noarch) * keylime-config-6.3.2-150400.4.20.1 * keylime-tpm_cert_store-6.3.2-150400.4.20.1 * keylime-agent-6.3.2-150400.4.20.1 * python3-keylime-6.3.2-150400.4.20.1 * keylime-verifier-6.3.2-150400.4.20.1 * keylime-registrar-6.3.2-150400.4.20.1 * keylime-logrotate-6.3.2-150400.4.20.1 * keylime-firewalld-6.3.2-150400.4.20.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38201.html * https://bugzilla.suse.com/show_bug.cgi?id=1213314 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 5 12:42:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 05 Sep 2023 12:42:04 -0000 Subject: SUSE-RU-2023:3524-1: moderate: Recommended update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed Message-ID: <169391772480.22711.4909976457833413138@smelt2.suse.de> # Recommended update for kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed Announcement ID: SUSE-RU-2023:3524-1 Rating: moderate References: * #1212724 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Changes in nvidia-open-driver-G06-signed: * Update to version 535.104.05 Changes in kernel-firmware-nvidia-gspx-G06: * update firmware to version 535.104.05 * Obsoletes conflicting kernel-firmware-nvidia-gsp-G06 = 535.86.05 (bsc#1212724) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3524=1 openSUSE-SLE-15.5-2023-3524=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3524=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3524=1 ## Package List: * openSUSE Leap 15.5 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.104.05-150500.11.6.1 * openSUSE Leap 15.5 (aarch64 x86_64) * nvidia-open-driver-G06-signed-debugsource-535.104.05-150500.3.10.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.104.05_k5.14.21_150500.55.19-150500.3.10.1 * nvidia-open-driver-G06-signed-kmp-default-535.104.05_k5.14.21_150500.55.19-150500.3.10.1 * openSUSE Leap 15.5 (x86_64) * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-535.104.05_k5.14.21_150500.33.14-150500.3.10.1 * nvidia-open-driver-G06-signed-kmp-azure-535.104.05_k5.14.21_150500.33.14-150500.3.10.1 * openSUSE Leap 15.5 (aarch64) * nvidia-open-driver-G06-signed-kmp-64kb-535.104.05_k5.14.21_150500.55.19-150500.3.10.1 * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-535.104.05_k5.14.21_150500.55.19-150500.3.10.1 * Basesystem Module 15-SP5 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.104.05-150500.11.6.1 * Basesystem Module 15-SP5 (aarch64) * nvidia-open-driver-G06-signed-kmp-64kb-535.104.05_k5.14.21_150500.55.19-150500.3.10.1 * nvidia-open-driver-G06-signed-debugsource-535.104.05-150500.3.10.1 * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-535.104.05_k5.14.21_150500.55.19-150500.3.10.1 * Basesystem Module 15-SP5 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.104.05_k5.14.21_150500.55.19-150500.3.10.1 * nvidia-open-driver-G06-signed-kmp-default-535.104.05_k5.14.21_150500.55.19-150500.3.10.1 * Public Cloud Module 15-SP5 (x86_64) * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-535.104.05_k5.14.21_150500.33.14-150500.3.10.1 * nvidia-open-driver-G06-signed-kmp-azure-535.104.05_k5.14.21_150500.33.14-150500.3.10.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212724 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 5 12:42:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 05 Sep 2023 12:42:06 -0000 Subject: SUSE-RU-2023:3523-1: moderate: Recommended update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed Message-ID: <169391772682.22711.11172345019884888652@smelt2.suse.de> # Recommended update for kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed Announcement ID: SUSE-RU-2023:3523-1 Rating: moderate References: * #1212724 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Changes in nvidia-open-driver-G06-signed: * Update to version 535.104.05 Changes in kernel-firmware-nvidia-gspx-G06: * update firmware to version 535.104.05 * Obsoletes conflicting kernel-firmware-nvidia-gsp-G06 = 535.86.05 (bsc#1212724) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3523=1 openSUSE-SLE-15.4-2023-3523=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3523=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3523=1 ## Package List: * openSUSE Leap 15.4 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.104.05-150400.9.6.1 * openSUSE Leap 15.4 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-535.104.05_k5.14.21_150400.24.81-150400.9.17.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.104.05_k5.14.21_150400.24.81-150400.9.17.1 * nvidia-open-driver-G06-signed-debugsource-535.104.05-150400.9.17.1 * openSUSE Leap 15.4 (x86_64) * nvidia-open-driver-G06-signed-kmp-azure-535.104.05_k5.14.21_150400.14.63-150400.9.17.1 * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-535.104.05_k5.14.21_150400.14.63-150400.9.17.1 * openSUSE Leap 15.4 (aarch64) * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-535.104.05_k5.14.21_150400.24.81-150400.9.17.1 * nvidia-open-driver-G06-signed-kmp-64kb-535.104.05_k5.14.21_150400.24.81-150400.9.17.1 * Basesystem Module 15-SP4 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.104.05-150400.9.6.1 * Basesystem Module 15-SP4 (aarch64) * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-535.104.05_k5.14.21_150400.24.81-150400.9.17.1 * nvidia-open-driver-G06-signed-kmp-64kb-535.104.05_k5.14.21_150400.24.81-150400.9.17.1 * nvidia-open-driver-G06-signed-debugsource-535.104.05-150400.9.17.1 * Basesystem Module 15-SP4 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-535.104.05_k5.14.21_150400.24.81-150400.9.17.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.104.05_k5.14.21_150400.24.81-150400.9.17.1 * Public Cloud Module 15-SP4 (x86_64) * nvidia-open-driver-G06-signed-kmp-azure-535.104.05_k5.14.21_150400.14.63-150400.9.17.1 * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-535.104.05_k5.14.21_150400.14.63-150400.9.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212724 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 5 12:42:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 05 Sep 2023 12:42:08 -0000 Subject: SUSE-SU-2023:3522-1: important: Security update for amazon-ecs-init Message-ID: <169391772882.22711.16941112926982081784@smelt2.suse.de> # Security update for amazon-ecs-init Announcement ID: SUSE-SU-2023:3522-1 Rating: important References: * #1212475 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one security fix can now be installed. ## Description: This update of amazon-ecs-init fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3522=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3522=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-3522=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-3522=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-3522=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3522=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3522=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * amazon-ecs-init-1.53.0-150100.4.17.1 * openSUSE Leap 15.5 (aarch64 x86_64) * amazon-ecs-init-1.53.0-150100.4.17.1 * Public Cloud Module 15-SP1 (aarch64 x86_64) * amazon-ecs-init-1.53.0-150100.4.17.1 * Public Cloud Module 15-SP2 (aarch64 x86_64) * amazon-ecs-init-1.53.0-150100.4.17.1 * Public Cloud Module 15-SP3 (aarch64 x86_64) * amazon-ecs-init-1.53.0-150100.4.17.1 * Public Cloud Module 15-SP4 (aarch64 x86_64) * amazon-ecs-init-1.53.0-150100.4.17.1 * Public Cloud Module 15-SP5 (aarch64 x86_64) * amazon-ecs-init-1.53.0-150100.4.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 5 12:42:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 05 Sep 2023 12:42:11 -0000 Subject: SUSE-RU-2023:3521-1: moderate: Recommended update for python-iniconfig Message-ID: <169391773113.22711.9680117747829297080@smelt2.suse.de> # Recommended update for python-iniconfig Announcement ID: SUSE-RU-2023:3521-1 Rating: moderate References: * #1213582 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for python-iniconfig provides python3-iniconfig to SUSE Linux Enterprise Micro 5.2. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3521=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3521=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3521=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3521=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3521=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3521=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3521=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3521=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3521=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3521=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3521=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3521=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3521=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3521=1 ## Package List: * SUSE Manager Proxy 4.2 (noarch) * python3-iniconfig-1.1.1-150000.1.11.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * python3-iniconfig-1.1.1-150000.1.11.1 * SUSE Manager Server 4.2 (noarch) * python3-iniconfig-1.1.1-150000.1.11.1 * python2-iniconfig-1.1.1-150000.1.11.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * python3-iniconfig-1.1.1-150000.1.11.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * python3-iniconfig-1.1.1-150000.1.11.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * python3-iniconfig-1.1.1-150000.1.11.1 * openSUSE Leap 15.4 (noarch) * python3-iniconfig-1.1.1-150000.1.11.1 * openSUSE Leap 15.5 (noarch) * python3-iniconfig-1.1.1-150000.1.11.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-iniconfig-1.1.1-150000.1.11.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-iniconfig-1.1.1-150000.1.11.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-iniconfig-1.1.1-150000.1.11.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-iniconfig-1.1.1-150000.1.11.1 * Basesystem Module 15-SP4 (noarch) * python3-iniconfig-1.1.1-150000.1.11.1 * Basesystem Module 15-SP5 (noarch) * python3-iniconfig-1.1.1-150000.1.11.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213582 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 5 12:42:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 05 Sep 2023 12:42:13 -0000 Subject: SUSE-SU-2023:3520-1: low: Security update for djvulibre Message-ID: <169391773357.22711.245153257801517390@smelt2.suse.de> # Security update for djvulibre Announcement ID: SUSE-SU-2023:3520-1 Rating: low References: * #1214670 * #1214672 Cross-References: * CVE-2021-46310 * CVE-2021-46312 CVSS scores: * CVE-2021-46310 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2021-46310 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-46312 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2021-46312 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for djvulibre fixes the following issues: * CVE-2021-46310: Fixed divide by zero in IW44Image.cpp (bsc#1214670). * CVE-2021-46312: Fixed divide by zero in IW44EncodeCodec.cpp (bsc#1214672). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3520=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3520=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3520=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3520=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3520=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3520=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * djvulibre-debuginfo-3.5.27-150200.11.14.1 * libdjvulibre-devel-3.5.27-150200.11.14.1 * libdjvulibre21-3.5.27-150200.11.14.1 * djvulibre-3.5.27-150200.11.14.1 * djvulibre-debugsource-3.5.27-150200.11.14.1 * libdjvulibre21-debuginfo-3.5.27-150200.11.14.1 * openSUSE Leap 15.4 (noarch) * djvulibre-doc-3.5.27-150200.11.14.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * djvulibre-debuginfo-3.5.27-150200.11.14.1 * libdjvulibre-devel-3.5.27-150200.11.14.1 * libdjvulibre21-3.5.27-150200.11.14.1 * djvulibre-3.5.27-150200.11.14.1 * djvulibre-debugsource-3.5.27-150200.11.14.1 * libdjvulibre21-debuginfo-3.5.27-150200.11.14.1 * openSUSE Leap 15.5 (noarch) * djvulibre-doc-3.5.27-150200.11.14.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * djvulibre-debuginfo-3.5.27-150200.11.14.1 * libdjvulibre21-3.5.27-150200.11.14.1 * libdjvulibre-devel-3.5.27-150200.11.14.1 * djvulibre-debugsource-3.5.27-150200.11.14.1 * libdjvulibre21-debuginfo-3.5.27-150200.11.14.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * djvulibre-debuginfo-3.5.27-150200.11.14.1 * libdjvulibre21-3.5.27-150200.11.14.1 * libdjvulibre-devel-3.5.27-150200.11.14.1 * djvulibre-debugsource-3.5.27-150200.11.14.1 * libdjvulibre21-debuginfo-3.5.27-150200.11.14.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * djvulibre-debuginfo-3.5.27-150200.11.14.1 * djvulibre-debugsource-3.5.27-150200.11.14.1 * djvulibre-3.5.27-150200.11.14.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * djvulibre-debuginfo-3.5.27-150200.11.14.1 * djvulibre-debugsource-3.5.27-150200.11.14.1 * djvulibre-3.5.27-150200.11.14.1 ## References: * https://www.suse.com/security/cve/CVE-2021-46310.html * https://www.suse.com/security/cve/CVE-2021-46312.html * https://bugzilla.suse.com/show_bug.cgi?id=1214670 * https://bugzilla.suse.com/show_bug.cgi?id=1214672 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 5 12:42:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 05 Sep 2023 12:42:16 -0000 Subject: SUSE-SU-2023:3519-1: important: Security update for MozillaFirefox Message-ID: <169391773618.22711.4783708308671961530@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:3519-1 Rating: important References: * #1214606 Cross-References: * CVE-2023-4051 * CVE-2023-4053 * CVE-2023-4574 * CVE-2023-4575 * CVE-2023-4576 * CVE-2023-4577 * CVE-2023-4578 * CVE-2023-4580 * CVE-2023-4581 * CVE-2023-4582 * CVE-2023-4583 * CVE-2023-4584 * CVE-2023-4585 CVSS scores: * CVE-2023-4051 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4053 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 13 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Firefox was updated to Extended Support Release 115.2.0 ESR (MFSA 2023-36) (bsc#1214606). * CVE-2023-4574: Fixed memory corruption in IPC ColorPickerShownCallback (bmo#1846688) * CVE-2023-4575: Fixed memory corruption in IPC FilePickerShownCallback (bmo#1846689) * CVE-2023-4576: Fixed integer Overflow in RecordedSourceSurfaceCreation (bmo#1846694) * CVE-2023-4577: Fixed memory corruption in JIT UpdateRegExpStatics (bmo#1847397) * CVE-2023-4051: Fixed full screen notification obscured by file open dialog (bmo#1821884) * CVE-2023-4578: Fixed Out of Memory Exception in SpiderMonkey could have triggered an (bmo#1839007) * CVE-2023-4053: Fixed full screen notification obscured by external program (bmo#1839079) * CVE-2023-4580: Fixed push notifications saved to disk unencrypted (bmo#1843046) * CVE-2023-4581: Fixed XLL file extensions downloadable without warnings (bmo#1843758) * CVE-2023-4582: Fixed buffer Overflow in WebGL glGetProgramiv (bmo#1773874) * CVE-2023-4583: Fixed browsing Context potentially not cleared when closing Private Window (bmo#1842030) * CVE-2023-4584: Fixed memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (bmo#1843968, bmo#1845205, bmo#1846080, bmo#1846526, bmo#1847529) * CVE-2023-4585: Fixed memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2(bmo#1751583, bmo#1833504, bmo#1841082, bmo#1847904, bmo#1848999). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3519=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3519=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3519=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3519=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3519=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3519=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3519=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3519=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3519=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3519=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3519=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3519=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3519=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.2.0-150200.152.102.1 * MozillaFirefox-branding-upstream-115.2.0-150200.152.102.1 * MozillaFirefox-115.2.0-150200.152.102.1 * MozillaFirefox-debugsource-115.2.0-150200.152.102.1 * MozillaFirefox-translations-common-115.2.0-150200.152.102.1 * MozillaFirefox-debuginfo-115.2.0-150200.152.102.1 * openSUSE Leap 15.4 (noarch) * MozillaFirefox-devel-115.2.0-150200.152.102.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.2.0-150200.152.102.1 * MozillaFirefox-branding-upstream-115.2.0-150200.152.102.1 * MozillaFirefox-115.2.0-150200.152.102.1 * MozillaFirefox-debugsource-115.2.0-150200.152.102.1 * MozillaFirefox-translations-common-115.2.0-150200.152.102.1 * MozillaFirefox-debuginfo-115.2.0-150200.152.102.1 * openSUSE Leap 15.5 (noarch) * MozillaFirefox-devel-115.2.0-150200.152.102.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.2.0-150200.152.102.1 * MozillaFirefox-debuginfo-115.2.0-150200.152.102.1 * MozillaFirefox-debugsource-115.2.0-150200.152.102.1 * MozillaFirefox-translations-common-115.2.0-150200.152.102.1 * MozillaFirefox-translations-other-115.2.0-150200.152.102.1 * Desktop Applications Module 15-SP4 (noarch) * MozillaFirefox-devel-115.2.0-150200.152.102.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.2.0-150200.152.102.1 * MozillaFirefox-debuginfo-115.2.0-150200.152.102.1 * MozillaFirefox-debugsource-115.2.0-150200.152.102.1 * MozillaFirefox-translations-common-115.2.0-150200.152.102.1 * MozillaFirefox-translations-other-115.2.0-150200.152.102.1 * Desktop Applications Module 15-SP5 (noarch) * MozillaFirefox-devel-115.2.0-150200.152.102.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * MozillaFirefox-115.2.0-150200.152.102.1 * MozillaFirefox-debuginfo-115.2.0-150200.152.102.1 * MozillaFirefox-debugsource-115.2.0-150200.152.102.1 * MozillaFirefox-translations-common-115.2.0-150200.152.102.1 * MozillaFirefox-translations-other-115.2.0-150200.152.102.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.2.0-150200.152.102.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * MozillaFirefox-115.2.0-150200.152.102.1 * MozillaFirefox-debuginfo-115.2.0-150200.152.102.1 * MozillaFirefox-debugsource-115.2.0-150200.152.102.1 * MozillaFirefox-translations-common-115.2.0-150200.152.102.1 * MozillaFirefox-translations-other-115.2.0-150200.152.102.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * MozillaFirefox-devel-115.2.0-150200.152.102.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * MozillaFirefox-115.2.0-150200.152.102.1 * MozillaFirefox-debuginfo-115.2.0-150200.152.102.1 * MozillaFirefox-debugsource-115.2.0-150200.152.102.1 * MozillaFirefox-translations-common-115.2.0-150200.152.102.1 * MozillaFirefox-translations-other-115.2.0-150200.152.102.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * MozillaFirefox-devel-115.2.0-150200.152.102.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.2.0-150200.152.102.1 * MozillaFirefox-debuginfo-115.2.0-150200.152.102.1 * MozillaFirefox-debugsource-115.2.0-150200.152.102.1 * MozillaFirefox-translations-common-115.2.0-150200.152.102.1 * MozillaFirefox-translations-other-115.2.0-150200.152.102.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.2.0-150200.152.102.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.2.0-150200.152.102.1 * MozillaFirefox-debuginfo-115.2.0-150200.152.102.1 * MozillaFirefox-debugsource-115.2.0-150200.152.102.1 * MozillaFirefox-translations-common-115.2.0-150200.152.102.1 * MozillaFirefox-translations-other-115.2.0-150200.152.102.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * MozillaFirefox-devel-115.2.0-150200.152.102.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * MozillaFirefox-115.2.0-150200.152.102.1 * MozillaFirefox-debuginfo-115.2.0-150200.152.102.1 * MozillaFirefox-debugsource-115.2.0-150200.152.102.1 * MozillaFirefox-translations-common-115.2.0-150200.152.102.1 * MozillaFirefox-translations-other-115.2.0-150200.152.102.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * MozillaFirefox-devel-115.2.0-150200.152.102.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * MozillaFirefox-115.2.0-150200.152.102.1 * MozillaFirefox-debuginfo-115.2.0-150200.152.102.1 * MozillaFirefox-debugsource-115.2.0-150200.152.102.1 * MozillaFirefox-translations-common-115.2.0-150200.152.102.1 * MozillaFirefox-translations-other-115.2.0-150200.152.102.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * MozillaFirefox-devel-115.2.0-150200.152.102.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * MozillaFirefox-115.2.0-150200.152.102.1 * MozillaFirefox-debuginfo-115.2.0-150200.152.102.1 * MozillaFirefox-debugsource-115.2.0-150200.152.102.1 * MozillaFirefox-translations-common-115.2.0-150200.152.102.1 * MozillaFirefox-translations-other-115.2.0-150200.152.102.1 * SUSE Enterprise Storage 7.1 (noarch) * MozillaFirefox-devel-115.2.0-150200.152.102.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * MozillaFirefox-115.2.0-150200.152.102.1 * MozillaFirefox-debuginfo-115.2.0-150200.152.102.1 * MozillaFirefox-debugsource-115.2.0-150200.152.102.1 * MozillaFirefox-translations-common-115.2.0-150200.152.102.1 * MozillaFirefox-translations-other-115.2.0-150200.152.102.1 * SUSE Enterprise Storage 7 (noarch) * MozillaFirefox-devel-115.2.0-150200.152.102.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4051.html * https://www.suse.com/security/cve/CVE-2023-4053.html * https://www.suse.com/security/cve/CVE-2023-4574.html * https://www.suse.com/security/cve/CVE-2023-4575.html * https://www.suse.com/security/cve/CVE-2023-4576.html * https://www.suse.com/security/cve/CVE-2023-4577.html * https://www.suse.com/security/cve/CVE-2023-4578.html * https://www.suse.com/security/cve/CVE-2023-4580.html * https://www.suse.com/security/cve/CVE-2023-4581.html * https://www.suse.com/security/cve/CVE-2023-4582.html * https://www.suse.com/security/cve/CVE-2023-4583.html * https://www.suse.com/security/cve/CVE-2023-4584.html * https://www.suse.com/security/cve/CVE-2023-4585.html * https://bugzilla.suse.com/show_bug.cgi?id=1214606 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 5 12:42:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 05 Sep 2023 12:42:18 -0000 Subject: SUSE-SU-2023:3518-1: moderate: Security update for exempi Message-ID: <169391773841.22711.1624858108751133136@smelt2.suse.de> # Security update for exempi Announcement ID: SUSE-SU-2023:3518-1 Rating: moderate References: * #1214488 Cross-References: * CVE-2020-18652 CVSS scores: * CVE-2020-18652 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-18652 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for exempi fixes the following issues: * CVE-2020-18652: Fixed buffer overflow vulnerability in WEBP_Support.cpp (bsc#1214488). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3518=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3518=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3518=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3518=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libexempi3-debuginfo-2.4.5-150000.3.6.1 * exempi-tools-2.4.5-150000.3.6.1 * exempi-tools-debuginfo-2.4.5-150000.3.6.1 * libexempi-devel-2.4.5-150000.3.6.1 * exempi-debugsource-2.4.5-150000.3.6.1 * libexempi3-2.4.5-150000.3.6.1 * openSUSE Leap 15.4 (x86_64) * libexempi3-32bit-2.4.5-150000.3.6.1 * libexempi3-32bit-debuginfo-2.4.5-150000.3.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libexempi3-debuginfo-2.4.5-150000.3.6.1 * exempi-tools-2.4.5-150000.3.6.1 * exempi-tools-debuginfo-2.4.5-150000.3.6.1 * libexempi-devel-2.4.5-150000.3.6.1 * exempi-debugsource-2.4.5-150000.3.6.1 * libexempi3-2.4.5-150000.3.6.1 * openSUSE Leap 15.5 (x86_64) * libexempi3-32bit-2.4.5-150000.3.6.1 * libexempi3-32bit-debuginfo-2.4.5-150000.3.6.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libexempi3-2.4.5-150000.3.6.1 * libexempi3-debuginfo-2.4.5-150000.3.6.1 * libexempi-devel-2.4.5-150000.3.6.1 * exempi-debugsource-2.4.5-150000.3.6.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libexempi3-2.4.5-150000.3.6.1 * libexempi3-debuginfo-2.4.5-150000.3.6.1 * libexempi-devel-2.4.5-150000.3.6.1 * exempi-debugsource-2.4.5-150000.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2020-18652.html * https://bugzilla.suse.com/show_bug.cgi?id=1214488 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 5 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 05 Sep 2023 16:30:04 -0000 Subject: SUSE-SU-2023:3541-1: important: Security update for php7 Message-ID: <169393140486.13565.18058997897972492914@smelt2.suse.de> # Security update for php7 Announcement ID: SUSE-SU-2023:3541-1 Rating: important References: * #1214103 * #1214106 Cross-References: * CVE-2023-3823 * CVE-2023-3824 CVSS scores: * CVE-2023-3823 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3823 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L * CVE-2023-3824 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-3824 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L Affected Products: * Legacy Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for php7 fixes the following issues: * CVE-2023-3823: Fixed an issue with external entity loading in XML without enabling it. (bsc#1214106) * CVE-2023-3824: Fixed a buffer overflow in phar_dir_read(). (bsc#1214103) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3541=1 SUSE-2023-3541=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3541=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-3541=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-3541=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3541=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3541=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * php7-mbstring-debuginfo-7.4.33-150400.4.28.1 * php7-sysvshm-debuginfo-7.4.33-150400.4.28.1 * apache2-mod_php7-7.4.33-150400.4.28.1 * php7-gettext-7.4.33-150400.4.28.1 * php7-gd-debuginfo-7.4.33-150400.4.28.1 * php7-snmp-debuginfo-7.4.33-150400.4.28.1 * php7-snmp-7.4.33-150400.4.28.1 * php7-devel-7.4.33-150400.4.28.1 * php7-dom-debuginfo-7.4.33-150400.4.28.1 * php7-bcmath-debuginfo-7.4.33-150400.4.28.1 * php7-fpm-7.4.33-150400.4.28.1 * php7-xmlwriter-debuginfo-7.4.33-150400.4.28.1 * php7-json-7.4.33-150400.4.28.1 * php7-openssl-7.4.33-150400.4.28.1 * php7-zlib-debuginfo-7.4.33-150400.4.28.1 * php7-iconv-7.4.33-150400.4.28.1 * php7-pcntl-7.4.33-150400.4.28.1 * php7-tidy-7.4.33-150400.4.28.1 * php7-zip-7.4.33-150400.4.28.1 * php7-dba-7.4.33-150400.4.28.1 * php7-xsl-debuginfo-7.4.33-150400.4.28.1 * php7-gmp-debuginfo-7.4.33-150400.4.28.1 * php7-mbstring-7.4.33-150400.4.28.1 * php7-ftp-debuginfo-7.4.33-150400.4.28.1 * php7-zlib-7.4.33-150400.4.28.1 * php7-fileinfo-debuginfo-7.4.33-150400.4.28.1 * php7-fpm-debugsource-7.4.33-150400.4.28.1 * php7-sysvsem-debuginfo-7.4.33-150400.4.28.1 * php7-readline-7.4.33-150400.4.28.1 * php7-phar-7.4.33-150400.4.28.1 * php7-odbc-7.4.33-150400.4.28.1 * php7-embed-debugsource-7.4.33-150400.4.28.1 * php7-zip-debuginfo-7.4.33-150400.4.28.1 * php7-dom-7.4.33-150400.4.28.1 * php7-xmlrpc-debuginfo-7.4.33-150400.4.28.1 * php7-calendar-debuginfo-7.4.33-150400.4.28.1 * php7-calendar-7.4.33-150400.4.28.1 * php7-embed-debuginfo-7.4.33-150400.4.28.1 * php7-intl-7.4.33-150400.4.28.1 * php7-sockets-debuginfo-7.4.33-150400.4.28.1 * php7-debuginfo-7.4.33-150400.4.28.1 * php7-cli-debuginfo-7.4.33-150400.4.28.1 * php7-embed-7.4.33-150400.4.28.1 * php7-enchant-debuginfo-7.4.33-150400.4.28.1 * php7-readline-debuginfo-7.4.33-150400.4.28.1 * php7-sockets-7.4.33-150400.4.28.1 * php7-intl-debuginfo-7.4.33-150400.4.28.1 * php7-json-debuginfo-7.4.33-150400.4.28.1 * php7-mysql-7.4.33-150400.4.28.1 * php7-shmop-7.4.33-150400.4.28.1 * php7-sysvshm-7.4.33-150400.4.28.1 * php7-xmlrpc-7.4.33-150400.4.28.1 * php7-ldap-debuginfo-7.4.33-150400.4.28.1 * php7-bcmath-7.4.33-150400.4.28.1 * php7-pgsql-debuginfo-7.4.33-150400.4.28.1 * php7-gmp-7.4.33-150400.4.28.1 * php7-tokenizer-7.4.33-150400.4.28.1 * php7-dba-debuginfo-7.4.33-150400.4.28.1 * php7-soap-debuginfo-7.4.33-150400.4.28.1 * php7-cli-7.4.33-150400.4.28.1 * php7-fastcgi-debugsource-7.4.33-150400.4.28.1 * php7-fileinfo-7.4.33-150400.4.28.1 * php7-tokenizer-debuginfo-7.4.33-150400.4.28.1 * php7-sodium-debuginfo-7.4.33-150400.4.28.1 * php7-7.4.33-150400.4.28.1 * php7-xsl-7.4.33-150400.4.28.1 * php7-curl-debuginfo-7.4.33-150400.4.28.1 * php7-gettext-debuginfo-7.4.33-150400.4.28.1 * php7-mysql-debuginfo-7.4.33-150400.4.28.1 * apache2-mod_php7-debuginfo-7.4.33-150400.4.28.1 * php7-ftp-7.4.33-150400.4.28.1 * php7-phar-debuginfo-7.4.33-150400.4.28.1 * php7-sqlite-7.4.33-150400.4.28.1 * php7-shmop-debuginfo-7.4.33-150400.4.28.1 * php7-xmlreader-7.4.33-150400.4.28.1 * php7-iconv-debuginfo-7.4.33-150400.4.28.1 * php7-xmlwriter-7.4.33-150400.4.28.1 * php7-exif-debuginfo-7.4.33-150400.4.28.1 * php7-pcntl-debuginfo-7.4.33-150400.4.28.1 * php7-odbc-debuginfo-7.4.33-150400.4.28.1 * php7-bz2-debuginfo-7.4.33-150400.4.28.1 * php7-debugsource-7.4.33-150400.4.28.1 * php7-fastcgi-debuginfo-7.4.33-150400.4.28.1 * php7-ldap-7.4.33-150400.4.28.1 * php7-posix-debuginfo-7.4.33-150400.4.28.1 * php7-pgsql-7.4.33-150400.4.28.1 * php7-test-7.4.33-150400.4.28.1 * php7-posix-7.4.33-150400.4.28.1 * php7-curl-7.4.33-150400.4.28.1 * php7-enchant-7.4.33-150400.4.28.1 * php7-opcache-7.4.33-150400.4.28.1 * php7-pdo-debuginfo-7.4.33-150400.4.28.1 * php7-opcache-debuginfo-7.4.33-150400.4.28.1 * php7-exif-7.4.33-150400.4.28.1 * php7-bz2-7.4.33-150400.4.28.1 * php7-sysvsem-7.4.33-150400.4.28.1 * php7-ctype-debuginfo-7.4.33-150400.4.28.1 * php7-sqlite-debuginfo-7.4.33-150400.4.28.1 * php7-tidy-debuginfo-7.4.33-150400.4.28.1 * php7-sodium-7.4.33-150400.4.28.1 * php7-sysvmsg-debuginfo-7.4.33-150400.4.28.1 * php7-sysvmsg-7.4.33-150400.4.28.1 * php7-fpm-debuginfo-7.4.33-150400.4.28.1 * php7-ctype-7.4.33-150400.4.28.1 * php7-gd-7.4.33-150400.4.28.1 * apache2-mod_php7-debugsource-7.4.33-150400.4.28.1 * php7-soap-7.4.33-150400.4.28.1 * php7-pdo-7.4.33-150400.4.28.1 * php7-openssl-debuginfo-7.4.33-150400.4.28.1 * php7-xmlreader-debuginfo-7.4.33-150400.4.28.1 * php7-fastcgi-7.4.33-150400.4.28.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * php7-mbstring-debuginfo-7.4.33-150400.4.28.1 * php7-sysvshm-debuginfo-7.4.33-150400.4.28.1 * apache2-mod_php7-7.4.33-150400.4.28.1 * php7-gettext-7.4.33-150400.4.28.1 * php7-gd-debuginfo-7.4.33-150400.4.28.1 * php7-snmp-debuginfo-7.4.33-150400.4.28.1 * php7-snmp-7.4.33-150400.4.28.1 * php7-devel-7.4.33-150400.4.28.1 * php7-dom-debuginfo-7.4.33-150400.4.28.1 * php7-bcmath-debuginfo-7.4.33-150400.4.28.1 * php7-fpm-7.4.33-150400.4.28.1 * php7-xmlwriter-debuginfo-7.4.33-150400.4.28.1 * php7-json-7.4.33-150400.4.28.1 * php7-openssl-7.4.33-150400.4.28.1 * php7-zlib-debuginfo-7.4.33-150400.4.28.1 * php7-iconv-7.4.33-150400.4.28.1 * php7-pcntl-7.4.33-150400.4.28.1 * php7-tidy-7.4.33-150400.4.28.1 * php7-zip-7.4.33-150400.4.28.1 * php7-dba-7.4.33-150400.4.28.1 * php7-xsl-debuginfo-7.4.33-150400.4.28.1 * php7-gmp-debuginfo-7.4.33-150400.4.28.1 * php7-mbstring-7.4.33-150400.4.28.1 * php7-ftp-debuginfo-7.4.33-150400.4.28.1 * php7-zlib-7.4.33-150400.4.28.1 * php7-fileinfo-debuginfo-7.4.33-150400.4.28.1 * php7-fpm-debugsource-7.4.33-150400.4.28.1 * php7-sysvsem-debuginfo-7.4.33-150400.4.28.1 * php7-readline-7.4.33-150400.4.28.1 * php7-phar-7.4.33-150400.4.28.1 * php7-odbc-7.4.33-150400.4.28.1 * php7-embed-debugsource-7.4.33-150400.4.28.1 * php7-zip-debuginfo-7.4.33-150400.4.28.1 * php7-dom-7.4.33-150400.4.28.1 * php7-xmlrpc-debuginfo-7.4.33-150400.4.28.1 * php7-calendar-debuginfo-7.4.33-150400.4.28.1 * php7-calendar-7.4.33-150400.4.28.1 * php7-embed-debuginfo-7.4.33-150400.4.28.1 * php7-intl-7.4.33-150400.4.28.1 * php7-sockets-debuginfo-7.4.33-150400.4.28.1 * php7-debuginfo-7.4.33-150400.4.28.1 * php7-cli-debuginfo-7.4.33-150400.4.28.1 * php7-embed-7.4.33-150400.4.28.1 * php7-enchant-debuginfo-7.4.33-150400.4.28.1 * php7-readline-debuginfo-7.4.33-150400.4.28.1 * php7-sockets-7.4.33-150400.4.28.1 * php7-intl-debuginfo-7.4.33-150400.4.28.1 * php7-json-debuginfo-7.4.33-150400.4.28.1 * php7-mysql-7.4.33-150400.4.28.1 * php7-shmop-7.4.33-150400.4.28.1 * php7-sysvshm-7.4.33-150400.4.28.1 * php7-xmlrpc-7.4.33-150400.4.28.1 * php7-ldap-debuginfo-7.4.33-150400.4.28.1 * php7-bcmath-7.4.33-150400.4.28.1 * php7-pgsql-debuginfo-7.4.33-150400.4.28.1 * php7-gmp-7.4.33-150400.4.28.1 * php7-tokenizer-7.4.33-150400.4.28.1 * php7-dba-debuginfo-7.4.33-150400.4.28.1 * php7-soap-debuginfo-7.4.33-150400.4.28.1 * php7-cli-7.4.33-150400.4.28.1 * php7-fastcgi-debugsource-7.4.33-150400.4.28.1 * php7-fileinfo-7.4.33-150400.4.28.1 * php7-tokenizer-debuginfo-7.4.33-150400.4.28.1 * php7-sodium-debuginfo-7.4.33-150400.4.28.1 * php7-7.4.33-150400.4.28.1 * php7-xsl-7.4.33-150400.4.28.1 * php7-curl-debuginfo-7.4.33-150400.4.28.1 * php7-gettext-debuginfo-7.4.33-150400.4.28.1 * php7-mysql-debuginfo-7.4.33-150400.4.28.1 * apache2-mod_php7-debuginfo-7.4.33-150400.4.28.1 * php7-ftp-7.4.33-150400.4.28.1 * php7-phar-debuginfo-7.4.33-150400.4.28.1 * php7-sqlite-7.4.33-150400.4.28.1 * php7-shmop-debuginfo-7.4.33-150400.4.28.1 * php7-xmlreader-7.4.33-150400.4.28.1 * php7-iconv-debuginfo-7.4.33-150400.4.28.1 * php7-xmlwriter-7.4.33-150400.4.28.1 * php7-exif-debuginfo-7.4.33-150400.4.28.1 * php7-pcntl-debuginfo-7.4.33-150400.4.28.1 * php7-odbc-debuginfo-7.4.33-150400.4.28.1 * php7-bz2-debuginfo-7.4.33-150400.4.28.1 * php7-debugsource-7.4.33-150400.4.28.1 * php7-fastcgi-debuginfo-7.4.33-150400.4.28.1 * php7-ldap-7.4.33-150400.4.28.1 * php7-posix-debuginfo-7.4.33-150400.4.28.1 * php7-pgsql-7.4.33-150400.4.28.1 * php7-test-7.4.33-150400.4.28.1 * php7-posix-7.4.33-150400.4.28.1 * php7-curl-7.4.33-150400.4.28.1 * php7-enchant-7.4.33-150400.4.28.1 * php7-opcache-7.4.33-150400.4.28.1 * php7-pdo-debuginfo-7.4.33-150400.4.28.1 * php7-opcache-debuginfo-7.4.33-150400.4.28.1 * php7-exif-7.4.33-150400.4.28.1 * php7-bz2-7.4.33-150400.4.28.1 * php7-sysvsem-7.4.33-150400.4.28.1 * php7-ctype-debuginfo-7.4.33-150400.4.28.1 * php7-sqlite-debuginfo-7.4.33-150400.4.28.1 * php7-tidy-debuginfo-7.4.33-150400.4.28.1 * php7-sodium-7.4.33-150400.4.28.1 * php7-sysvmsg-debuginfo-7.4.33-150400.4.28.1 * php7-sysvmsg-7.4.33-150400.4.28.1 * php7-fpm-debuginfo-7.4.33-150400.4.28.1 * php7-ctype-7.4.33-150400.4.28.1 * php7-gd-7.4.33-150400.4.28.1 * apache2-mod_php7-debugsource-7.4.33-150400.4.28.1 * php7-soap-7.4.33-150400.4.28.1 * php7-pdo-7.4.33-150400.4.28.1 * php7-openssl-debuginfo-7.4.33-150400.4.28.1 * php7-xmlreader-debuginfo-7.4.33-150400.4.28.1 * php7-fastcgi-7.4.33-150400.4.28.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * php7-mbstring-debuginfo-7.4.33-150400.4.28.1 * php7-sysvshm-debuginfo-7.4.33-150400.4.28.1 * apache2-mod_php7-7.4.33-150400.4.28.1 * php7-gettext-7.4.33-150400.4.28.1 * php7-gd-debuginfo-7.4.33-150400.4.28.1 * php7-snmp-debuginfo-7.4.33-150400.4.28.1 * php7-snmp-7.4.33-150400.4.28.1 * php7-devel-7.4.33-150400.4.28.1 * php7-dom-debuginfo-7.4.33-150400.4.28.1 * php7-bcmath-debuginfo-7.4.33-150400.4.28.1 * php7-fpm-7.4.33-150400.4.28.1 * php7-xmlwriter-debuginfo-7.4.33-150400.4.28.1 * php7-json-7.4.33-150400.4.28.1 * php7-openssl-7.4.33-150400.4.28.1 * php7-zlib-debuginfo-7.4.33-150400.4.28.1 * php7-iconv-7.4.33-150400.4.28.1 * php7-pcntl-7.4.33-150400.4.28.1 * php7-tidy-7.4.33-150400.4.28.1 * php7-zip-7.4.33-150400.4.28.1 * php7-dba-7.4.33-150400.4.28.1 * php7-xsl-debuginfo-7.4.33-150400.4.28.1 * php7-gmp-debuginfo-7.4.33-150400.4.28.1 * php7-mbstring-7.4.33-150400.4.28.1 * php7-ftp-debuginfo-7.4.33-150400.4.28.1 * php7-zlib-7.4.33-150400.4.28.1 * php7-fileinfo-debuginfo-7.4.33-150400.4.28.1 * php7-fpm-debugsource-7.4.33-150400.4.28.1 * php7-sysvsem-debuginfo-7.4.33-150400.4.28.1 * php7-readline-7.4.33-150400.4.28.1 * php7-phar-7.4.33-150400.4.28.1 * php7-odbc-7.4.33-150400.4.28.1 * php7-zip-debuginfo-7.4.33-150400.4.28.1 * php7-dom-7.4.33-150400.4.28.1 * php7-xmlrpc-debuginfo-7.4.33-150400.4.28.1 * php7-calendar-debuginfo-7.4.33-150400.4.28.1 * php7-calendar-7.4.33-150400.4.28.1 * php7-intl-7.4.33-150400.4.28.1 * php7-sockets-debuginfo-7.4.33-150400.4.28.1 * php7-debuginfo-7.4.33-150400.4.28.1 * php7-cli-debuginfo-7.4.33-150400.4.28.1 * php7-enchant-debuginfo-7.4.33-150400.4.28.1 * php7-readline-debuginfo-7.4.33-150400.4.28.1 * php7-sockets-7.4.33-150400.4.28.1 * php7-intl-debuginfo-7.4.33-150400.4.28.1 * php7-json-debuginfo-7.4.33-150400.4.28.1 * php7-mysql-7.4.33-150400.4.28.1 * php7-shmop-7.4.33-150400.4.28.1 * php7-sysvshm-7.4.33-150400.4.28.1 * php7-xmlrpc-7.4.33-150400.4.28.1 * php7-ldap-debuginfo-7.4.33-150400.4.28.1 * php7-bcmath-7.4.33-150400.4.28.1 * php7-pgsql-debuginfo-7.4.33-150400.4.28.1 * php7-gmp-7.4.33-150400.4.28.1 * php7-tokenizer-7.4.33-150400.4.28.1 * php7-dba-debuginfo-7.4.33-150400.4.28.1 * php7-soap-debuginfo-7.4.33-150400.4.28.1 * php7-cli-7.4.33-150400.4.28.1 * php7-fastcgi-debugsource-7.4.33-150400.4.28.1 * php7-fileinfo-7.4.33-150400.4.28.1 * php7-tokenizer-debuginfo-7.4.33-150400.4.28.1 * php7-sodium-debuginfo-7.4.33-150400.4.28.1 * php7-7.4.33-150400.4.28.1 * php7-xsl-7.4.33-150400.4.28.1 * php7-curl-debuginfo-7.4.33-150400.4.28.1 * php7-gettext-debuginfo-7.4.33-150400.4.28.1 * php7-mysql-debuginfo-7.4.33-150400.4.28.1 * apache2-mod_php7-debuginfo-7.4.33-150400.4.28.1 * php7-ftp-7.4.33-150400.4.28.1 * php7-phar-debuginfo-7.4.33-150400.4.28.1 * php7-sqlite-7.4.33-150400.4.28.1 * php7-shmop-debuginfo-7.4.33-150400.4.28.1 * php7-xmlreader-7.4.33-150400.4.28.1 * php7-iconv-debuginfo-7.4.33-150400.4.28.1 * php7-xmlwriter-7.4.33-150400.4.28.1 * php7-exif-debuginfo-7.4.33-150400.4.28.1 * php7-pcntl-debuginfo-7.4.33-150400.4.28.1 * php7-odbc-debuginfo-7.4.33-150400.4.28.1 * php7-bz2-debuginfo-7.4.33-150400.4.28.1 * php7-debugsource-7.4.33-150400.4.28.1 * php7-fastcgi-debuginfo-7.4.33-150400.4.28.1 * php7-ldap-7.4.33-150400.4.28.1 * php7-posix-debuginfo-7.4.33-150400.4.28.1 * php7-pgsql-7.4.33-150400.4.28.1 * php7-posix-7.4.33-150400.4.28.1 * php7-curl-7.4.33-150400.4.28.1 * php7-enchant-7.4.33-150400.4.28.1 * php7-opcache-7.4.33-150400.4.28.1 * php7-pdo-debuginfo-7.4.33-150400.4.28.1 * php7-opcache-debuginfo-7.4.33-150400.4.28.1 * php7-exif-7.4.33-150400.4.28.1 * php7-bz2-7.4.33-150400.4.28.1 * php7-sysvsem-7.4.33-150400.4.28.1 * php7-ctype-debuginfo-7.4.33-150400.4.28.1 * php7-sqlite-debuginfo-7.4.33-150400.4.28.1 * php7-tidy-debuginfo-7.4.33-150400.4.28.1 * php7-sodium-7.4.33-150400.4.28.1 * php7-sysvmsg-debuginfo-7.4.33-150400.4.28.1 * php7-sysvmsg-7.4.33-150400.4.28.1 * php7-fpm-debuginfo-7.4.33-150400.4.28.1 * php7-ctype-7.4.33-150400.4.28.1 * php7-gd-7.4.33-150400.4.28.1 * apache2-mod_php7-debugsource-7.4.33-150400.4.28.1 * php7-soap-7.4.33-150400.4.28.1 * php7-pdo-7.4.33-150400.4.28.1 * php7-openssl-debuginfo-7.4.33-150400.4.28.1 * php7-xmlreader-debuginfo-7.4.33-150400.4.28.1 * php7-fastcgi-7.4.33-150400.4.28.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * php7-mbstring-debuginfo-7.4.33-150400.4.28.1 * php7-sysvshm-debuginfo-7.4.33-150400.4.28.1 * apache2-mod_php7-7.4.33-150400.4.28.1 * php7-gettext-7.4.33-150400.4.28.1 * php7-gd-debuginfo-7.4.33-150400.4.28.1 * php7-snmp-debuginfo-7.4.33-150400.4.28.1 * php7-snmp-7.4.33-150400.4.28.1 * php7-devel-7.4.33-150400.4.28.1 * php7-dom-debuginfo-7.4.33-150400.4.28.1 * php7-bcmath-debuginfo-7.4.33-150400.4.28.1 * php7-fpm-7.4.33-150400.4.28.1 * php7-xmlwriter-debuginfo-7.4.33-150400.4.28.1 * php7-json-7.4.33-150400.4.28.1 * php7-openssl-7.4.33-150400.4.28.1 * php7-zlib-debuginfo-7.4.33-150400.4.28.1 * php7-iconv-7.4.33-150400.4.28.1 * php7-pcntl-7.4.33-150400.4.28.1 * php7-tidy-7.4.33-150400.4.28.1 * php7-zip-7.4.33-150400.4.28.1 * php7-dba-7.4.33-150400.4.28.1 * php7-xsl-debuginfo-7.4.33-150400.4.28.1 * php7-gmp-debuginfo-7.4.33-150400.4.28.1 * php7-mbstring-7.4.33-150400.4.28.1 * php7-ftp-debuginfo-7.4.33-150400.4.28.1 * php7-zlib-7.4.33-150400.4.28.1 * php7-fileinfo-debuginfo-7.4.33-150400.4.28.1 * php7-fpm-debugsource-7.4.33-150400.4.28.1 * php7-sysvsem-debuginfo-7.4.33-150400.4.28.1 * php7-readline-7.4.33-150400.4.28.1 * php7-phar-7.4.33-150400.4.28.1 * php7-odbc-7.4.33-150400.4.28.1 * php7-zip-debuginfo-7.4.33-150400.4.28.1 * php7-dom-7.4.33-150400.4.28.1 * php7-xmlrpc-debuginfo-7.4.33-150400.4.28.1 * php7-calendar-debuginfo-7.4.33-150400.4.28.1 * php7-calendar-7.4.33-150400.4.28.1 * php7-intl-7.4.33-150400.4.28.1 * php7-sockets-debuginfo-7.4.33-150400.4.28.1 * php7-debuginfo-7.4.33-150400.4.28.1 * php7-cli-debuginfo-7.4.33-150400.4.28.1 * php7-enchant-debuginfo-7.4.33-150400.4.28.1 * php7-readline-debuginfo-7.4.33-150400.4.28.1 * php7-sockets-7.4.33-150400.4.28.1 * php7-intl-debuginfo-7.4.33-150400.4.28.1 * php7-json-debuginfo-7.4.33-150400.4.28.1 * php7-mysql-7.4.33-150400.4.28.1 * php7-shmop-7.4.33-150400.4.28.1 * php7-sysvshm-7.4.33-150400.4.28.1 * php7-xmlrpc-7.4.33-150400.4.28.1 * php7-ldap-debuginfo-7.4.33-150400.4.28.1 * php7-bcmath-7.4.33-150400.4.28.1 * php7-pgsql-debuginfo-7.4.33-150400.4.28.1 * php7-gmp-7.4.33-150400.4.28.1 * php7-tokenizer-7.4.33-150400.4.28.1 * php7-dba-debuginfo-7.4.33-150400.4.28.1 * php7-soap-debuginfo-7.4.33-150400.4.28.1 * php7-cli-7.4.33-150400.4.28.1 * php7-fastcgi-debugsource-7.4.33-150400.4.28.1 * php7-fileinfo-7.4.33-150400.4.28.1 * php7-tokenizer-debuginfo-7.4.33-150400.4.28.1 * php7-sodium-debuginfo-7.4.33-150400.4.28.1 * php7-7.4.33-150400.4.28.1 * php7-xsl-7.4.33-150400.4.28.1 * php7-curl-debuginfo-7.4.33-150400.4.28.1 * php7-gettext-debuginfo-7.4.33-150400.4.28.1 * php7-mysql-debuginfo-7.4.33-150400.4.28.1 * apache2-mod_php7-debuginfo-7.4.33-150400.4.28.1 * php7-ftp-7.4.33-150400.4.28.1 * php7-phar-debuginfo-7.4.33-150400.4.28.1 * php7-sqlite-7.4.33-150400.4.28.1 * php7-shmop-debuginfo-7.4.33-150400.4.28.1 * php7-xmlreader-7.4.33-150400.4.28.1 * php7-iconv-debuginfo-7.4.33-150400.4.28.1 * php7-xmlwriter-7.4.33-150400.4.28.1 * php7-exif-debuginfo-7.4.33-150400.4.28.1 * php7-pcntl-debuginfo-7.4.33-150400.4.28.1 * php7-odbc-debuginfo-7.4.33-150400.4.28.1 * php7-bz2-debuginfo-7.4.33-150400.4.28.1 * php7-debugsource-7.4.33-150400.4.28.1 * php7-fastcgi-debuginfo-7.4.33-150400.4.28.1 * php7-ldap-7.4.33-150400.4.28.1 * php7-posix-debuginfo-7.4.33-150400.4.28.1 * php7-pgsql-7.4.33-150400.4.28.1 * php7-posix-7.4.33-150400.4.28.1 * php7-curl-7.4.33-150400.4.28.1 * php7-enchant-7.4.33-150400.4.28.1 * php7-opcache-7.4.33-150400.4.28.1 * php7-pdo-debuginfo-7.4.33-150400.4.28.1 * php7-opcache-debuginfo-7.4.33-150400.4.28.1 * php7-exif-7.4.33-150400.4.28.1 * php7-bz2-7.4.33-150400.4.28.1 * php7-sysvsem-7.4.33-150400.4.28.1 * php7-ctype-debuginfo-7.4.33-150400.4.28.1 * php7-sqlite-debuginfo-7.4.33-150400.4.28.1 * php7-tidy-debuginfo-7.4.33-150400.4.28.1 * php7-sodium-7.4.33-150400.4.28.1 * php7-sysvmsg-debuginfo-7.4.33-150400.4.28.1 * php7-sysvmsg-7.4.33-150400.4.28.1 * php7-fpm-debuginfo-7.4.33-150400.4.28.1 * php7-ctype-7.4.33-150400.4.28.1 * php7-gd-7.4.33-150400.4.28.1 * apache2-mod_php7-debugsource-7.4.33-150400.4.28.1 * php7-soap-7.4.33-150400.4.28.1 * php7-pdo-7.4.33-150400.4.28.1 * php7-openssl-debuginfo-7.4.33-150400.4.28.1 * php7-xmlreader-debuginfo-7.4.33-150400.4.28.1 * php7-fastcgi-7.4.33-150400.4.28.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * php7-embed-debugsource-7.4.33-150400.4.28.1 * php7-embed-7.4.33-150400.4.28.1 * php7-embed-debuginfo-7.4.33-150400.4.28.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * php7-embed-debugsource-7.4.33-150400.4.28.1 * php7-embed-7.4.33-150400.4.28.1 * php7-embed-debuginfo-7.4.33-150400.4.28.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3823.html * https://www.suse.com/security/cve/CVE-2023-3824.html * https://bugzilla.suse.com/show_bug.cgi?id=1214103 * https://bugzilla.suse.com/show_bug.cgi?id=1214106 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 5 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 05 Sep 2023 16:30:08 -0000 Subject: SUSE-RU-2023:3540-1: important: Recommended update for dracut Message-ID: <169393140817.13565.1036509067071512011@smelt2.suse.de> # Recommended update for dracut Announcement ID: SUSE-RU-2023:3540-1 Rating: important References: * #1214081 Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has one fix can now be installed. ## Description: This update for dracut fixes the following issues: * Exit if resolving executable dependencies fails (bsc#1214081) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3540=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3540=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3540=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3540=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3540=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3540=1 ## Package List: * SUSE Manager Proxy 4.2 (x86_64) * dracut-fips-049.1+suse.255.g19bd61fd-150200.3.72.1 * dracut-049.1+suse.255.g19bd61fd-150200.3.72.1 * dracut-debuginfo-049.1+suse.255.g19bd61fd-150200.3.72.1 * dracut-ima-049.1+suse.255.g19bd61fd-150200.3.72.1 * dracut-debugsource-049.1+suse.255.g19bd61fd-150200.3.72.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * dracut-fips-049.1+suse.255.g19bd61fd-150200.3.72.1 * dracut-049.1+suse.255.g19bd61fd-150200.3.72.1 * dracut-debuginfo-049.1+suse.255.g19bd61fd-150200.3.72.1 * dracut-ima-049.1+suse.255.g19bd61fd-150200.3.72.1 * dracut-debugsource-049.1+suse.255.g19bd61fd-150200.3.72.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * dracut-fips-049.1+suse.255.g19bd61fd-150200.3.72.1 * dracut-049.1+suse.255.g19bd61fd-150200.3.72.1 * dracut-debuginfo-049.1+suse.255.g19bd61fd-150200.3.72.1 * dracut-ima-049.1+suse.255.g19bd61fd-150200.3.72.1 * dracut-debugsource-049.1+suse.255.g19bd61fd-150200.3.72.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * dracut-049.1+suse.255.g19bd61fd-150200.3.72.1 * dracut-debuginfo-049.1+suse.255.g19bd61fd-150200.3.72.1 * dracut-fips-049.1+suse.255.g19bd61fd-150200.3.72.1 * dracut-debugsource-049.1+suse.255.g19bd61fd-150200.3.72.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * dracut-049.1+suse.255.g19bd61fd-150200.3.72.1 * dracut-debuginfo-049.1+suse.255.g19bd61fd-150200.3.72.1 * dracut-fips-049.1+suse.255.g19bd61fd-150200.3.72.1 * dracut-debugsource-049.1+suse.255.g19bd61fd-150200.3.72.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * dracut-049.1+suse.255.g19bd61fd-150200.3.72.1 * dracut-debuginfo-049.1+suse.255.g19bd61fd-150200.3.72.1 * dracut-fips-049.1+suse.255.g19bd61fd-150200.3.72.1 * dracut-debugsource-049.1+suse.255.g19bd61fd-150200.3.72.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214081 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 5 16:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 05 Sep 2023 16:30:11 -0000 Subject: SUSE-SU-2023:3539-1: important: Security update for container-suseconnect Message-ID: <169393141127.13565.1372923558150489426@smelt2.suse.de> # Security update for container-suseconnect Announcement ID: SUSE-SU-2023:3539-1 Rating: important References: * #1212475 Affected Products: * Containers Module 15-SP4 * Containers Module 15-SP5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one security fix can now be installed. ## Description: This update of container-suseconnect fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-3539=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-3539=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3539=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3539=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3539=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3539=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3539=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3539=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3539=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3539=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3539=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3539=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3539=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3539=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.36.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.36.1 * container-suseconnect-debuginfo-2.4.0-150000.4.36.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.36.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.36.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.36.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.36.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.36.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.36.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.36.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.36.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.36.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.36.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.36.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.36.1 * SUSE CaaS Platform 4.0 (x86_64) * container-suseconnect-2.4.0-150000.4.36.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 5 16:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 05 Sep 2023 16:30:13 -0000 Subject: SUSE-RU-2023:3538-1: important: Recommended update for dracut Message-ID: <169393141344.13565.8358064999209851370@smelt2.suse.de> # Recommended update for dracut Announcement ID: SUSE-RU-2023:3538-1 Rating: important References: * #1214081 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for dracut fixes the following issues: * Protect against broken links pointing to themselves * Exit if resolving executable dependencies fails (bsc#1214081) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3538=1 openSUSE-SLE-15.4-2023-3538=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3538=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3538=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3538=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3538=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3538=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * dracut-debuginfo-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-extra-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-fips-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-ima-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-debugsource-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-tools-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-mkinitrd-deprecated-055+suse.347.gdcb9bdbf-150400.3.28.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * dracut-debuginfo-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-fips-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-debugsource-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-mkinitrd-deprecated-055+suse.347.gdcb9bdbf-150400.3.28.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * dracut-debuginfo-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-fips-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-debugsource-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-mkinitrd-deprecated-055+suse.347.gdcb9bdbf-150400.3.28.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * dracut-debuginfo-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-fips-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-debugsource-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-mkinitrd-deprecated-055+suse.347.gdcb9bdbf-150400.3.28.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * dracut-debuginfo-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-fips-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-debugsource-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-mkinitrd-deprecated-055+suse.347.gdcb9bdbf-150400.3.28.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * dracut-debuginfo-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-fips-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-ima-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-debugsource-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-055+suse.347.gdcb9bdbf-150400.3.28.1 * dracut-mkinitrd-deprecated-055+suse.347.gdcb9bdbf-150400.3.28.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214081 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 5 16:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 05 Sep 2023 16:30:15 -0000 Subject: SUSE-SU-2023:3537-1: important: Security update for amazon-ssm-agent Message-ID: <169393141536.13565.9466490580068560829@smelt2.suse.de> # Security update for amazon-ssm-agent Announcement ID: SUSE-SU-2023:3537-1 Rating: important References: * #1212475 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one security fix can now be installed. ## Description: This update of amazon-ssm-agent fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-3537=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-3537=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3537=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3537=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3537=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3537=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-3537=1 ## Package List: * Public Cloud Module 15-SP2 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.17.1 * Public Cloud Module 15-SP3 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.17.1 * Public Cloud Module 15-SP4 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.17.1 * Public Cloud Module 15-SP5 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.17.1 * openSUSE Leap 15.4 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.17.1 * openSUSE Leap 15.5 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.17.1 * Public Cloud Module 15-SP1 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 5 16:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 05 Sep 2023 16:30:20 -0000 Subject: SUSE-SU-2023:3536-1: moderate: Security update for docker Message-ID: <169393142093.13565.5336866180921776322@smelt2.suse.de> # Security update for docker Announcement ID: SUSE-SU-2023:3536-1 Rating: moderate References: * #1210797 * #1212368 * #1213120 * #1213229 * #1213500 * #1214107 * #1214108 * #1214109 Cross-References: * CVE-2023-28840 * CVE-2023-28841 * CVE-2023-28842 CVSS scores: * CVE-2023-28840 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L * CVE-2023-28840 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L * CVE-2023-28841 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2023-28841 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2023-28842 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N * CVE-2023-28842 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N Affected Products: * Containers Module 15-SP4 * Containers Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities and has five security fixes can now be installed. ## Description: This update for docker fixes the following issues: * Update to Docker 24.0.5-ce. See upstream changelong online at bsc#1213229 * Update to Docker 24.0.4-ce. See upstream changelog online at . bsc#1213500 * Update to Docker 24.0.3-ce. See upstream changelog online at . bsc#1213120 * Recommend docker-rootless-extras instead of Require(ing) it, given it's an additional functionality and not inherently required for docker to function. * Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless) * Update to Docker 24.0.2-ce. See upstream changelog online at . bsc#1212368 * Includes the upstreamed fix for the mount table pollution issue. bsc#1210797 * Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as being provided by this package. * was rebuilt against current GO compiler. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3536=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3536=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3536=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3536=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3536=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3536=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-3536=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-3536=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3536=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3536=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3536=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3536=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3536=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3536=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3536=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3536=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3536=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3536=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3536=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3536=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3536=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3536=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * docker-debuginfo-24.0.5_ce-150000.185.1 * docker-24.0.5_ce-150000.185.1 * openSUSE Leap 15.4 (noarch) * docker-zsh-completion-24.0.5_ce-150000.185.1 * docker-fish-completion-24.0.5_ce-150000.185.1 * docker-bash-completion-24.0.5_ce-150000.185.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * docker-debuginfo-24.0.5_ce-150000.185.1 * docker-24.0.5_ce-150000.185.1 * openSUSE Leap 15.5 (noarch) * docker-zsh-completion-24.0.5_ce-150000.185.1 * docker-fish-completion-24.0.5_ce-150000.185.1 * docker-bash-completion-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * docker-debuginfo-24.0.5_ce-150000.185.1 * docker-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * docker-debuginfo-24.0.5_ce-150000.185.1 * docker-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * docker-debuginfo-24.0.5_ce-150000.185.1 * docker-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * docker-debuginfo-24.0.5_ce-150000.185.1 * docker-24.0.5_ce-150000.185.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * docker-debuginfo-24.0.5_ce-150000.185.1 * docker-24.0.5_ce-150000.185.1 * Containers Module 15-SP4 (noarch) * docker-bash-completion-24.0.5_ce-150000.185.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * docker-debuginfo-24.0.5_ce-150000.185.1 * docker-24.0.5_ce-150000.185.1 * Containers Module 15-SP5 (noarch) * docker-bash-completion-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * docker-debuginfo-24.0.5_ce-150000.185.1 * docker-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * docker-bash-completion-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * docker-debuginfo-24.0.5_ce-150000.185.1 * docker-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * docker-bash-completion-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * docker-debuginfo-24.0.5_ce-150000.185.1 * docker-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * docker-fish-completion-24.0.5_ce-150000.185.1 * docker-bash-completion-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * docker-debuginfo-24.0.5_ce-150000.185.1 * docker-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * docker-fish-completion-24.0.5_ce-150000.185.1 * docker-bash-completion-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * docker-debuginfo-24.0.5_ce-150000.185.1 * docker-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * docker-bash-completion-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * docker-debuginfo-24.0.5_ce-150000.185.1 * docker-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * docker-bash-completion-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * docker-debuginfo-24.0.5_ce-150000.185.1 * docker-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * docker-fish-completion-24.0.5_ce-150000.185.1 * docker-bash-completion-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * docker-debuginfo-24.0.5_ce-150000.185.1 * docker-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * docker-bash-completion-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * docker-debuginfo-24.0.5_ce-150000.185.1 * docker-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * docker-bash-completion-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * docker-debuginfo-24.0.5_ce-150000.185.1 * docker-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * docker-fish-completion-24.0.5_ce-150000.185.1 * docker-bash-completion-24.0.5_ce-150000.185.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * docker-debuginfo-24.0.5_ce-150000.185.1 * docker-24.0.5_ce-150000.185.1 * SUSE Enterprise Storage 7.1 (noarch) * docker-fish-completion-24.0.5_ce-150000.185.1 * docker-bash-completion-24.0.5_ce-150000.185.1 * SUSE CaaS Platform 4.0 (x86_64) * docker-debuginfo-24.0.5_ce-150000.185.1 * docker-24.0.5_ce-150000.185.1 * SUSE CaaS Platform 4.0 (noarch) * docker-bash-completion-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * docker-debuginfo-24.0.5_ce-150000.185.1 * docker-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * docker-debuginfo-24.0.5_ce-150000.185.1 * docker-24.0.5_ce-150000.185.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * docker-debuginfo-24.0.5_ce-150000.185.1 * docker-24.0.5_ce-150000.185.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28840.html * https://www.suse.com/security/cve/CVE-2023-28841.html * https://www.suse.com/security/cve/CVE-2023-28842.html * https://bugzilla.suse.com/show_bug.cgi?id=1210797 * https://bugzilla.suse.com/show_bug.cgi?id=1212368 * https://bugzilla.suse.com/show_bug.cgi?id=1213120 * https://bugzilla.suse.com/show_bug.cgi?id=1213229 * https://bugzilla.suse.com/show_bug.cgi?id=1213500 * https://bugzilla.suse.com/show_bug.cgi?id=1214107 * https://bugzilla.suse.com/show_bug.cgi?id=1214108 * https://bugzilla.suse.com/show_bug.cgi?id=1214109 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 5 16:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 05 Sep 2023 16:30:24 -0000 Subject: SUSE-SU-2023:3535-1: important: Security update for glib2 Message-ID: <169393142423.13565.852682772467455049@smelt2.suse.de> # Security update for glib2 Announcement ID: SUSE-SU-2023:3535-1 Rating: important References: * #1183533 * #1211945 * #1211946 * #1211947 * #1211948 * #1211951 Cross-References: * CVE-2021-28153 * CVE-2023-29499 * CVE-2023-32611 * CVE-2023-32636 * CVE-2023-32643 * CVE-2023-32665 CVSS scores: * CVE-2021-28153 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2021-28153 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-29499 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-32611 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32636 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32643 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32665 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 6 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves six vulnerabilities can now be installed. ## Description: This update for glib2 fixes the following issues: * CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files. (bsc#1183533) * CVE-2023-32665: Fixed GVariant deserialisation which does not match spec for non-normal data. (bsc#1211945) * CVE-2023-32643: Fixed a heap-buffer-overflow in g_variant_serialised_get_child(). (bsc#1211946) * CVE-2023-29499: Fixed GVariant offset table entry size which is not checked in is_normal(). (bsc#1211947) * CVE-2023-32636: Fixed a wrong timeout in fuzz_variant_text(). (bsc#1211948) * CVE-2023-32611: Fixed an issue where g_variant_byteswap() can take a long time with some non-normal inputs. (bsc#1211951) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3535=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3535=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3535=1 * SUSE Enterprise Storage 6 zypper in -t patch SUSE-Storage-6-2023-3535=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libgthread-2_0-0-2.54.3-150000.4.29.1 * libglib-2_0-0-2.54.3-150000.4.29.1 * libgio-2_0-0-2.54.3-150000.4.29.1 * libgmodule-2_0-0-2.54.3-150000.4.29.1 * glib2-devel-debuginfo-2.54.3-150000.4.29.1 * glib2-tools-2.54.3-150000.4.29.1 * glib2-devel-2.54.3-150000.4.29.1 * libgmodule-2_0-0-debuginfo-2.54.3-150000.4.29.1 * libgobject-2_0-0-2.54.3-150000.4.29.1 * libgobject-2_0-0-debuginfo-2.54.3-150000.4.29.1 * libgthread-2_0-0-debuginfo-2.54.3-150000.4.29.1 * glib2-debugsource-2.54.3-150000.4.29.1 * libglib-2_0-0-debuginfo-2.54.3-150000.4.29.1 * libgio-2_0-0-debuginfo-2.54.3-150000.4.29.1 * glib2-tools-debuginfo-2.54.3-150000.4.29.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * glib2-lang-2.54.3-150000.4.29.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libglib-2_0-0-32bit-2.54.3-150000.4.29.1 * libgmodule-2_0-0-32bit-debuginfo-2.54.3-150000.4.29.1 * libgobject-2_0-0-32bit-2.54.3-150000.4.29.1 * libgio-2_0-0-32bit-debuginfo-2.54.3-150000.4.29.1 * libgmodule-2_0-0-32bit-2.54.3-150000.4.29.1 * libgio-2_0-0-32bit-2.54.3-150000.4.29.1 * libglib-2_0-0-32bit-debuginfo-2.54.3-150000.4.29.1 * libgobject-2_0-0-32bit-debuginfo-2.54.3-150000.4.29.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libgthread-2_0-0-2.54.3-150000.4.29.1 * libglib-2_0-0-2.54.3-150000.4.29.1 * libgio-2_0-0-2.54.3-150000.4.29.1 * libgmodule-2_0-0-2.54.3-150000.4.29.1 * glib2-devel-debuginfo-2.54.3-150000.4.29.1 * glib2-tools-2.54.3-150000.4.29.1 * glib2-devel-2.54.3-150000.4.29.1 * libgmodule-2_0-0-debuginfo-2.54.3-150000.4.29.1 * libgobject-2_0-0-2.54.3-150000.4.29.1 * libgobject-2_0-0-debuginfo-2.54.3-150000.4.29.1 * libgthread-2_0-0-debuginfo-2.54.3-150000.4.29.1 * glib2-debugsource-2.54.3-150000.4.29.1 * libglib-2_0-0-debuginfo-2.54.3-150000.4.29.1 * libgio-2_0-0-debuginfo-2.54.3-150000.4.29.1 * glib2-tools-debuginfo-2.54.3-150000.4.29.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * glib2-lang-2.54.3-150000.4.29.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libglib-2_0-0-32bit-2.54.3-150000.4.29.1 * libgmodule-2_0-0-32bit-debuginfo-2.54.3-150000.4.29.1 * libgobject-2_0-0-32bit-2.54.3-150000.4.29.1 * libgio-2_0-0-32bit-debuginfo-2.54.3-150000.4.29.1 * libgmodule-2_0-0-32bit-2.54.3-150000.4.29.1 * libgio-2_0-0-32bit-2.54.3-150000.4.29.1 * libglib-2_0-0-32bit-debuginfo-2.54.3-150000.4.29.1 * libgobject-2_0-0-32bit-debuginfo-2.54.3-150000.4.29.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libgthread-2_0-0-2.54.3-150000.4.29.1 * libglib-2_0-0-2.54.3-150000.4.29.1 * libgio-2_0-0-2.54.3-150000.4.29.1 * libgmodule-2_0-0-2.54.3-150000.4.29.1 * glib2-devel-debuginfo-2.54.3-150000.4.29.1 * glib2-tools-2.54.3-150000.4.29.1 * glib2-devel-2.54.3-150000.4.29.1 * libgmodule-2_0-0-debuginfo-2.54.3-150000.4.29.1 * libgobject-2_0-0-2.54.3-150000.4.29.1 * libgobject-2_0-0-debuginfo-2.54.3-150000.4.29.1 * libgthread-2_0-0-debuginfo-2.54.3-150000.4.29.1 * glib2-debugsource-2.54.3-150000.4.29.1 * libglib-2_0-0-debuginfo-2.54.3-150000.4.29.1 * libgio-2_0-0-debuginfo-2.54.3-150000.4.29.1 * glib2-tools-debuginfo-2.54.3-150000.4.29.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * glib2-lang-2.54.3-150000.4.29.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libglib-2_0-0-32bit-2.54.3-150000.4.29.1 * libgmodule-2_0-0-32bit-debuginfo-2.54.3-150000.4.29.1 * libgobject-2_0-0-32bit-2.54.3-150000.4.29.1 * libgio-2_0-0-32bit-debuginfo-2.54.3-150000.4.29.1 * libgmodule-2_0-0-32bit-2.54.3-150000.4.29.1 * libgio-2_0-0-32bit-2.54.3-150000.4.29.1 * libglib-2_0-0-32bit-debuginfo-2.54.3-150000.4.29.1 * libgobject-2_0-0-32bit-debuginfo-2.54.3-150000.4.29.1 * SUSE Enterprise Storage 6 (aarch64 x86_64) * libgthread-2_0-0-2.54.3-150000.4.29.1 * libglib-2_0-0-2.54.3-150000.4.29.1 * libgio-2_0-0-2.54.3-150000.4.29.1 * libgmodule-2_0-0-2.54.3-150000.4.29.1 * glib2-devel-debuginfo-2.54.3-150000.4.29.1 * glib2-tools-2.54.3-150000.4.29.1 * glib2-devel-2.54.3-150000.4.29.1 * libgmodule-2_0-0-debuginfo-2.54.3-150000.4.29.1 * libgobject-2_0-0-2.54.3-150000.4.29.1 * libgobject-2_0-0-debuginfo-2.54.3-150000.4.29.1 * libgthread-2_0-0-debuginfo-2.54.3-150000.4.29.1 * glib2-debugsource-2.54.3-150000.4.29.1 * libglib-2_0-0-debuginfo-2.54.3-150000.4.29.1 * libgio-2_0-0-debuginfo-2.54.3-150000.4.29.1 * glib2-tools-debuginfo-2.54.3-150000.4.29.1 * SUSE Enterprise Storage 6 (noarch) * glib2-lang-2.54.3-150000.4.29.1 * SUSE Enterprise Storage 6 (x86_64) * libglib-2_0-0-32bit-2.54.3-150000.4.29.1 * libgmodule-2_0-0-32bit-debuginfo-2.54.3-150000.4.29.1 * libgobject-2_0-0-32bit-2.54.3-150000.4.29.1 * libgio-2_0-0-32bit-debuginfo-2.54.3-150000.4.29.1 * libgmodule-2_0-0-32bit-2.54.3-150000.4.29.1 * libgio-2_0-0-32bit-2.54.3-150000.4.29.1 * libglib-2_0-0-32bit-debuginfo-2.54.3-150000.4.29.1 * libgobject-2_0-0-32bit-debuginfo-2.54.3-150000.4.29.1 * SUSE CaaS Platform 4.0 (x86_64) * libgobject-2_0-0-32bit-2.54.3-150000.4.29.1 * libglib-2_0-0-2.54.3-150000.4.29.1 * libgio-2_0-0-2.54.3-150000.4.29.1 * libgmodule-2_0-0-2.54.3-150000.4.29.1 * libgio-2_0-0-32bit-debuginfo-2.54.3-150000.4.29.1 * glib2-tools-2.54.3-150000.4.29.1 * libgmodule-2_0-0-debuginfo-2.54.3-150000.4.29.1 * libgmodule-2_0-0-32bit-2.54.3-150000.4.29.1 * libglib-2_0-0-debuginfo-2.54.3-150000.4.29.1 * libglib-2_0-0-32bit-debuginfo-2.54.3-150000.4.29.1 * glib2-devel-2.54.3-150000.4.29.1 * libgio-2_0-0-debuginfo-2.54.3-150000.4.29.1 * libglib-2_0-0-32bit-2.54.3-150000.4.29.1 * libgmodule-2_0-0-32bit-debuginfo-2.54.3-150000.4.29.1 * glib2-devel-debuginfo-2.54.3-150000.4.29.1 * libgobject-2_0-0-2.54.3-150000.4.29.1 * libgobject-2_0-0-debuginfo-2.54.3-150000.4.29.1 * libgthread-2_0-0-debuginfo-2.54.3-150000.4.29.1 * glib2-debugsource-2.54.3-150000.4.29.1 * libgobject-2_0-0-32bit-debuginfo-2.54.3-150000.4.29.1 * libgthread-2_0-0-2.54.3-150000.4.29.1 * libgio-2_0-0-32bit-2.54.3-150000.4.29.1 * glib2-tools-debuginfo-2.54.3-150000.4.29.1 * SUSE CaaS Platform 4.0 (noarch) * glib2-lang-2.54.3-150000.4.29.1 ## References: * https://www.suse.com/security/cve/CVE-2021-28153.html * https://www.suse.com/security/cve/CVE-2023-29499.html * https://www.suse.com/security/cve/CVE-2023-32611.html * https://www.suse.com/security/cve/CVE-2023-32636.html * https://www.suse.com/security/cve/CVE-2023-32643.html * https://www.suse.com/security/cve/CVE-2023-32665.html * https://bugzilla.suse.com/show_bug.cgi?id=1183533 * https://bugzilla.suse.com/show_bug.cgi?id=1211945 * https://bugzilla.suse.com/show_bug.cgi?id=1211946 * https://bugzilla.suse.com/show_bug.cgi?id=1211947 * https://bugzilla.suse.com/show_bug.cgi?id=1211948 * https://bugzilla.suse.com/show_bug.cgi?id=1211951 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 5 16:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 05 Sep 2023 16:30:26 -0000 Subject: SUSE-SU-2023:3534-1: important: Security update for rubygem-rails-html-sanitizer Message-ID: <169393142675.13565.14064918957595635485@smelt2.suse.de> # Security update for rubygem-rails-html-sanitizer Announcement ID: SUSE-SU-2023:3534-1 Rating: important References: * #1206433 * #1206434 * #1206435 * #1206436 Cross-References: * CVE-2022-23517 * CVE-2022-23518 * CVE-2022-23519 * CVE-2022-23520 CVSS scores: * CVE-2022-23517 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2022-23517 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-23518 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L * CVE-2022-23518 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2022-23519 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N * CVE-2022-23519 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2022-23520 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2022-23520 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE OpenStack Cloud Crowbar 8 * SUSE OpenStack Cloud Crowbar 9 An update that solves four vulnerabilities can now be installed. ## Description: This update for rubygem-rails-html-sanitizer fixes the following issues: * CVE-2022-23517: Fixed inefficient regular expression that is susceptible to excessive backtracking (bsc#1206433). * CVE-2022-23518: Fixed XSS via data URIs when used in combination with Loofah (bsc#1206434). * CVE-2022-23519: Fixed XSS vulnerability with certain configurations of Rails::Html::Sanitizer (bsc#1206435). * CVE-2022-23520: Fixed XSS vulnerability with certain configurations of Rails::Html::Sanitizer (bsc#1206436). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-3534=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-3534=1 ## Package List: * SUSE OpenStack Cloud Crowbar 8 (x86_64) * ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.14.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.14.1 ## References: * https://www.suse.com/security/cve/CVE-2022-23517.html * https://www.suse.com/security/cve/CVE-2022-23518.html * https://www.suse.com/security/cve/CVE-2022-23519.html * https://www.suse.com/security/cve/CVE-2022-23520.html * https://bugzilla.suse.com/show_bug.cgi?id=1206433 * https://bugzilla.suse.com/show_bug.cgi?id=1206434 * https://bugzilla.suse.com/show_bug.cgi?id=1206435 * https://bugzilla.suse.com/show_bug.cgi?id=1206436 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 5 16:30:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 05 Sep 2023 16:30:28 -0000 Subject: SUSE-SU-2023:3533-1: moderate: Security update for python-Django1 Message-ID: <169393142879.13565.15320926875972244537@smelt2.suse.de> # Security update for python-Django1 Announcement ID: SUSE-SU-2023:3533-1 Rating: moderate References: * #1214667 Cross-References: * CVE-2023-41164 CVSS scores: Affected Products: * SUSE Linux Enterprise Server 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for python-Django1 fixes the following issues: * CVE-2023-41164: Fixed a potential denial of service vulnerability in django.utils.encoding.uri_to_iri() (bsc#1214667). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-3533=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-3533=1 ## Package List: * SUSE OpenStack Cloud 9 (noarch) * python-Django1-1.11.29-3.50.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * python-Django1-1.11.29-3.50.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41164.html * https://bugzilla.suse.com/show_bug.cgi?id=1214667 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 6 07:05:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Sep 2023 09:05:49 +0200 (CEST) Subject: SUSE-CU-2023:2858-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20230906070549.4404FF78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2858-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.201 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.201 Severity : moderate Type : security References : 1103893 1112183 1158763 1186606 1194609 1201519 1204844 1208194 1209741 1210702 1210740 1211576 1212434 1213185 1213231 1213517 1213557 1213575 1213673 1213853 1213873 1214025 1214071 1214290 CVE-2023-3817 CVE-2023-4016 CVE-2023-4156 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3397-1 Released: Wed Aug 23 18:35:56 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) - Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3466-1 Released: Tue Aug 29 07:33:16 2023 Summary: Recommended update for icu Type: recommended Severity: moderate References: 1103893,1112183 This update for icu fixes the following issues: - Japanese era Reiwa (bsc#1112183, bsc#1103893, fate570, fate#325570, fate#325419) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3486-1 Released: Tue Aug 29 14:25:23 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3514-1 Released: Fri Sep 1 15:48:52 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) The following package changes have been done: - gawk-4.2.1-150000.3.3.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.188.1 updated - libicu-suse65_1-65.1-150200.4.8.1 updated - libicu65_1-ledata-65.1-150200.4.8.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.53.1 updated - libopenssl1_1-1.1.1l-150400.7.53.1 updated - libprocps7-3.3.15-150000.7.34.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libudev1-249.16-150400.8.33.1 updated - libzypp-17.31.20-150400.3.40.1 updated - openssl-1_1-1.1.1l-150400.7.53.1 updated - procps-3.3.15-150000.7.34.1 updated - systemd-249.16-150400.8.33.1 updated - zypper-1.14.63-150400.3.29.1 updated - container:sles15-image-15.0.0-27.14.94 updated From sle-updates at lists.suse.com Wed Sep 6 07:07:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Sep 2023 09:07:22 +0200 (CEST) Subject: SUSE-CU-2023:2860-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230906070722.78A33F78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2860-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.98 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.98 Severity : moderate Type : security References : 1103893 1112183 1158763 1186606 1194609 1201519 1204844 1208194 1209741 1210702 1210740 1211576 1212434 1213185 1213231 1213517 1213557 1213575 1213673 1213853 1213873 1214025 1214071 1214290 CVE-2023-3817 CVE-2023-4016 CVE-2023-4156 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3397-1 Released: Wed Aug 23 18:35:56 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) - Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3466-1 Released: Tue Aug 29 07:33:16 2023 Summary: Recommended update for icu Type: recommended Severity: moderate References: 1103893,1112183 This update for icu fixes the following issues: - Japanese era Reiwa (bsc#1112183, bsc#1103893, fate570, fate#325570, fate#325419) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3486-1 Released: Tue Aug 29 14:25:23 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3514-1 Released: Fri Sep 1 15:48:52 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) The following package changes have been done: - gawk-4.2.1-150000.3.3.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.188.1 updated - libicu-suse65_1-65.1-150200.4.8.1 updated - libicu65_1-ledata-65.1-150200.4.8.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.53.1 updated - libopenssl1_1-1.1.1l-150400.7.53.1 updated - libprocps7-3.3.15-150000.7.34.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libudev1-249.16-150400.8.33.1 updated - libzypp-17.31.20-150400.3.40.1 updated - openssl-1_1-1.1.1l-150400.7.53.1 updated - procps-3.3.15-150000.7.34.1 updated - systemd-249.16-150400.8.33.1 updated - zypper-1.14.63-150400.3.29.1 updated - container:sles15-image-15.0.0-27.14.94 updated From sle-updates at lists.suse.com Wed Sep 6 07:07:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Sep 2023 09:07:31 +0200 (CEST) Subject: SUSE-CU-2023:2861-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20230906070731.DE935F78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2861-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.34 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.34 Severity : important Type : security References : 1158763 1210740 1210996 1211256 1211257 1211461 1213231 1213557 1213673 1214290 CVE-2023-2426 CVE-2023-2609 CVE-2023-2610 CVE-2023-4016 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3497-1 Released: Wed Aug 30 21:25:05 2023 Summary: Security update for vim Type: security Severity: important References: 1210996,1211256,1211257,1211461,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610 This update for vim fixes the following issues: Updated to version 9.0 with patch level 1572. - CVE-2023-2426: Fixed Out-of-range Pointer Offset use (bsc#1210996). - CVE-2023-2609: Fixed NULL Pointer Dereference (bsc#1211256). - CVE-2023-2610: Fixed nteger Overflow or Wraparound (bsc#1211257). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3514-1 Released: Fri Sep 1 15:48:52 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) The following package changes have been done: - libprocps7-3.3.15-150000.7.34.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libudev1-249.16-150400.8.33.1 updated - libzypp-17.31.20-150400.3.40.1 updated - procps-3.3.15-150000.7.34.1 updated - vim-data-common-9.0.1632-150500.20.3.1 updated - vim-9.0.1632-150500.20.3.1 updated - zypper-1.14.63-150400.3.29.1 updated - container:sles15-image-15.0.0-36.5.30 updated From sle-updates at lists.suse.com Wed Sep 6 07:09:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Sep 2023 09:09:27 +0200 (CEST) Subject: SUSE-CU-2023:2863-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20230906070927.158D1F78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2863-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.451 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.451 Severity : moderate Type : security References : 1103893 1112183 1158763 1210740 1213231 1213557 1213673 1214025 1214071 1214290 CVE-2023-4016 CVE-2023-4156 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3466-1 Released: Tue Aug 29 07:33:16 2023 Summary: Recommended update for icu Type: recommended Severity: moderate References: 1103893,1112183 This update for icu fixes the following issues: - Japanese era Reiwa (bsc#1112183, bsc#1103893, fate570, fate#325570, fate#325419) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3487-1 Released: Tue Aug 29 14:28:35 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3515-1 Released: Fri Sep 1 15:54:25 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) The following package changes have been done: - gawk-4.2.1-150000.3.3.1 updated - libdevmapper1_03-2.03.05_1.02.163-150200.8.52.1 updated - libicu-suse65_1-65.1-150200.4.8.1 updated - libicu65_1-ledata-65.1-150200.4.8.1 updated - libprocps7-3.3.15-150000.7.34.1 updated - libzypp-17.31.20-150200.75.1 updated - procps-3.3.15-150000.7.34.1 updated - zypper-1.14.63-150200.59.1 updated - container:sles15-image-15.0.0-17.20.177 updated From sle-updates at lists.suse.com Wed Sep 6 07:12:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Sep 2023 09:12:03 +0200 (CEST) Subject: SUSE-CU-2023:2865-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230906071203.6CD33F78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2865-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.273 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.273 Severity : moderate Type : security References : 1103893 1112183 1158763 1210740 1213231 1213557 1213673 1214025 1214071 1214290 CVE-2023-4016 CVE-2023-4156 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3466-1 Released: Tue Aug 29 07:33:16 2023 Summary: Recommended update for icu Type: recommended Severity: moderate References: 1103893,1112183 This update for icu fixes the following issues: - Japanese era Reiwa (bsc#1112183, bsc#1103893, fate570, fate#325570, fate#325419) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3487-1 Released: Tue Aug 29 14:28:35 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3515-1 Released: Fri Sep 1 15:54:25 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) The following package changes have been done: - gawk-4.2.1-150000.3.3.1 updated - libdevmapper1_03-2.03.05_1.02.163-150200.8.52.1 updated - libicu-suse65_1-65.1-150200.4.8.1 updated - libicu65_1-ledata-65.1-150200.4.8.1 updated - libprocps7-3.3.15-150000.7.34.1 updated - libzypp-17.31.20-150200.75.1 updated - procps-3.3.15-150000.7.34.1 updated - zypper-1.14.63-150200.59.1 updated - container:sles15-image-15.0.0-17.20.177 updated From sle-updates at lists.suse.com Wed Sep 6 08:31:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 06 Sep 2023 08:31:51 -0000 Subject: SUSE-RU-2023:3545-1: critical: Recommended update for SAPHanaSR-ScaleOut Message-ID: <169398911140.25056.3901636832837958769@smelt2.suse.de> # Recommended update for SAPHanaSR-ScaleOut Announcement ID: SUSE-RU-2023:3545-1 Rating: critical References: * #1210728 * #1214613 * PED-1739 * PED-2608 Affected Products: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that contains two features and has two fixes can now be installed. ## Description: This update for SAPHanaSR-ScaleOut fixes the following issues: * Version bump to 0.185.1 * Improve supportability by providing the current process ID of the RA, which is logged in the RA outputs, to HANA tracefiles too. This allows a mapping of the SAP related command invocations from the RA and the HANA executions which might have a delay in between. (bsc#1214613) * Fixed an issue when stopping SAPHanaController retuns exit code 0 but it is failing due to /tmp is full. (bsc#1210728) * Add improvements from SAP to the RA scripts. (jsc#PED-1739, jsc#PED-2608) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SAP-12-SP5-2023-3545=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * SAPHanaSR-ScaleOut-doc-0.185.1-3.35.1 * SAPHanaSR-ScaleOut-0.185.1-3.35.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210728 * https://bugzilla.suse.com/show_bug.cgi?id=1214613 * https://jira.suse.com/browse/PED-1739 * https://jira.suse.com/browse/PED-2608 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 6 08:31:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 06 Sep 2023 08:31:53 -0000 Subject: SUSE-RU-2023:3544-1: moderate: Recommended update for guestfs-tools and libguestfs Message-ID: <169398911365.25056.5209965577066260441@smelt2.suse.de> # Recommended update for guestfs-tools and libguestfs Announcement ID: SUSE-RU-2023:3544-1 Rating: moderate References: * #1213243 * PED-2113 Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains one feature and has one fix can now be installed. ## Description: This update for guestfs-tools and libguestfs fixes the following issues: guestfs-tools: * Version update to 1.48.3 (jsc#PED-2113) libguestfs: * Version update to 1.48.6 (jsc#PED-2113) * Fix support for qcow2 needed by KubeVirt (bsc#1213243) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3544=1 SUSE-2023-3544=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3544=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libguestfsd-1.48.6-150500.3.5.1 * libguestfs-rsync-1.48.6-150500.3.5.1 * rubygem-libguestfs-1.48.6-150500.3.5.1 * libguestfs0-1.48.6-150500.3.5.1 * guestfs-tools-debugsource-1.48.3-150500.3.3.1 * libguestfs-gobject-devel-1.48.6-150500.3.5.1 * lua-libguestfs-1.48.6-150500.3.5.1 * rubygem-libguestfs-debuginfo-1.48.6-150500.3.5.1 * libguestfs-winsupport-1.48.6-150500.3.5.1 * libguestfs-xfs-1.48.6-150500.3.5.1 * libguestfs0-debuginfo-1.48.6-150500.3.5.1 * ocaml-libguestfs-1.48.6-150500.3.5.1 * perl-Sys-Guestfs-1.48.6-150500.3.5.1 * libguestfs-typelib-Guestfs-1_0-1.48.6-150500.3.5.1 * libguestfs-gobject-1_0-1.48.6-150500.3.5.1 * libguestfsd-debuginfo-1.48.6-150500.3.5.1 * libguestfs-gobject-1_0-debuginfo-1.48.6-150500.3.5.1 * guestfs-tools-1.48.3-150500.3.3.1 * libguestfs-rescue-debuginfo-1.48.6-150500.3.5.1 * libguestfs-appliance-1.48.6-150500.3.5.1 * python3-libguestfs-1.48.6-150500.3.5.1 * libguestfs-1.48.6-150500.3.5.1 * libguestfs-rescue-1.48.6-150500.3.5.1 * ocaml-libguestfs-debuginfo-1.48.6-150500.3.5.1 * guestfs-tools-debuginfo-1.48.3-150500.3.3.1 * ocaml-libguestfs-devel-1.48.6-150500.3.5.1 * python3-libguestfs-debuginfo-1.48.6-150500.3.5.1 * libguestfs-devel-1.48.6-150500.3.5.1 * lua-libguestfs-debuginfo-1.48.6-150500.3.5.1 * libguestfs-debugsource-1.48.6-150500.3.5.1 * libguestfs-debuginfo-1.48.6-150500.3.5.1 * perl-Sys-Guestfs-debuginfo-1.48.6-150500.3.5.1 * openSUSE Leap 15.5 (noarch) * guestfs-tools-bash-completion-1.48.3-150500.3.3.1 * guestfs-tools-man-pages-ja-1.48.3-150500.3.3.1 * guestfs-tools-man-pages-uk-1.48.3-150500.3.3.1 * libguestfs-man-pages-uk-1.48.6-150500.3.5.1 * virt-win-reg-1.48.3-150500.3.3.1 * libguestfs-man-pages-ja-1.48.6-150500.3.5.1 * libguestfs-inspect-icons-1.48.6-150500.3.5.1 * libguestfs-bash-completion-1.48.6-150500.3.5.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libguestfsd-1.48.6-150500.3.5.1 * libguestfs-rsync-1.48.6-150500.3.5.1 * rubygem-libguestfs-1.48.6-150500.3.5.1 * libguestfs0-1.48.6-150500.3.5.1 * guestfs-tools-debugsource-1.48.3-150500.3.3.1 * libguestfs-gobject-devel-1.48.6-150500.3.5.1 * lua-libguestfs-1.48.6-150500.3.5.1 * rubygem-libguestfs-debuginfo-1.48.6-150500.3.5.1 * libguestfs-winsupport-1.48.6-150500.3.5.1 * libguestfs-xfs-1.48.6-150500.3.5.1 * libguestfs0-debuginfo-1.48.6-150500.3.5.1 * ocaml-libguestfs-1.48.6-150500.3.5.1 * perl-Sys-Guestfs-1.48.6-150500.3.5.1 * libguestfs-typelib-Guestfs-1_0-1.48.6-150500.3.5.1 * libguestfs-gobject-1_0-1.48.6-150500.3.5.1 * libguestfsd-debuginfo-1.48.6-150500.3.5.1 * libguestfs-gobject-1_0-debuginfo-1.48.6-150500.3.5.1 * guestfs-tools-1.48.3-150500.3.3.1 * libguestfs-rescue-debuginfo-1.48.6-150500.3.5.1 * libguestfs-appliance-1.48.6-150500.3.5.1 * python3-libguestfs-1.48.6-150500.3.5.1 * libguestfs-1.48.6-150500.3.5.1 * libguestfs-rescue-1.48.6-150500.3.5.1 * ocaml-libguestfs-debuginfo-1.48.6-150500.3.5.1 * guestfs-tools-debuginfo-1.48.3-150500.3.3.1 * ocaml-libguestfs-devel-1.48.6-150500.3.5.1 * python3-libguestfs-debuginfo-1.48.6-150500.3.5.1 * libguestfs-devel-1.48.6-150500.3.5.1 * lua-libguestfs-debuginfo-1.48.6-150500.3.5.1 * libguestfs-debugsource-1.48.6-150500.3.5.1 * libguestfs-debuginfo-1.48.6-150500.3.5.1 * perl-Sys-Guestfs-debuginfo-1.48.6-150500.3.5.1 * Server Applications Module 15-SP5 (noarch) * guestfs-tools-bash-completion-1.48.3-150500.3.3.1 * guestfs-tools-man-pages-ja-1.48.3-150500.3.3.1 * guestfs-tools-man-pages-uk-1.48.3-150500.3.3.1 * libguestfs-man-pages-uk-1.48.6-150500.3.5.1 * virt-win-reg-1.48.3-150500.3.3.1 * libguestfs-man-pages-ja-1.48.6-150500.3.5.1 * libguestfs-inspect-icons-1.48.6-150500.3.5.1 * libguestfs-bash-completion-1.48.6-150500.3.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213243 * https://jira.suse.com/browse/PED-2113 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 6 08:31:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 06 Sep 2023 08:31:56 -0000 Subject: SUSE-RU-2023:3543-1: moderate: Recommended update for protobuf-c Message-ID: <169398911629.25056.16489649939345270059@smelt2.suse.de> # Recommended update for protobuf-c Announcement ID: SUSE-RU-2023:3543-1 Rating: moderate References: * #1214006 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for protobuf-c fixes the following issues: * Add missing Provides/Obsoletes after package merge (bsc#1214006) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3543=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3543=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3543=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3543=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3543=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3543=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3543=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3543=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3543=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3543=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3543=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3543=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3543=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3543=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3543=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3543=1 ## Package List: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libprotobuf-c1-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c-devel-1.3.2-150200.3.9.1 * protobuf-c-debugsource-1.3.2-150200.3.9.1 * protobuf-c-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c1-1.3.2-150200.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libprotobuf-c1-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c-devel-1.3.2-150200.3.9.1 * protobuf-c-debugsource-1.3.2-150200.3.9.1 * protobuf-c-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c1-1.3.2-150200.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libprotobuf-c1-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c-devel-1.3.2-150200.3.9.1 * protobuf-c-debugsource-1.3.2-150200.3.9.1 * protobuf-c-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c1-1.3.2-150200.3.9.1 * SUSE Manager Proxy 4.2 (x86_64) * libprotobuf-c1-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c-devel-1.3.2-150200.3.9.1 * protobuf-c-debugsource-1.3.2-150200.3.9.1 * protobuf-c-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c1-1.3.2-150200.3.9.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libprotobuf-c1-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c-devel-1.3.2-150200.3.9.1 * protobuf-c-debugsource-1.3.2-150200.3.9.1 * protobuf-c-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c1-1.3.2-150200.3.9.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libprotobuf-c1-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c-devel-1.3.2-150200.3.9.1 * protobuf-c-debugsource-1.3.2-150200.3.9.1 * protobuf-c-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c1-1.3.2-150200.3.9.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libprotobuf-c1-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c-devel-1.3.2-150200.3.9.1 * protobuf-c-debugsource-1.3.2-150200.3.9.1 * protobuf-c-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c1-1.3.2-150200.3.9.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libprotobuf-c1-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c-devel-1.3.2-150200.3.9.1 * protobuf-c-debugsource-1.3.2-150200.3.9.1 * protobuf-c-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c1-1.3.2-150200.3.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libprotobuf-c1-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c-devel-1.3.2-150200.3.9.1 * protobuf-c-debugsource-1.3.2-150200.3.9.1 * protobuf-c-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c1-1.3.2-150200.3.9.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libprotobuf-c1-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c-devel-1.3.2-150200.3.9.1 * protobuf-c-debugsource-1.3.2-150200.3.9.1 * protobuf-c-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c1-1.3.2-150200.3.9.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libprotobuf-c1-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c-devel-1.3.2-150200.3.9.1 * protobuf-c-debugsource-1.3.2-150200.3.9.1 * protobuf-c-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c1-1.3.2-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libprotobuf-c1-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c-devel-1.3.2-150200.3.9.1 * protobuf-c-debugsource-1.3.2-150200.3.9.1 * protobuf-c-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c1-1.3.2-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libprotobuf-c1-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c-devel-1.3.2-150200.3.9.1 * protobuf-c-debugsource-1.3.2-150200.3.9.1 * protobuf-c-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c1-1.3.2-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libprotobuf-c1-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c-devel-1.3.2-150200.3.9.1 * protobuf-c-debugsource-1.3.2-150200.3.9.1 * protobuf-c-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c1-1.3.2-150200.3.9.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libprotobuf-c1-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c-devel-1.3.2-150200.3.9.1 * protobuf-c-debugsource-1.3.2-150200.3.9.1 * protobuf-c-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c1-1.3.2-150200.3.9.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libprotobuf-c1-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c-devel-1.3.2-150200.3.9.1 * protobuf-c-debugsource-1.3.2-150200.3.9.1 * protobuf-c-debuginfo-1.3.2-150200.3.9.1 * libprotobuf-c1-1.3.2-150200.3.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214006 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 6 08:31:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 06 Sep 2023 08:31:58 -0000 Subject: SUSE-RU-2023:3542-1: moderate: Recommended update for mdadm Message-ID: <169398911869.25056.5238433963172061783@smelt2.suse.de> # Recommended update for mdadm Announcement ID: SUSE-RU-2023:3542-1 Rating: moderate References: * #1214427 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for mdadm fixes the following issues: * Make sure initramfs is rebuilt in %posttrans (bsc#1214427) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3542=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3542=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3542=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3542=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3542=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3542=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3542=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3542=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3542=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3542=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3542=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3542=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3542=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3542=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3542=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3542=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3542=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * mdadm-debuginfo-4.1-150300.24.30.1 * mdadm-debugsource-4.1-150300.24.30.1 * mdadm-4.1-150300.24.30.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * mdadm-debuginfo-4.1-150300.24.30.1 * mdadm-debugsource-4.1-150300.24.30.1 * mdadm-4.1-150300.24.30.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * mdadm-debuginfo-4.1-150300.24.30.1 * mdadm-debugsource-4.1-150300.24.30.1 * mdadm-4.1-150300.24.30.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * mdadm-debuginfo-4.1-150300.24.30.1 * mdadm-debugsource-4.1-150300.24.30.1 * mdadm-4.1-150300.24.30.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * mdadm-debuginfo-4.1-150300.24.30.1 * mdadm-debugsource-4.1-150300.24.30.1 * mdadm-4.1-150300.24.30.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * mdadm-debuginfo-4.1-150300.24.30.1 * mdadm-debugsource-4.1-150300.24.30.1 * mdadm-4.1-150300.24.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * mdadm-debuginfo-4.1-150300.24.30.1 * mdadm-debugsource-4.1-150300.24.30.1 * mdadm-4.1-150300.24.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * mdadm-debuginfo-4.1-150300.24.30.1 * mdadm-debugsource-4.1-150300.24.30.1 * mdadm-4.1-150300.24.30.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * mdadm-debuginfo-4.1-150300.24.30.1 * mdadm-debugsource-4.1-150300.24.30.1 * mdadm-4.1-150300.24.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * mdadm-debuginfo-4.1-150300.24.30.1 * mdadm-debugsource-4.1-150300.24.30.1 * mdadm-4.1-150300.24.30.1 * SUSE Manager Proxy 4.2 (x86_64) * mdadm-debuginfo-4.1-150300.24.30.1 * mdadm-debugsource-4.1-150300.24.30.1 * mdadm-4.1-150300.24.30.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * mdadm-debuginfo-4.1-150300.24.30.1 * mdadm-debugsource-4.1-150300.24.30.1 * mdadm-4.1-150300.24.30.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * mdadm-debuginfo-4.1-150300.24.30.1 * mdadm-debugsource-4.1-150300.24.30.1 * mdadm-4.1-150300.24.30.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * mdadm-debuginfo-4.1-150300.24.30.1 * mdadm-debugsource-4.1-150300.24.30.1 * mdadm-4.1-150300.24.30.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * mdadm-debuginfo-4.1-150300.24.30.1 * mdadm-debugsource-4.1-150300.24.30.1 * mdadm-4.1-150300.24.30.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * mdadm-debuginfo-4.1-150300.24.30.1 * mdadm-debugsource-4.1-150300.24.30.1 * mdadm-4.1-150300.24.30.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * mdadm-debuginfo-4.1-150300.24.30.1 * mdadm-debugsource-4.1-150300.24.30.1 * mdadm-4.1-150300.24.30.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214427 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 6 16:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 06 Sep 2023 16:30:14 -0000 Subject: SUSE-RU-2023:3546-1: low: Recommended update for open-iscsi Message-ID: <169401781450.14494.3523355798791919648@smelt2.suse.de> # Recommended update for open-iscsi Announcement ID: SUSE-RU-2023:3546-1 Rating: low References: * #1207157 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has one fix can now be installed. ## Description: This update for open-iscsi fixes the following issues: -Set 'safe_logout' and 'startup' in iscsid.conf (bsc#1207157) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3546=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3546=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3546=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3546=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3546=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3546=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3546=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3546=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3546=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3546=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3546=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3546=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * open-iscsi-debugsource-2.1.7-150300.32.24.1 * iscsiuio-0.7.8.6-150300.32.24.1 * libopeniscsiusr0_2_0-debuginfo-2.1.7-150300.32.24.1 * open-iscsi-devel-2.1.7-150300.32.24.1 * open-iscsi-2.1.7-150300.32.24.1 * libopeniscsiusr0_2_0-2.1.7-150300.32.24.1 * open-iscsi-debuginfo-2.1.7-150300.32.24.1 * iscsiuio-debuginfo-0.7.8.6-150300.32.24.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * open-iscsi-debugsource-2.1.7-150300.32.24.1 * iscsiuio-0.7.8.6-150300.32.24.1 * libopeniscsiusr0_2_0-debuginfo-2.1.7-150300.32.24.1 * open-iscsi-devel-2.1.7-150300.32.24.1 * open-iscsi-2.1.7-150300.32.24.1 * libopeniscsiusr0_2_0-2.1.7-150300.32.24.1 * open-iscsi-debuginfo-2.1.7-150300.32.24.1 * iscsiuio-debuginfo-0.7.8.6-150300.32.24.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * open-iscsi-debugsource-2.1.7-150300.32.24.1 * iscsiuio-0.7.8.6-150300.32.24.1 * libopeniscsiusr0_2_0-debuginfo-2.1.7-150300.32.24.1 * open-iscsi-devel-2.1.7-150300.32.24.1 * open-iscsi-2.1.7-150300.32.24.1 * libopeniscsiusr0_2_0-2.1.7-150300.32.24.1 * open-iscsi-debuginfo-2.1.7-150300.32.24.1 * iscsiuio-debuginfo-0.7.8.6-150300.32.24.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * open-iscsi-debugsource-2.1.7-150300.32.24.1 * iscsiuio-0.7.8.6-150300.32.24.1 * libopeniscsiusr0_2_0-debuginfo-2.1.7-150300.32.24.1 * open-iscsi-devel-2.1.7-150300.32.24.1 * open-iscsi-2.1.7-150300.32.24.1 * libopeniscsiusr0_2_0-2.1.7-150300.32.24.1 * open-iscsi-debuginfo-2.1.7-150300.32.24.1 * iscsiuio-debuginfo-0.7.8.6-150300.32.24.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * open-iscsi-debugsource-2.1.7-150300.32.24.1 * iscsiuio-0.7.8.6-150300.32.24.1 * libopeniscsiusr0_2_0-debuginfo-2.1.7-150300.32.24.1 * open-iscsi-devel-2.1.7-150300.32.24.1 * open-iscsi-2.1.7-150300.32.24.1 * libopeniscsiusr0_2_0-2.1.7-150300.32.24.1 * open-iscsi-debuginfo-2.1.7-150300.32.24.1 * iscsiuio-debuginfo-0.7.8.6-150300.32.24.1 * SUSE Manager Proxy 4.2 (x86_64) * open-iscsi-debugsource-2.1.7-150300.32.24.1 * iscsiuio-0.7.8.6-150300.32.24.1 * libopeniscsiusr0_2_0-debuginfo-2.1.7-150300.32.24.1 * open-iscsi-devel-2.1.7-150300.32.24.1 * open-iscsi-2.1.7-150300.32.24.1 * libopeniscsiusr0_2_0-2.1.7-150300.32.24.1 * open-iscsi-debuginfo-2.1.7-150300.32.24.1 * iscsiuio-debuginfo-0.7.8.6-150300.32.24.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * open-iscsi-debugsource-2.1.7-150300.32.24.1 * iscsiuio-0.7.8.6-150300.32.24.1 * libopeniscsiusr0_2_0-debuginfo-2.1.7-150300.32.24.1 * open-iscsi-devel-2.1.7-150300.32.24.1 * open-iscsi-2.1.7-150300.32.24.1 * libopeniscsiusr0_2_0-2.1.7-150300.32.24.1 * open-iscsi-debuginfo-2.1.7-150300.32.24.1 * iscsiuio-debuginfo-0.7.8.6-150300.32.24.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * open-iscsi-debugsource-2.1.7-150300.32.24.1 * iscsiuio-0.7.8.6-150300.32.24.1 * libopeniscsiusr0_2_0-debuginfo-2.1.7-150300.32.24.1 * open-iscsi-devel-2.1.7-150300.32.24.1 * open-iscsi-2.1.7-150300.32.24.1 * libopeniscsiusr0_2_0-2.1.7-150300.32.24.1 * open-iscsi-debuginfo-2.1.7-150300.32.24.1 * iscsiuio-debuginfo-0.7.8.6-150300.32.24.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * open-iscsi-debugsource-2.1.7-150300.32.24.1 * iscsiuio-0.7.8.6-150300.32.24.1 * libopeniscsiusr0_2_0-debuginfo-2.1.7-150300.32.24.1 * open-iscsi-devel-2.1.7-150300.32.24.1 * open-iscsi-2.1.7-150300.32.24.1 * libopeniscsiusr0_2_0-2.1.7-150300.32.24.1 * open-iscsi-debuginfo-2.1.7-150300.32.24.1 * iscsiuio-debuginfo-0.7.8.6-150300.32.24.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * open-iscsi-debugsource-2.1.7-150300.32.24.1 * iscsiuio-0.7.8.6-150300.32.24.1 * libopeniscsiusr0_2_0-debuginfo-2.1.7-150300.32.24.1 * open-iscsi-2.1.7-150300.32.24.1 * libopeniscsiusr0_2_0-2.1.7-150300.32.24.1 * open-iscsi-debuginfo-2.1.7-150300.32.24.1 * iscsiuio-debuginfo-0.7.8.6-150300.32.24.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * open-iscsi-debugsource-2.1.7-150300.32.24.1 * iscsiuio-0.7.8.6-150300.32.24.1 * libopeniscsiusr0_2_0-debuginfo-2.1.7-150300.32.24.1 * open-iscsi-2.1.7-150300.32.24.1 * libopeniscsiusr0_2_0-2.1.7-150300.32.24.1 * open-iscsi-debuginfo-2.1.7-150300.32.24.1 * iscsiuio-debuginfo-0.7.8.6-150300.32.24.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * open-iscsi-debugsource-2.1.7-150300.32.24.1 * iscsiuio-0.7.8.6-150300.32.24.1 * libopeniscsiusr0_2_0-debuginfo-2.1.7-150300.32.24.1 * open-iscsi-2.1.7-150300.32.24.1 * libopeniscsiusr0_2_0-2.1.7-150300.32.24.1 * open-iscsi-debuginfo-2.1.7-150300.32.24.1 * iscsiuio-debuginfo-0.7.8.6-150300.32.24.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207157 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Sep 7 07:08:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Sep 2023 09:08:06 +0200 (CEST) Subject: SUSE-CU-2023:2868-1: Security update of suse/sle15 Message-ID: <20230907070806.44CBDF78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2868-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.814 Container Release : 6.2.814 Severity : important Type : security References : 1183533 1211945 1211946 1211947 1211948 1211951 1212475 CVE-2021-28153 CVE-2023-29499 CVE-2023-32611 CVE-2023-32636 CVE-2023-32643 CVE-2023-32665 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3535-1 Released: Tue Sep 5 14:46:31 2023 Summary: Security update for glib2 Type: security Severity: important References: 1183533,1211945,1211946,1211947,1211948,1211951,CVE-2021-28153,CVE-2023-29499,CVE-2023-32611,CVE-2023-32636,CVE-2023-32643,CVE-2023-32665 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files. (bsc#1183533) - CVE-2023-32665: Fixed GVariant deserialisation which does not match spec for non-normal data. (bsc#1211945) - CVE-2023-32643: Fixed a heap-buffer-overflow in g_variant_serialised_get_child(). (bsc#1211946) - CVE-2023-29499: Fixed GVariant offset table entry size which is not checked in is_normal(). (bsc#1211947) - CVE-2023-32636: Fixed a wrong timeout in fuzz_variant_text(). (bsc#1211948) - CVE-2023-32611: Fixed an issue where g_variant_byteswap() can take a long time with some non-normal inputs. (bsc#1211951) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3539-1 Released: Tue Sep 5 16:41:09 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.36.1 updated - libglib-2_0-0-2.54.3-150000.4.29.1 updated From sle-updates at lists.suse.com Thu Sep 7 07:10:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Sep 2023 09:10:27 +0200 (CEST) Subject: SUSE-CU-2023:2869-1: Security update of suse/sle15 Message-ID: <20230907071027.05D6EF78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2869-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.340 Container Release : 9.5.340 Severity : important Type : security References : 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3539-1 Released: Tue Sep 5 16:41:09 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.36.1 updated From sle-updates at lists.suse.com Thu Sep 7 07:12:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Sep 2023 09:12:30 +0200 (CEST) Subject: SUSE-CU-2023:2870-1: Security update of suse/sle15 Message-ID: <20230907071230.8E53BF78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2870-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.179 , suse/sle15:15.3 , suse/sle15:15.3.17.20.179 Container Release : 17.20.179 Severity : important Type : security References : 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3539-1 Released: Tue Sep 5 16:41:09 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.36.1 updated From sle-updates at lists.suse.com Thu Sep 7 07:12:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Sep 2023 09:12:49 +0200 (CEST) Subject: SUSE-CU-2023:2871-1: Security update of bci/bci-busybox Message-ID: <20230907071249.33B4DF78A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2871-1 Container Tags : bci/bci-busybox:15.4 , bci/bci-busybox:15.4.19.3 Container Release : 19.3 Severity : important Type : security References : 1214538 CVE-2022-48174 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3529-1 Released: Tue Sep 5 11:31:14 2023 Summary: Security update for busybox Type: security Severity: important References: 1214538,CVE-2022-48174 This update for busybox fixes the following issues: - CVE-2022-48174: Fixed stack overflow vulnerability. (bsc#1214538) The following package changes have been done: - busybox-adduser-1.35.0-150400.4.5.1 updated - busybox-attr-1.35.0-150400.4.5.1 updated - busybox-bc-1.35.0-150400.4.5.1 updated - busybox-bind-utils-1.35.0-150400.4.5.1 updated - busybox-bzip2-1.35.0-150400.4.5.1 updated - busybox-coreutils-1.35.0-150400.4.5.1 updated - busybox-cpio-1.35.0-150400.4.5.1 updated - busybox-diffutils-1.35.0-150400.4.5.1 updated - busybox-dos2unix-1.35.0-150400.4.5.1 updated - busybox-ed-1.35.0-150400.4.5.1 updated - busybox-findutils-1.35.0-150400.4.5.1 updated - busybox-gawk-1.35.0-150400.4.5.1 updated - busybox-grep-1.35.0-150400.4.5.1 updated - busybox-gzip-1.35.0-150400.4.5.1 updated - busybox-hostname-1.35.0-150400.4.5.1 updated - busybox-iproute2-1.35.0-150400.4.5.1 updated - busybox-iputils-1.35.0-150400.4.5.1 updated - busybox-kbd-1.35.0-150400.4.5.1 updated - busybox-less-1.35.0-150400.4.5.1 updated - busybox-links-1.35.0-150400.4.5.1 updated - busybox-man-1.35.0-150400.4.5.1 updated - busybox-misc-1.35.0-150400.4.5.1 updated - busybox-ncurses-utils-1.35.0-150400.4.5.1 updated - busybox-net-tools-1.35.0-150400.4.5.1 updated - busybox-netcat-1.35.0-150400.4.5.1 updated - busybox-patch-1.35.0-150400.4.5.1 updated - busybox-policycoreutils-1.35.0-150400.4.5.1 updated - busybox-procps-1.35.0-150400.4.5.1 updated - busybox-psmisc-1.35.0-150400.4.5.1 updated - busybox-sed-1.35.0-150400.4.5.1 updated - busybox-selinux-tools-1.35.0-150400.4.5.1 updated - busybox-sendmail-1.35.0-150400.4.5.1 updated - busybox-sharutils-1.35.0-150400.4.5.1 updated - busybox-sh-1.35.0-150400.4.5.1 updated - busybox-syslogd-1.35.0-150400.4.5.1 updated - busybox-sysvinit-tools-1.35.0-150400.4.5.1 updated - busybox-tar-1.35.0-150400.4.5.1 updated - busybox-telnet-1.35.0-150400.4.5.1 updated - busybox-tftp-1.35.0-150400.4.5.1 updated - busybox-time-1.35.0-150400.4.5.1 updated - busybox-traceroute-1.35.0-150400.4.5.1 updated - busybox-tunctl-1.35.0-150400.4.5.1 updated - busybox-unzip-1.35.0-150400.4.5.1 updated - busybox-util-linux-1.35.0-150400.4.5.1 updated - busybox-vi-1.35.0-150400.4.5.1 updated - busybox-vlan-1.35.0-150400.4.5.1 updated - busybox-wget-1.35.0-150400.4.5.1 updated - busybox-which-1.35.0-150400.4.5.1 updated - busybox-whois-1.35.0-150400.4.5.1 updated - busybox-xz-1.35.0-150400.4.5.1 updated - busybox-1.35.0-150400.3.11.1 updated From sle-updates at lists.suse.com Thu Sep 7 07:17:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Sep 2023 09:17:44 +0200 (CEST) Subject: SUSE-CU-2023:2876-1: Security update of suse/sle15 Message-ID: <20230907071744.08206F78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2876-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.95 , suse/sle15:15.4 , suse/sle15:15.4.27.14.95 Container Release : 27.14.95 Severity : important Type : security References : 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3539-1 Released: Tue Sep 5 16:41:09 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.36.1 updated From sle-updates at lists.suse.com Thu Sep 7 07:18:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Sep 2023 09:18:29 +0200 (CEST) Subject: SUSE-CU-2023:2880-1: Security update of bci/bci-busybox Message-ID: <20230907071829.1019DF78A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2880-1 Container Tags : bci/bci-busybox:15.5 , bci/bci-busybox:15.5.11.4 , bci/bci-busybox:latest Container Release : 11.4 Severity : important Type : security References : 1214538 CVE-2022-48174 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3529-1 Released: Tue Sep 5 11:31:14 2023 Summary: Security update for busybox Type: security Severity: important References: 1214538,CVE-2022-48174 This update for busybox fixes the following issues: - CVE-2022-48174: Fixed stack overflow vulnerability. (bsc#1214538) The following package changes have been done: - busybox-adduser-1.35.0-150400.4.5.1 updated - busybox-attr-1.35.0-150400.4.5.1 updated - busybox-bc-1.35.0-150400.4.5.1 updated - busybox-bind-utils-1.35.0-150400.4.5.1 updated - busybox-bzip2-1.35.0-150400.4.5.1 updated - busybox-coreutils-1.35.0-150400.4.5.1 updated - busybox-cpio-1.35.0-150400.4.5.1 updated - busybox-diffutils-1.35.0-150400.4.5.1 updated - busybox-dos2unix-1.35.0-150400.4.5.1 updated - busybox-ed-1.35.0-150400.4.5.1 updated - busybox-findutils-1.35.0-150400.4.5.1 updated - busybox-gawk-1.35.0-150400.4.5.1 updated - busybox-grep-1.35.0-150400.4.5.1 updated - busybox-gzip-1.35.0-150400.4.5.1 updated - busybox-hostname-1.35.0-150400.4.5.1 updated - busybox-iproute2-1.35.0-150400.4.5.1 updated - busybox-iputils-1.35.0-150400.4.5.1 updated - busybox-kbd-1.35.0-150400.4.5.1 updated - busybox-less-1.35.0-150400.4.5.1 updated - busybox-links-1.35.0-150400.4.5.1 updated - busybox-man-1.35.0-150400.4.5.1 updated - busybox-misc-1.35.0-150400.4.5.1 updated - busybox-ncurses-utils-1.35.0-150400.4.5.1 updated - busybox-net-tools-1.35.0-150400.4.5.1 updated - busybox-netcat-1.35.0-150400.4.5.1 updated - busybox-patch-1.35.0-150400.4.5.1 updated - busybox-policycoreutils-1.35.0-150400.4.5.1 updated - busybox-procps-1.35.0-150400.4.5.1 updated - busybox-psmisc-1.35.0-150400.4.5.1 updated - busybox-sed-1.35.0-150400.4.5.1 updated - busybox-selinux-tools-1.35.0-150400.4.5.1 updated - busybox-sendmail-1.35.0-150400.4.5.1 updated - busybox-sharutils-1.35.0-150400.4.5.1 updated - busybox-sh-1.35.0-150400.4.5.1 updated - busybox-syslogd-1.35.0-150400.4.5.1 updated - busybox-sysvinit-tools-1.35.0-150400.4.5.1 updated - busybox-tar-1.35.0-150400.4.5.1 updated - busybox-telnet-1.35.0-150400.4.5.1 updated - busybox-tftp-1.35.0-150400.4.5.1 updated - busybox-time-1.35.0-150400.4.5.1 updated - busybox-traceroute-1.35.0-150400.4.5.1 updated - busybox-tunctl-1.35.0-150400.4.5.1 updated - busybox-unzip-1.35.0-150400.4.5.1 updated - busybox-util-linux-1.35.0-150400.4.5.1 updated - busybox-vi-1.35.0-150400.4.5.1 updated - busybox-vlan-1.35.0-150400.4.5.1 updated - busybox-wget-1.35.0-150400.4.5.1 updated - busybox-which-1.35.0-150400.4.5.1 updated - busybox-whois-1.35.0-150400.4.5.1 updated - busybox-xz-1.35.0-150400.4.5.1 updated From sle-updates at lists.suse.com Thu Sep 7 07:23:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Sep 2023 09:23:39 +0200 (CEST) Subject: SUSE-CU-2023:2902-1: Security update of suse/sle15 Message-ID: <20230907072339.4E708F78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2902-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.31 , suse/sle15:15.5 , suse/sle15:15.5.36.5.31 Container Release : 36.5.31 Severity : important Type : security References : 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3539-1 Released: Tue Sep 5 16:41:09 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.36.1 updated From sle-updates at lists.suse.com Thu Sep 7 09:10:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 07 Sep 2023 09:10:27 -0000 Subject: SUSE-RU-2023:3551-1: low: Recommended update for rtkit Message-ID: <169407782775.31458.10001024996068797519@smelt2.suse.de> # Recommended update for rtkit Announcement ID: SUSE-RU-2023:3551-1 Rating: low References: * #1206745 Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for rtkit fixes the following issues: * Change rtkit-daemon to no longer log debug messages by default (bsc#1206745) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3551=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3551=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3551=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3551=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * rtkit-debugsource-0.11+git.20130926-150000.3.3.1 * rtkit-0.11+git.20130926-150000.3.3.1 * rtkit-debuginfo-0.11+git.20130926-150000.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * rtkit-debugsource-0.11+git.20130926-150000.3.3.1 * rtkit-0.11+git.20130926-150000.3.3.1 * rtkit-debuginfo-0.11+git.20130926-150000.3.3.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rtkit-debugsource-0.11+git.20130926-150000.3.3.1 * rtkit-0.11+git.20130926-150000.3.3.1 * rtkit-debuginfo-0.11+git.20130926-150000.3.3.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rtkit-debugsource-0.11+git.20130926-150000.3.3.1 * rtkit-0.11+git.20130926-150000.3.3.1 * rtkit-debuginfo-0.11+git.20130926-150000.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206745 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Sep 7 09:10:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 07 Sep 2023 09:10:30 -0000 Subject: SUSE-OU-2023:3550-1: moderate: Optional update for ibus Message-ID: <169407783019.31458.1273166845157688753@smelt2.suse.de> # Optional update for ibus Announcement ID: SUSE-OU-2023:3550-1 Rating: moderate References: * #1211977 Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for ibus fixes the following issues: * Fix ibus not started automatically by KDE Plasma in openSUSE Leap (bsc#1211977) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3550=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3550=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3550=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3550=1 openSUSE-SLE-15.4-2023-3550=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * ibus-gtk3-debuginfo-1.5.25-150400.3.3.1 * libibus-1_0-5-1.5.25-150400.3.3.1 * ibus-devel-1.5.25-150400.3.3.1 * ibus-debuginfo-1.5.25-150400.3.3.1 * ibus-debugsource-1.5.25-150400.3.3.1 * typelib-1_0-IBus-1_0-1.5.25-150400.3.3.1 * ibus-gtk-debuginfo-1.5.25-150400.3.3.1 * libibus-1_0-5-debuginfo-1.5.25-150400.3.3.1 * ibus-1.5.25-150400.3.3.1 * ibus-gtk-1.5.25-150400.3.3.1 * ibus-gtk3-1.5.25-150400.3.3.1 * openSUSE Leap 15.5 (noarch) * ibus-dict-emoji-1.5.25-150400.3.3.1 * ibus-lang-1.5.25-150400.3.3.1 * openSUSE Leap 15.5 (x86_64) * ibus-gtk-32bit-debuginfo-1.5.25-150400.3.3.1 * ibus-gtk-32bit-1.5.25-150400.3.3.1 * libibus-1_0-5-32bit-debuginfo-1.5.25-150400.3.3.1 * libibus-1_0-5-32bit-1.5.25-150400.3.3.1 * ibus-gtk3-32bit-debuginfo-1.5.25-150400.3.3.1 * ibus-gtk3-32bit-1.5.25-150400.3.3.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * ibus-gtk3-debuginfo-1.5.25-150400.3.3.1 * libibus-1_0-5-1.5.25-150400.3.3.1 * ibus-devel-1.5.25-150400.3.3.1 * ibus-debuginfo-1.5.25-150400.3.3.1 * ibus-debugsource-1.5.25-150400.3.3.1 * typelib-1_0-IBus-1_0-1.5.25-150400.3.3.1 * ibus-gtk-debuginfo-1.5.25-150400.3.3.1 * libibus-1_0-5-debuginfo-1.5.25-150400.3.3.1 * ibus-1.5.25-150400.3.3.1 * ibus-gtk-1.5.25-150400.3.3.1 * ibus-gtk3-1.5.25-150400.3.3.1 * Desktop Applications Module 15-SP4 (noarch) * ibus-dict-emoji-1.5.25-150400.3.3.1 * ibus-lang-1.5.25-150400.3.3.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * ibus-gtk3-debuginfo-1.5.25-150400.3.3.1 * libibus-1_0-5-1.5.25-150400.3.3.1 * ibus-devel-1.5.25-150400.3.3.1 * ibus-debuginfo-1.5.25-150400.3.3.1 * ibus-debugsource-1.5.25-150400.3.3.1 * typelib-1_0-IBus-1_0-1.5.25-150400.3.3.1 * ibus-gtk-debuginfo-1.5.25-150400.3.3.1 * libibus-1_0-5-debuginfo-1.5.25-150400.3.3.1 * ibus-1.5.25-150400.3.3.1 * ibus-gtk-1.5.25-150400.3.3.1 * ibus-gtk3-1.5.25-150400.3.3.1 * Desktop Applications Module 15-SP5 (noarch) * ibus-dict-emoji-1.5.25-150400.3.3.1 * ibus-lang-1.5.25-150400.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * ibus-gtk3-debuginfo-1.5.25-150400.3.3.1 * libibus-1_0-5-1.5.25-150400.3.3.1 * ibus-devel-1.5.25-150400.3.3.1 * ibus-debuginfo-1.5.25-150400.3.3.1 * ibus-debugsource-1.5.25-150400.3.3.1 * typelib-1_0-IBus-1_0-1.5.25-150400.3.3.1 * ibus-gtk-debuginfo-1.5.25-150400.3.3.1 * libibus-1_0-5-debuginfo-1.5.25-150400.3.3.1 * ibus-1.5.25-150400.3.3.1 * ibus-gtk-1.5.25-150400.3.3.1 * ibus-gtk3-1.5.25-150400.3.3.1 * openSUSE Leap 15.4 (noarch) * ibus-dict-emoji-1.5.25-150400.3.3.1 * ibus-lang-1.5.25-150400.3.3.1 * openSUSE Leap 15.4 (x86_64) * ibus-gtk-32bit-debuginfo-1.5.25-150400.3.3.1 * ibus-gtk-32bit-1.5.25-150400.3.3.1 * libibus-1_0-5-32bit-debuginfo-1.5.25-150400.3.3.1 * libibus-1_0-5-32bit-1.5.25-150400.3.3.1 * ibus-gtk3-32bit-debuginfo-1.5.25-150400.3.3.1 * ibus-gtk3-32bit-1.5.25-150400.3.3.1 * openSUSE Leap 15.4 (aarch64_ilp32) * ibus-gtk-64bit-debuginfo-1.5.25-150400.3.3.1 * libibus-1_0-5-64bit-debuginfo-1.5.25-150400.3.3.1 * ibus-gtk3-64bit-debuginfo-1.5.25-150400.3.3.1 * ibus-gtk3-64bit-1.5.25-150400.3.3.1 * ibus-gtk-64bit-1.5.25-150400.3.3.1 * libibus-1_0-5-64bit-1.5.25-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211977 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Sep 7 09:10:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 07 Sep 2023 09:10:32 -0000 Subject: SUSE-FU-2023:3549-1: moderate: Feature update for Maven Message-ID: <169407783250.31458.18218300269199111420@smelt2.suse.de> # Feature update for Maven Announcement ID: SUSE-FU-2023:3549-1 Rating: moderate References: * SLE-23217 Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for Maven fixes the following issues: maven-script-interpreter was upgraded to version 1.3: * Document how to use Grapes in a Groovy script * Fix detailed message from failed script evaluation shouldn't be propagated * Fix redundant option failOnException * Output build log from script to maven mojo log * Remove Apache Ivy from dependency * Remove dependency to plexus-component-annotations * Replace AntClassLoader by RootLoader * Require Java 7 maven-invoker-plugin was upgraded to version 3.2.2: * Fix build with maven-script-interpreter 1.3 exec-maven-plugin received following fixes: * Do not require java-headless >= 9, since the jar works just fine with java 8 * allow building with wider range of plexus-utils versions, including the 3.5.0 that does not declare IOException as thrown in functions where it is actually not thrown. maven-jar-plugin and maven-resources-plugin received following fix: * Remove all dependencies with scope test, since a raw xmvn does not hide them from maven. maven-javadoc-plugin received following fix: * Allow building with wider range of plexus-utils versions, including the 3.5.0 that does not declare IOException as thrown in functions where it is actually not thrown. maven-reporting-impl was upgraded to version 3.1.0: * API sync with maven-reporting-api 3.1.0 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3549=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3549=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3549=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3549=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3549=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3549=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3549=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3549=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3549=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3549=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3549=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3549=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3549=1 ## Package List: * openSUSE Leap 15.4 (noarch) * maven-invoker-plugin-3.2.2-150200.3.3.41 * maven-reporting-impl-javadoc-3.1.0-150200.4.3.36 * maven-script-interpreter-1.3-150200.3.3.18 * exec-maven-plugin-javadoc-3.0.0-150200.3.7.39 * exec-maven-plugin-3.0.0-150200.3.7.39 * maven-javadoc-plugin-javadoc-3.3.2-150200.4.7.39 * maven-jar-plugin-bootstrap-3.2.2-150200.3.7.36 * maven-javadoc-plugin-bootstrap-3.3.2-150200.4.7.37 * maven-jar-plugin-3.2.2-150200.3.7.39 * maven-reporting-impl-3.1.0-150200.4.3.36 * maven-resources-plugin-bootstrap-3.2.0-150200.3.7.35 * maven-script-interpreter-javadoc-1.3-150200.3.3.18 * maven-resources-plugin-javadoc-3.2.0-150200.3.7.39 * maven-javadoc-plugin-3.3.2-150200.4.7.39 * maven-resources-plugin-3.2.0-150200.3.7.39 * maven-jar-plugin-javadoc-3.2.2-150200.3.7.39 * maven-invoker-plugin-javadoc-3.2.2-150200.3.3.41 * openSUSE Leap 15.5 (noarch) * maven-invoker-plugin-3.2.2-150200.3.3.41 * maven-reporting-impl-javadoc-3.1.0-150200.4.3.36 * maven-script-interpreter-1.3-150200.3.3.18 * exec-maven-plugin-javadoc-3.0.0-150200.3.7.39 * exec-maven-plugin-3.0.0-150200.3.7.39 * maven-javadoc-plugin-javadoc-3.3.2-150200.4.7.39 * maven-jar-plugin-bootstrap-3.2.2-150200.3.7.36 * maven-javadoc-plugin-bootstrap-3.3.2-150200.4.7.37 * maven-jar-plugin-3.2.2-150200.3.7.39 * maven-reporting-impl-3.1.0-150200.4.3.36 * maven-resources-plugin-bootstrap-3.2.0-150200.3.7.35 * maven-script-interpreter-javadoc-1.3-150200.3.3.18 * maven-resources-plugin-javadoc-3.2.0-150200.3.7.39 * maven-javadoc-plugin-3.3.2-150200.4.7.39 * maven-resources-plugin-3.2.0-150200.3.7.39 * maven-jar-plugin-javadoc-3.2.2-150200.3.7.39 * maven-invoker-plugin-javadoc-3.2.2-150200.3.3.41 * Development Tools Module 15-SP4 (noarch) * maven-resources-plugin-3.2.0-150200.3.7.39 * maven-jar-plugin-3.2.2-150200.3.7.39 * maven-javadoc-plugin-3.3.2-150200.4.7.39 * Development Tools Module 15-SP5 (noarch) * maven-resources-plugin-3.2.0-150200.3.7.39 * maven-jar-plugin-3.2.2-150200.3.7.39 * maven-javadoc-plugin-3.3.2-150200.4.7.39 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * maven-resources-plugin-3.2.0-150200.3.7.39 * maven-jar-plugin-3.2.2-150200.3.7.39 * maven-javadoc-plugin-3.3.2-150200.4.7.39 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * maven-resources-plugin-3.2.0-150200.3.7.39 * maven-jar-plugin-3.2.2-150200.3.7.39 * maven-javadoc-plugin-3.3.2-150200.4.7.39 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * maven-resources-plugin-3.2.0-150200.3.7.39 * maven-jar-plugin-3.2.2-150200.3.7.39 * maven-javadoc-plugin-3.3.2-150200.4.7.39 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * maven-resources-plugin-3.2.0-150200.3.7.39 * maven-jar-plugin-3.2.2-150200.3.7.39 * maven-javadoc-plugin-3.3.2-150200.4.7.39 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * maven-resources-plugin-3.2.0-150200.3.7.39 * maven-jar-plugin-3.2.2-150200.3.7.39 * maven-javadoc-plugin-3.3.2-150200.4.7.39 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * maven-resources-plugin-3.2.0-150200.3.7.39 * maven-jar-plugin-3.2.2-150200.3.7.39 * maven-javadoc-plugin-3.3.2-150200.4.7.39 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * maven-resources-plugin-3.2.0-150200.3.7.39 * maven-jar-plugin-3.2.2-150200.3.7.39 * maven-javadoc-plugin-3.3.2-150200.4.7.39 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * maven-resources-plugin-3.2.0-150200.3.7.39 * maven-jar-plugin-3.2.2-150200.3.7.39 * maven-javadoc-plugin-3.3.2-150200.4.7.39 * SUSE Enterprise Storage 7.1 (noarch) * maven-resources-plugin-3.2.0-150200.3.7.39 * maven-jar-plugin-3.2.2-150200.3.7.39 * maven-javadoc-plugin-3.3.2-150200.4.7.39 ## References: * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Sep 7 09:10:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 07 Sep 2023 09:10:34 -0000 Subject: SUSE-FU-2023:3548-1: moderate: Feature update for python-yq, python-tomlkit, python-xmltodict Message-ID: <169407783481.31458.11298017989934494095@smelt2.suse.de> # Feature update for python-yq, python-tomlkit, python-xmltodict Announcement ID: SUSE-FU-2023:3548-1 Rating: moderate References: * PED-5095 * PED-5098 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SAP Applications Module 15-SP3 * SAP Applications Module 15-SP4 * SAP Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that contains two features can now be installed. ## Description: This update for python-yq, python-tomlkit and python-xmltodict fixes the following issues: python-yq: * Implementation of package python-yq (jsc#PED-5098, jsc#PED-5095) * Version 3.2.2 python-tomlkit: * Package dependency to python-yq (jsc#PED-5098, jsc#PED-5095) * Version 0.8.0 python-xmltodict: * Package dependency to python-yq (jsc#PED-5098, jsc#PED-5095) * Version 0.12.0 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3548=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3548=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3548=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3548=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-3548=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-3548=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-3548=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3548=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3548=1 * SAP Applications Module 15-SP3 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2023-3548=1 * SAP Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-3548=1 * SAP Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP5-2023-3548=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python3-xmltodict-0.12.0-150100.5.6.2 * openSUSE Leap 15.5 (noarch) * python3-xmltodict-0.12.0-150100.5.6.2 * SUSE Package Hub 15 15-SP4 (noarch) * python2-xmltodict-0.12.0-150100.5.6.2 * SUSE Package Hub 15 15-SP5 (noarch) * python2-xmltodict-0.12.0-150100.5.6.2 * Public Cloud Module 15-SP1 (noarch) * python3-xmltodict-0.12.0-150100.5.6.2 * Public Cloud Module 15-SP2 (noarch) * python3-xmltodict-0.12.0-150100.5.6.2 * Public Cloud Module 15-SP3 (noarch) * python3-xmltodict-0.12.0-150100.5.6.2 * Public Cloud Module 15-SP4 (noarch) * python3-xmltodict-0.12.0-150100.5.6.2 * Public Cloud Module 15-SP5 (noarch) * python3-xmltodict-0.12.0-150100.5.6.2 * SAP Applications Module 15-SP3 (noarch) * python3-yq-3.2.2-150300.7.3.2 * python3-xmltodict-0.12.0-150100.5.6.2 * python3-tomlkit-0.8.0-150300.7.3.2 * SAP Applications Module 15-SP4 (noarch) * python3-yq-3.2.2-150300.7.3.2 * python3-xmltodict-0.12.0-150100.5.6.2 * python3-tomlkit-0.8.0-150300.7.3.2 * SAP Applications Module 15-SP5 (noarch) * python3-yq-3.2.2-150300.7.3.2 * python3-xmltodict-0.12.0-150100.5.6.2 * python3-tomlkit-0.8.0-150300.7.3.2 ## References: * https://jira.suse.com/browse/PED-5095 * https://jira.suse.com/browse/PED-5098 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Sep 7 09:10:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 07 Sep 2023 09:10:36 -0000 Subject: SUSE-FU-2023:3547-1: moderate: Feature update for xmlgraphics-commons, xmlgraphics-fop Message-ID: <169407783691.31458.1428665249457089570@smelt2.suse.de> # Feature update for xmlgraphics-commons, xmlgraphics-fop Announcement ID: SUSE-FU-2023:3547-1 Rating: moderate References: * SLE-23217 Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for xmlgraphics-commons, xmlgraphics-fop fixes the following issues: xmlgraphics-fop: * Version update to 2.8 * Links to pdf files with no scheme should open in pdf viewer * Add light weight line breaking option * Allow resource loading from jar * Stroke-opacity is not honored on svg:text while conveting svg to pdf * Skip OOM during font OS scanning * Remove cidset for PDF/A-2 * Reorder glyphs with no width * Array index out of bounds with glyph position adjustments and surrogate pairs * Set text color for simulate-style * Simulated bold error in Adobe Reader * Resolve links across IF files * Align AFP SVG text in the middle * Upgrade to Commons IO 2.11 * Remove Xerces * Use a event for a draw image error * Allow fallback to non svg glyphs * AFP invoke-medium-map missing when using page-group=false * AssertionError with SFArabic.ttf * README file still refers to bugzilla * NPE when reading a invalid TTC file * Batik is setting load-external-dtd to false so this example doesnt work * Write mediummap before pagegroup * Empty link url gives NPE * Reorder glyphs based on gpa value * Use all rulesets for glyph substitution * Fix position of macron glyph * Allow removing empty table elements from structure tree * Fix change ipd for linefeed-treatment=preserve * NPE when using a link in a span with accessibility * Remove Xalan * Add transparency color support * PDF/UA NPE when using external pdf * Stop reading ttf if we hit last offset * Allow bookmarks before declarations * Don't break with hangul syllables * Move composite glyphs to the end * NPE when using a footnote on redo of layout * Infinite loop when using page break with changing ipd * Allow subproperties in XMP * Fallback to raw png if ImageIO cannot read image xmlgraphics-commons: * Version update to 2.8 with minor changes to support FOP 2.8 release ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3547=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3547=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3547=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3547=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3547=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3547=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3547=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3547=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3547=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3547=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3547=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3547=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3547=1 ## Package List: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * xmlgraphics-commons-2.8-150200.3.7.2 * xmlgraphics-fop-2.8-150200.13.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * xmlgraphics-commons-2.8-150200.3.7.2 * xmlgraphics-fop-2.8-150200.13.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * xmlgraphics-commons-2.8-150200.3.7.2 * xmlgraphics-fop-2.8-150200.13.7.1 * SUSE Enterprise Storage 7.1 (noarch) * xmlgraphics-commons-2.8-150200.3.7.2 * xmlgraphics-fop-2.8-150200.13.7.1 * openSUSE Leap 15.4 (noarch) * xmlgraphics-commons-2.8-150200.3.7.2 * xmlgraphics-fop-2.8-150200.13.7.1 * xmlgraphics-commons-javadoc-2.8-150200.3.7.2 * openSUSE Leap 15.5 (noarch) * xmlgraphics-commons-2.8-150200.3.7.2 * xmlgraphics-fop-2.8-150200.13.7.1 * xmlgraphics-commons-javadoc-2.8-150200.3.7.2 * Development Tools Module 15-SP4 (noarch) * xmlgraphics-commons-2.8-150200.3.7.2 * xmlgraphics-fop-2.8-150200.13.7.1 * Development Tools Module 15-SP5 (noarch) * xmlgraphics-commons-2.8-150200.3.7.2 * xmlgraphics-fop-2.8-150200.13.7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * xmlgraphics-commons-2.8-150200.3.7.2 * xmlgraphics-fop-2.8-150200.13.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * xmlgraphics-commons-2.8-150200.3.7.2 * xmlgraphics-fop-2.8-150200.13.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * xmlgraphics-commons-2.8-150200.3.7.2 * xmlgraphics-fop-2.8-150200.13.7.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * xmlgraphics-commons-2.8-150200.3.7.2 * xmlgraphics-fop-2.8-150200.13.7.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * xmlgraphics-commons-2.8-150200.3.7.2 * xmlgraphics-fop-2.8-150200.13.7.1 ## References: * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Sep 7 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 07 Sep 2023 16:30:06 -0000 Subject: SUSE-RU-2023:3552-1: low: Recommended update for monitoring-plugins Message-ID: <169410420661.23789.1056344763980628625@smelt2.suse.de> # Recommended update for monitoring-plugins Announcement ID: SUSE-RU-2023:3552-1 Rating: low References: * #1209194 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one fix can now be installed. ## Description: This update for monitoring-plugins fixes the following issues: * Add attach_disconnected flag for usr.lib.nagios.plugins.check_procs and usr.lib.nagios.plugins.check_procs.sle15 apparmor profiles to permit /proc/PID/exe access; (bsc#1209194) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3552=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3552=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3552=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * monitoring-plugins-extras-2.3.1-4.9.1 * monitoring-plugins-wave-2.3.1-4.9.1 * monitoring-plugins-ups-debuginfo-2.3.1-4.9.1 * monitoring-plugins-dbi-2.3.1-4.9.1 * monitoring-plugins-http-debuginfo-2.3.1-4.9.1 * monitoring-plugins-ntp_time-debuginfo-2.3.1-4.9.1 * monitoring-plugins-ifoperstatus-2.3.1-4.9.1 * monitoring-plugins-by_ssh-2.3.1-4.9.1 * monitoring-plugins-nt-debuginfo-2.3.1-4.9.1 * monitoring-plugins-hpjd-debuginfo-2.3.1-4.9.1 * monitoring-plugins-procs-2.3.1-4.9.1 * monitoring-plugins-dbi-sqlite3-2.3.1-4.9.1 * monitoring-plugins-users-debuginfo-2.3.1-4.9.1 * monitoring-plugins-dig-2.3.1-4.9.1 * monitoring-plugins-ssh-2.3.1-4.9.1 * monitoring-plugins-ldap-debuginfo-2.3.1-4.9.1 * monitoring-plugins-dns-debuginfo-2.3.1-4.9.1 * monitoring-plugins-dbi-pgsql-2.3.1-4.9.1 * monitoring-plugins-by_ssh-debuginfo-2.3.1-4.9.1 * monitoring-plugins-snmp-debuginfo-2.3.1-4.9.1 * monitoring-plugins-cluster-2.3.1-4.9.1 * monitoring-plugins-dbi-mysql-2.3.1-4.9.1 * monitoring-plugins-mailq-2.3.1-4.9.1 * monitoring-plugins-load-2.3.1-4.9.1 * monitoring-plugins-rpc-2.3.1-4.9.1 * monitoring-plugins-overcr-2.3.1-4.9.1 * monitoring-plugins-ldap-2.3.1-4.9.1 * monitoring-plugins-dhcp-2.3.1-4.9.1 * monitoring-plugins-ping-debuginfo-2.3.1-4.9.1 * monitoring-plugins-real-debuginfo-2.3.1-4.9.1 * monitoring-plugins-common-2.3.1-4.9.1 * monitoring-plugins-procs-debuginfo-2.3.1-4.9.1 * monitoring-plugins-ssh-debuginfo-2.3.1-4.9.1 * monitoring-plugins-log-2.3.1-4.9.1 * monitoring-plugins-file_age-2.3.1-4.9.1 * monitoring-plugins-common-debuginfo-2.3.1-4.9.1 * monitoring-plugins-oracle-2.3.1-4.9.1 * monitoring-plugins-overcr-debuginfo-2.3.1-4.9.1 * monitoring-plugins-hpjd-2.3.1-4.9.1 * monitoring-plugins-users-2.3.1-4.9.1 * monitoring-plugins-ups-2.3.1-4.9.1 * monitoring-plugins-snmp-2.3.1-4.9.1 * monitoring-plugins-smtp-2.3.1-4.9.1 * monitoring-plugins-tcp-2.3.1-4.9.1 * monitoring-plugins-mrtg-2.3.1-4.9.1 * monitoring-plugins-swap-debuginfo-2.3.1-4.9.1 * monitoring-plugins-nwstat-2.3.1-4.9.1 * monitoring-plugins-nwstat-debuginfo-2.3.1-4.9.1 * monitoring-plugins-debugsource-2.3.1-4.9.1 * monitoring-plugins-ntp_time-2.3.1-4.9.1 * monitoring-plugins-disk-debuginfo-2.3.1-4.9.1 * monitoring-plugins-ifstatus-2.3.1-4.9.1 * monitoring-plugins-sensors-2.3.1-4.9.1 * monitoring-plugins-pgsql-2.3.1-4.9.1 * monitoring-plugins-disk_smb-2.3.1-4.9.1 * monitoring-plugins-dns-2.3.1-4.9.1 * monitoring-plugins-dbi-debuginfo-2.3.1-4.9.1 * monitoring-plugins-mysql-debuginfo-2.3.1-4.9.1 * monitoring-plugins-mysql-2.3.1-4.9.1 * monitoring-plugins-icmp-debuginfo-2.3.1-4.9.1 * monitoring-plugins-dig-debuginfo-2.3.1-4.9.1 * monitoring-plugins-tcp-debuginfo-2.3.1-4.9.1 * monitoring-plugins-fping-debuginfo-2.3.1-4.9.1 * monitoring-plugins-fping-2.3.1-4.9.1 * monitoring-plugins-disk-2.3.1-4.9.1 * monitoring-plugins-cluster-debuginfo-2.3.1-4.9.1 * monitoring-plugins-mrtgtraf-debuginfo-2.3.1-4.9.1 * monitoring-plugins-time-2.3.1-4.9.1 * monitoring-plugins-dummy-debuginfo-2.3.1-4.9.1 * monitoring-plugins-swap-2.3.1-4.9.1 * monitoring-plugins-nt-2.3.1-4.9.1 * monitoring-plugins-pgsql-debuginfo-2.3.1-4.9.1 * monitoring-plugins-http-2.3.1-4.9.1 * monitoring-plugins-load-debuginfo-2.3.1-4.9.1 * monitoring-plugins-ntp_peer-2.3.1-4.9.1 * monitoring-plugins-dummy-2.3.1-4.9.1 * monitoring-plugins-mrtg-debuginfo-2.3.1-4.9.1 * monitoring-plugins-icmp-2.3.1-4.9.1 * monitoring-plugins-ping-2.3.1-4.9.1 * monitoring-plugins-dhcp-debuginfo-2.3.1-4.9.1 * monitoring-plugins-all-2.3.1-4.9.1 * monitoring-plugins-smtp-debuginfo-2.3.1-4.9.1 * monitoring-plugins-ircd-2.3.1-4.9.1 * monitoring-plugins-radius-debuginfo-2.3.1-4.9.1 * monitoring-plugins-real-2.3.1-4.9.1 * monitoring-plugins-ntp_peer-debuginfo-2.3.1-4.9.1 * monitoring-plugins-radius-2.3.1-4.9.1 * monitoring-plugins-time-debuginfo-2.3.1-4.9.1 * monitoring-plugins-cups-2.3.1-4.9.1 * monitoring-plugins-mrtgtraf-2.3.1-4.9.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * monitoring-plugins-extras-2.3.1-4.9.1 * monitoring-plugins-wave-2.3.1-4.9.1 * monitoring-plugins-ups-debuginfo-2.3.1-4.9.1 * monitoring-plugins-dbi-2.3.1-4.9.1 * monitoring-plugins-http-debuginfo-2.3.1-4.9.1 * monitoring-plugins-ntp_time-debuginfo-2.3.1-4.9.1 * monitoring-plugins-ifoperstatus-2.3.1-4.9.1 * monitoring-plugins-by_ssh-2.3.1-4.9.1 * monitoring-plugins-nt-debuginfo-2.3.1-4.9.1 * monitoring-plugins-hpjd-debuginfo-2.3.1-4.9.1 * monitoring-plugins-procs-2.3.1-4.9.1 * monitoring-plugins-dbi-sqlite3-2.3.1-4.9.1 * monitoring-plugins-users-debuginfo-2.3.1-4.9.1 * monitoring-plugins-dig-2.3.1-4.9.1 * monitoring-plugins-ssh-2.3.1-4.9.1 * monitoring-plugins-ldap-debuginfo-2.3.1-4.9.1 * monitoring-plugins-dns-debuginfo-2.3.1-4.9.1 * monitoring-plugins-dbi-pgsql-2.3.1-4.9.1 * monitoring-plugins-by_ssh-debuginfo-2.3.1-4.9.1 * monitoring-plugins-snmp-debuginfo-2.3.1-4.9.1 * monitoring-plugins-cluster-2.3.1-4.9.1 * monitoring-plugins-dbi-mysql-2.3.1-4.9.1 * monitoring-plugins-mailq-2.3.1-4.9.1 * monitoring-plugins-load-2.3.1-4.9.1 * monitoring-plugins-rpc-2.3.1-4.9.1 * monitoring-plugins-overcr-2.3.1-4.9.1 * monitoring-plugins-ldap-2.3.1-4.9.1 * monitoring-plugins-dhcp-2.3.1-4.9.1 * monitoring-plugins-ping-debuginfo-2.3.1-4.9.1 * monitoring-plugins-real-debuginfo-2.3.1-4.9.1 * monitoring-plugins-common-2.3.1-4.9.1 * monitoring-plugins-procs-debuginfo-2.3.1-4.9.1 * monitoring-plugins-ssh-debuginfo-2.3.1-4.9.1 * monitoring-plugins-log-2.3.1-4.9.1 * monitoring-plugins-file_age-2.3.1-4.9.1 * monitoring-plugins-common-debuginfo-2.3.1-4.9.1 * monitoring-plugins-oracle-2.3.1-4.9.1 * monitoring-plugins-overcr-debuginfo-2.3.1-4.9.1 * monitoring-plugins-hpjd-2.3.1-4.9.1 * monitoring-plugins-users-2.3.1-4.9.1 * monitoring-plugins-ups-2.3.1-4.9.1 * monitoring-plugins-snmp-2.3.1-4.9.1 * monitoring-plugins-smtp-2.3.1-4.9.1 * monitoring-plugins-tcp-2.3.1-4.9.1 * monitoring-plugins-mrtg-2.3.1-4.9.1 * monitoring-plugins-swap-debuginfo-2.3.1-4.9.1 * monitoring-plugins-nwstat-2.3.1-4.9.1 * monitoring-plugins-nwstat-debuginfo-2.3.1-4.9.1 * monitoring-plugins-debugsource-2.3.1-4.9.1 * monitoring-plugins-ntp_time-2.3.1-4.9.1 * monitoring-plugins-disk-debuginfo-2.3.1-4.9.1 * monitoring-plugins-ifstatus-2.3.1-4.9.1 * monitoring-plugins-pgsql-2.3.1-4.9.1 * monitoring-plugins-disk_smb-2.3.1-4.9.1 * monitoring-plugins-dns-2.3.1-4.9.1 * monitoring-plugins-dbi-debuginfo-2.3.1-4.9.1 * monitoring-plugins-mysql-debuginfo-2.3.1-4.9.1 * monitoring-plugins-mysql-2.3.1-4.9.1 * monitoring-plugins-icmp-debuginfo-2.3.1-4.9.1 * monitoring-plugins-dig-debuginfo-2.3.1-4.9.1 * monitoring-plugins-tcp-debuginfo-2.3.1-4.9.1 * monitoring-plugins-fping-debuginfo-2.3.1-4.9.1 * monitoring-plugins-fping-2.3.1-4.9.1 * monitoring-plugins-disk-2.3.1-4.9.1 * monitoring-plugins-cluster-debuginfo-2.3.1-4.9.1 * monitoring-plugins-mrtgtraf-debuginfo-2.3.1-4.9.1 * monitoring-plugins-time-2.3.1-4.9.1 * monitoring-plugins-dummy-debuginfo-2.3.1-4.9.1 * monitoring-plugins-swap-2.3.1-4.9.1 * monitoring-plugins-nt-2.3.1-4.9.1 * monitoring-plugins-pgsql-debuginfo-2.3.1-4.9.1 * monitoring-plugins-http-2.3.1-4.9.1 * monitoring-plugins-load-debuginfo-2.3.1-4.9.1 * monitoring-plugins-ntp_peer-2.3.1-4.9.1 * monitoring-plugins-dummy-2.3.1-4.9.1 * monitoring-plugins-mrtg-debuginfo-2.3.1-4.9.1 * monitoring-plugins-icmp-2.3.1-4.9.1 * monitoring-plugins-ping-2.3.1-4.9.1 * monitoring-plugins-dhcp-debuginfo-2.3.1-4.9.1 * monitoring-plugins-all-2.3.1-4.9.1 * monitoring-plugins-smtp-debuginfo-2.3.1-4.9.1 * monitoring-plugins-ircd-2.3.1-4.9.1 * monitoring-plugins-radius-debuginfo-2.3.1-4.9.1 * monitoring-plugins-real-2.3.1-4.9.1 * monitoring-plugins-ntp_peer-debuginfo-2.3.1-4.9.1 * monitoring-plugins-radius-2.3.1-4.9.1 * monitoring-plugins-time-debuginfo-2.3.1-4.9.1 * monitoring-plugins-cups-2.3.1-4.9.1 * monitoring-plugins-mrtgtraf-2.3.1-4.9.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le x86_64) * monitoring-plugins-sensors-2.3.1-4.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * monitoring-plugins-extras-2.3.1-4.9.1 * monitoring-plugins-wave-2.3.1-4.9.1 * monitoring-plugins-ups-debuginfo-2.3.1-4.9.1 * monitoring-plugins-dbi-2.3.1-4.9.1 * monitoring-plugins-http-debuginfo-2.3.1-4.9.1 * monitoring-plugins-ntp_time-debuginfo-2.3.1-4.9.1 * monitoring-plugins-ifoperstatus-2.3.1-4.9.1 * monitoring-plugins-by_ssh-2.3.1-4.9.1 * monitoring-plugins-nt-debuginfo-2.3.1-4.9.1 * monitoring-plugins-hpjd-debuginfo-2.3.1-4.9.1 * monitoring-plugins-procs-2.3.1-4.9.1 * monitoring-plugins-dbi-sqlite3-2.3.1-4.9.1 * monitoring-plugins-users-debuginfo-2.3.1-4.9.1 * monitoring-plugins-dig-2.3.1-4.9.1 * monitoring-plugins-ssh-2.3.1-4.9.1 * monitoring-plugins-ldap-debuginfo-2.3.1-4.9.1 * monitoring-plugins-dns-debuginfo-2.3.1-4.9.1 * monitoring-plugins-dbi-pgsql-2.3.1-4.9.1 * monitoring-plugins-by_ssh-debuginfo-2.3.1-4.9.1 * monitoring-plugins-snmp-debuginfo-2.3.1-4.9.1 * monitoring-plugins-cluster-2.3.1-4.9.1 * monitoring-plugins-dbi-mysql-2.3.1-4.9.1 * monitoring-plugins-mailq-2.3.1-4.9.1 * monitoring-plugins-load-2.3.1-4.9.1 * monitoring-plugins-rpc-2.3.1-4.9.1 * monitoring-plugins-overcr-2.3.1-4.9.1 * monitoring-plugins-ldap-2.3.1-4.9.1 * monitoring-plugins-dhcp-2.3.1-4.9.1 * monitoring-plugins-ping-debuginfo-2.3.1-4.9.1 * monitoring-plugins-real-debuginfo-2.3.1-4.9.1 * monitoring-plugins-common-2.3.1-4.9.1 * monitoring-plugins-procs-debuginfo-2.3.1-4.9.1 * monitoring-plugins-ssh-debuginfo-2.3.1-4.9.1 * monitoring-plugins-log-2.3.1-4.9.1 * monitoring-plugins-file_age-2.3.1-4.9.1 * monitoring-plugins-common-debuginfo-2.3.1-4.9.1 * monitoring-plugins-oracle-2.3.1-4.9.1 * monitoring-plugins-overcr-debuginfo-2.3.1-4.9.1 * monitoring-plugins-hpjd-2.3.1-4.9.1 * monitoring-plugins-users-2.3.1-4.9.1 * monitoring-plugins-ups-2.3.1-4.9.1 * monitoring-plugins-snmp-2.3.1-4.9.1 * monitoring-plugins-smtp-2.3.1-4.9.1 * monitoring-plugins-tcp-2.3.1-4.9.1 * monitoring-plugins-mrtg-2.3.1-4.9.1 * monitoring-plugins-swap-debuginfo-2.3.1-4.9.1 * monitoring-plugins-nwstat-2.3.1-4.9.1 * monitoring-plugins-nwstat-debuginfo-2.3.1-4.9.1 * monitoring-plugins-debugsource-2.3.1-4.9.1 * monitoring-plugins-ntp_time-2.3.1-4.9.1 * monitoring-plugins-disk-debuginfo-2.3.1-4.9.1 * monitoring-plugins-ifstatus-2.3.1-4.9.1 * monitoring-plugins-sensors-2.3.1-4.9.1 * monitoring-plugins-pgsql-2.3.1-4.9.1 * monitoring-plugins-disk_smb-2.3.1-4.9.1 * monitoring-plugins-dns-2.3.1-4.9.1 * monitoring-plugins-dbi-debuginfo-2.3.1-4.9.1 * monitoring-plugins-mysql-debuginfo-2.3.1-4.9.1 * monitoring-plugins-mysql-2.3.1-4.9.1 * monitoring-plugins-icmp-debuginfo-2.3.1-4.9.1 * monitoring-plugins-dig-debuginfo-2.3.1-4.9.1 * monitoring-plugins-tcp-debuginfo-2.3.1-4.9.1 * monitoring-plugins-fping-debuginfo-2.3.1-4.9.1 * monitoring-plugins-fping-2.3.1-4.9.1 * monitoring-plugins-disk-2.3.1-4.9.1 * monitoring-plugins-cluster-debuginfo-2.3.1-4.9.1 * monitoring-plugins-mrtgtraf-debuginfo-2.3.1-4.9.1 * monitoring-plugins-time-2.3.1-4.9.1 * monitoring-plugins-dummy-debuginfo-2.3.1-4.9.1 * monitoring-plugins-swap-2.3.1-4.9.1 * monitoring-plugins-nt-2.3.1-4.9.1 * monitoring-plugins-pgsql-debuginfo-2.3.1-4.9.1 * monitoring-plugins-http-2.3.1-4.9.1 * monitoring-plugins-load-debuginfo-2.3.1-4.9.1 * monitoring-plugins-ntp_peer-2.3.1-4.9.1 * monitoring-plugins-dummy-2.3.1-4.9.1 * monitoring-plugins-mrtg-debuginfo-2.3.1-4.9.1 * monitoring-plugins-icmp-2.3.1-4.9.1 * monitoring-plugins-ping-2.3.1-4.9.1 * monitoring-plugins-dhcp-debuginfo-2.3.1-4.9.1 * monitoring-plugins-all-2.3.1-4.9.1 * monitoring-plugins-smtp-debuginfo-2.3.1-4.9.1 * monitoring-plugins-ircd-2.3.1-4.9.1 * monitoring-plugins-radius-debuginfo-2.3.1-4.9.1 * monitoring-plugins-real-2.3.1-4.9.1 * monitoring-plugins-ntp_peer-debuginfo-2.3.1-4.9.1 * monitoring-plugins-radius-2.3.1-4.9.1 * monitoring-plugins-time-debuginfo-2.3.1-4.9.1 * monitoring-plugins-cups-2.3.1-4.9.1 * monitoring-plugins-mrtgtraf-2.3.1-4.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209194 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 8 08:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 08 Sep 2023 08:30:23 -0000 Subject: SUSE-RU-2023:3553-1: moderate: Recommended update for python-kiwi Message-ID: <169416182351.13738.18220850225559260082@smelt2.suse.de> # Recommended update for python-kiwi Announcement ID: SUSE-RU-2023:3553-1 Rating: moderate References: * #1209247 Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for python-kiwi fixes the following issues: * Add `parted` support for s390 architecture * Expand DASD partition table with `parted` (bsc#1209247) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3553=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3553=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3553=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3553=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3553=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3553=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3553=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3553=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3553=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3553=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3553=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3553=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3553=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3553=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3553=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3553=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3553=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3553=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3553=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3553=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3553=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3553=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3553=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kiwi-systemdeps-9.24.43-150100.3.59.1 * kiwi-tools-9.24.43-150100.3.59.1 * python3-kiwi-9.24.43-150100.3.59.1 * kiwi-tools-debuginfo-9.24.43-150100.3.59.1 * kiwi-systemdeps-image-validation-9.24.43-150100.3.59.1 * dracut-kiwi-oem-dump-9.24.43-150100.3.59.1 * kiwi-systemdeps-core-9.24.43-150100.3.59.1 * kiwi-man-pages-9.24.43-150100.3.59.1 * kiwi-systemdeps-bootloaders-9.24.43-150100.3.59.1 * kiwi-systemdeps-containers-9.24.43-150100.3.59.1 * dracut-kiwi-live-9.24.43-150100.3.59.1 * kiwi-systemdeps-filesystems-9.24.43-150100.3.59.1 * dracut-kiwi-lib-9.24.43-150100.3.59.1 * kiwi-systemdeps-iso-media-9.24.43-150100.3.59.1 * python-kiwi-debugsource-9.24.43-150100.3.59.1 * kiwi-systemdeps-disk-images-9.24.43-150100.3.59.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.59.1 * dracut-kiwi-overlay-9.24.43-150100.3.59.1 * openSUSE Leap 15.4 (x86_64) * kiwi-pxeboot-9.24.43-150100.3.59.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kiwi-systemdeps-9.24.43-150100.3.59.1 * kiwi-tools-9.24.43-150100.3.59.1 * python3-kiwi-9.24.43-150100.3.59.1 * kiwi-tools-debuginfo-9.24.43-150100.3.59.1 * kiwi-systemdeps-image-validation-9.24.43-150100.3.59.1 * dracut-kiwi-oem-dump-9.24.43-150100.3.59.1 * kiwi-systemdeps-core-9.24.43-150100.3.59.1 * kiwi-man-pages-9.24.43-150100.3.59.1 * kiwi-systemdeps-bootloaders-9.24.43-150100.3.59.1 * kiwi-systemdeps-containers-9.24.43-150100.3.59.1 * dracut-kiwi-live-9.24.43-150100.3.59.1 * kiwi-systemdeps-filesystems-9.24.43-150100.3.59.1 * dracut-kiwi-lib-9.24.43-150100.3.59.1 * kiwi-systemdeps-iso-media-9.24.43-150100.3.59.1 * python-kiwi-debugsource-9.24.43-150100.3.59.1 * kiwi-systemdeps-disk-images-9.24.43-150100.3.59.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.59.1 * dracut-kiwi-overlay-9.24.43-150100.3.59.1 * openSUSE Leap 15.5 (x86_64) * kiwi-pxeboot-9.24.43-150100.3.59.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * dracut-kiwi-oem-dump-9.24.43-150100.3.59.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.59.1 * dracut-kiwi-lib-9.24.43-150100.3.59.1 * python-kiwi-debugsource-9.24.43-150100.3.59.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * dracut-kiwi-oem-dump-9.24.43-150100.3.59.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.59.1 * dracut-kiwi-lib-9.24.43-150100.3.59.1 * python-kiwi-debugsource-9.24.43-150100.3.59.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * dracut-kiwi-oem-dump-9.24.43-150100.3.59.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.59.1 * dracut-kiwi-lib-9.24.43-150100.3.59.1 * python-kiwi-debugsource-9.24.43-150100.3.59.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * dracut-kiwi-oem-dump-9.24.43-150100.3.59.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.59.1 * dracut-kiwi-lib-9.24.43-150100.3.59.1 * python-kiwi-debugsource-9.24.43-150100.3.59.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kiwi-systemdeps-9.24.43-150100.3.59.1 * kiwi-tools-9.24.43-150100.3.59.1 * python3-kiwi-9.24.43-150100.3.59.1 * kiwi-tools-debuginfo-9.24.43-150100.3.59.1 * kiwi-systemdeps-image-validation-9.24.43-150100.3.59.1 * dracut-kiwi-oem-dump-9.24.43-150100.3.59.1 * kiwi-systemdeps-core-9.24.43-150100.3.59.1 * kiwi-man-pages-9.24.43-150100.3.59.1 * kiwi-systemdeps-bootloaders-9.24.43-150100.3.59.1 * kiwi-systemdeps-containers-9.24.43-150100.3.59.1 * dracut-kiwi-live-9.24.43-150100.3.59.1 * kiwi-systemdeps-filesystems-9.24.43-150100.3.59.1 * dracut-kiwi-lib-9.24.43-150100.3.59.1 * kiwi-systemdeps-iso-media-9.24.43-150100.3.59.1 * python-kiwi-debugsource-9.24.43-150100.3.59.1 * kiwi-systemdeps-disk-images-9.24.43-150100.3.59.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.59.1 * dracut-kiwi-overlay-9.24.43-150100.3.59.1 * Development Tools Module 15-SP4 (x86_64) * kiwi-pxeboot-9.24.43-150100.3.59.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kiwi-systemdeps-9.24.43-150100.3.59.1 * kiwi-tools-9.24.43-150100.3.59.1 * python3-kiwi-9.24.43-150100.3.59.1 * kiwi-tools-debuginfo-9.24.43-150100.3.59.1 * kiwi-systemdeps-image-validation-9.24.43-150100.3.59.1 * dracut-kiwi-oem-dump-9.24.43-150100.3.59.1 * kiwi-systemdeps-core-9.24.43-150100.3.59.1 * kiwi-man-pages-9.24.43-150100.3.59.1 * kiwi-systemdeps-bootloaders-9.24.43-150100.3.59.1 * kiwi-systemdeps-containers-9.24.43-150100.3.59.1 * dracut-kiwi-live-9.24.43-150100.3.59.1 * kiwi-systemdeps-filesystems-9.24.43-150100.3.59.1 * dracut-kiwi-lib-9.24.43-150100.3.59.1 * kiwi-systemdeps-iso-media-9.24.43-150100.3.59.1 * python-kiwi-debugsource-9.24.43-150100.3.59.1 * kiwi-systemdeps-disk-images-9.24.43-150100.3.59.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.59.1 * dracut-kiwi-overlay-9.24.43-150100.3.59.1 * Development Tools Module 15-SP5 (x86_64) * kiwi-pxeboot-9.24.43-150100.3.59.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * kiwi-tools-9.24.43-150100.3.59.1 * python3-kiwi-9.24.43-150100.3.59.1 * kiwi-tools-debuginfo-9.24.43-150100.3.59.1 * dracut-kiwi-oem-dump-9.24.43-150100.3.59.1 * kiwi-systemdeps-core-9.24.43-150100.3.59.1 * kiwi-man-pages-9.24.43-150100.3.59.1 * dracut-kiwi-live-9.24.43-150100.3.59.1 * python-kiwi-debugsource-9.24.43-150100.3.59.1 * dracut-kiwi-lib-9.24.43-150100.3.59.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.59.1 * dracut-kiwi-overlay-9.24.43-150100.3.59.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * kiwi-pxeboot-9.24.43-150100.3.59.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kiwi-tools-9.24.43-150100.3.59.1 * python3-kiwi-9.24.43-150100.3.59.1 * kiwi-tools-debuginfo-9.24.43-150100.3.59.1 * kiwi-systemdeps-image-validation-9.24.43-150100.3.59.1 * dracut-kiwi-oem-dump-9.24.43-150100.3.59.1 * kiwi-systemdeps-core-9.24.43-150100.3.59.1 * kiwi-man-pages-9.24.43-150100.3.59.1 * kiwi-systemdeps-bootloaders-9.24.43-150100.3.59.1 * dracut-kiwi-live-9.24.43-150100.3.59.1 * kiwi-systemdeps-filesystems-9.24.43-150100.3.59.1 * dracut-kiwi-lib-9.24.43-150100.3.59.1 * kiwi-systemdeps-iso-media-9.24.43-150100.3.59.1 * python-kiwi-debugsource-9.24.43-150100.3.59.1 * kiwi-systemdeps-disk-images-9.24.43-150100.3.59.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.59.1 * dracut-kiwi-overlay-9.24.43-150100.3.59.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * kiwi-pxeboot-9.24.43-150100.3.59.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * kiwi-systemdeps-9.24.43-150100.3.59.1 * kiwi-tools-9.24.43-150100.3.59.1 * python3-kiwi-9.24.43-150100.3.59.1 * kiwi-tools-debuginfo-9.24.43-150100.3.59.1 * kiwi-systemdeps-image-validation-9.24.43-150100.3.59.1 * dracut-kiwi-oem-dump-9.24.43-150100.3.59.1 * kiwi-systemdeps-core-9.24.43-150100.3.59.1 * kiwi-man-pages-9.24.43-150100.3.59.1 * kiwi-systemdeps-bootloaders-9.24.43-150100.3.59.1 * kiwi-systemdeps-containers-9.24.43-150100.3.59.1 * dracut-kiwi-live-9.24.43-150100.3.59.1 * kiwi-systemdeps-filesystems-9.24.43-150100.3.59.1 * dracut-kiwi-lib-9.24.43-150100.3.59.1 * kiwi-systemdeps-iso-media-9.24.43-150100.3.59.1 * python-kiwi-debugsource-9.24.43-150100.3.59.1 * kiwi-systemdeps-disk-images-9.24.43-150100.3.59.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.59.1 * dracut-kiwi-overlay-9.24.43-150100.3.59.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * kiwi-pxeboot-9.24.43-150100.3.59.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * kiwi-systemdeps-9.24.43-150100.3.59.1 * kiwi-tools-9.24.43-150100.3.59.1 * python3-kiwi-9.24.43-150100.3.59.1 * kiwi-tools-debuginfo-9.24.43-150100.3.59.1 * kiwi-systemdeps-image-validation-9.24.43-150100.3.59.1 * dracut-kiwi-oem-dump-9.24.43-150100.3.59.1 * kiwi-systemdeps-core-9.24.43-150100.3.59.1 * kiwi-man-pages-9.24.43-150100.3.59.1 * kiwi-systemdeps-bootloaders-9.24.43-150100.3.59.1 * kiwi-systemdeps-containers-9.24.43-150100.3.59.1 * dracut-kiwi-live-9.24.43-150100.3.59.1 * kiwi-systemdeps-filesystems-9.24.43-150100.3.59.1 * dracut-kiwi-lib-9.24.43-150100.3.59.1 * kiwi-systemdeps-iso-media-9.24.43-150100.3.59.1 * python-kiwi-debugsource-9.24.43-150100.3.59.1 * kiwi-systemdeps-disk-images-9.24.43-150100.3.59.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.59.1 * dracut-kiwi-overlay-9.24.43-150100.3.59.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * kiwi-pxeboot-9.24.43-150100.3.59.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * kiwi-tools-9.24.43-150100.3.59.1 * python3-kiwi-9.24.43-150100.3.59.1 * kiwi-tools-debuginfo-9.24.43-150100.3.59.1 * dracut-kiwi-oem-dump-9.24.43-150100.3.59.1 * kiwi-systemdeps-core-9.24.43-150100.3.59.1 * kiwi-man-pages-9.24.43-150100.3.59.1 * dracut-kiwi-live-9.24.43-150100.3.59.1 * python-kiwi-debugsource-9.24.43-150100.3.59.1 * dracut-kiwi-lib-9.24.43-150100.3.59.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.59.1 * dracut-kiwi-overlay-9.24.43-150100.3.59.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * kiwi-pxeboot-9.24.43-150100.3.59.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * kiwi-tools-9.24.43-150100.3.59.1 * python3-kiwi-9.24.43-150100.3.59.1 * kiwi-tools-debuginfo-9.24.43-150100.3.59.1 * kiwi-systemdeps-image-validation-9.24.43-150100.3.59.1 * dracut-kiwi-oem-dump-9.24.43-150100.3.59.1 * kiwi-systemdeps-core-9.24.43-150100.3.59.1 * kiwi-man-pages-9.24.43-150100.3.59.1 * kiwi-systemdeps-bootloaders-9.24.43-150100.3.59.1 * dracut-kiwi-live-9.24.43-150100.3.59.1 * kiwi-systemdeps-filesystems-9.24.43-150100.3.59.1 * dracut-kiwi-lib-9.24.43-150100.3.59.1 * kiwi-systemdeps-iso-media-9.24.43-150100.3.59.1 * python-kiwi-debugsource-9.24.43-150100.3.59.1 * kiwi-systemdeps-disk-images-9.24.43-150100.3.59.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.59.1 * dracut-kiwi-overlay-9.24.43-150100.3.59.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * kiwi-pxeboot-9.24.43-150100.3.59.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * kiwi-systemdeps-9.24.43-150100.3.59.1 * kiwi-tools-9.24.43-150100.3.59.1 * python3-kiwi-9.24.43-150100.3.59.1 * kiwi-tools-debuginfo-9.24.43-150100.3.59.1 * kiwi-systemdeps-image-validation-9.24.43-150100.3.59.1 * dracut-kiwi-oem-dump-9.24.43-150100.3.59.1 * kiwi-systemdeps-core-9.24.43-150100.3.59.1 * kiwi-man-pages-9.24.43-150100.3.59.1 * kiwi-systemdeps-bootloaders-9.24.43-150100.3.59.1 * kiwi-systemdeps-containers-9.24.43-150100.3.59.1 * dracut-kiwi-live-9.24.43-150100.3.59.1 * kiwi-systemdeps-filesystems-9.24.43-150100.3.59.1 * dracut-kiwi-lib-9.24.43-150100.3.59.1 * kiwi-systemdeps-iso-media-9.24.43-150100.3.59.1 * python-kiwi-debugsource-9.24.43-150100.3.59.1 * kiwi-systemdeps-disk-images-9.24.43-150100.3.59.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.59.1 * dracut-kiwi-overlay-9.24.43-150100.3.59.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * kiwi-pxeboot-9.24.43-150100.3.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * kiwi-tools-9.24.43-150100.3.59.1 * python3-kiwi-9.24.43-150100.3.59.1 * kiwi-tools-debuginfo-9.24.43-150100.3.59.1 * dracut-kiwi-oem-dump-9.24.43-150100.3.59.1 * kiwi-systemdeps-core-9.24.43-150100.3.59.1 * kiwi-man-pages-9.24.43-150100.3.59.1 * dracut-kiwi-live-9.24.43-150100.3.59.1 * python-kiwi-debugsource-9.24.43-150100.3.59.1 * dracut-kiwi-lib-9.24.43-150100.3.59.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.59.1 * dracut-kiwi-overlay-9.24.43-150100.3.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * kiwi-pxeboot-9.24.43-150100.3.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * kiwi-tools-9.24.43-150100.3.59.1 * python3-kiwi-9.24.43-150100.3.59.1 * kiwi-tools-debuginfo-9.24.43-150100.3.59.1 * kiwi-systemdeps-image-validation-9.24.43-150100.3.59.1 * dracut-kiwi-oem-dump-9.24.43-150100.3.59.1 * kiwi-systemdeps-core-9.24.43-150100.3.59.1 * kiwi-man-pages-9.24.43-150100.3.59.1 * kiwi-systemdeps-bootloaders-9.24.43-150100.3.59.1 * dracut-kiwi-live-9.24.43-150100.3.59.1 * kiwi-systemdeps-filesystems-9.24.43-150100.3.59.1 * dracut-kiwi-lib-9.24.43-150100.3.59.1 * kiwi-systemdeps-iso-media-9.24.43-150100.3.59.1 * python-kiwi-debugsource-9.24.43-150100.3.59.1 * kiwi-systemdeps-disk-images-9.24.43-150100.3.59.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.59.1 * dracut-kiwi-overlay-9.24.43-150100.3.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * kiwi-pxeboot-9.24.43-150100.3.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * kiwi-systemdeps-9.24.43-150100.3.59.1 * kiwi-tools-9.24.43-150100.3.59.1 * python3-kiwi-9.24.43-150100.3.59.1 * kiwi-tools-debuginfo-9.24.43-150100.3.59.1 * kiwi-systemdeps-image-validation-9.24.43-150100.3.59.1 * dracut-kiwi-oem-dump-9.24.43-150100.3.59.1 * kiwi-systemdeps-core-9.24.43-150100.3.59.1 * kiwi-man-pages-9.24.43-150100.3.59.1 * kiwi-systemdeps-bootloaders-9.24.43-150100.3.59.1 * kiwi-systemdeps-containers-9.24.43-150100.3.59.1 * dracut-kiwi-live-9.24.43-150100.3.59.1 * kiwi-systemdeps-filesystems-9.24.43-150100.3.59.1 * dracut-kiwi-lib-9.24.43-150100.3.59.1 * kiwi-systemdeps-iso-media-9.24.43-150100.3.59.1 * python-kiwi-debugsource-9.24.43-150100.3.59.1 * kiwi-systemdeps-disk-images-9.24.43-150100.3.59.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.59.1 * dracut-kiwi-overlay-9.24.43-150100.3.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * kiwi-pxeboot-9.24.43-150100.3.59.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * kiwi-systemdeps-9.24.43-150100.3.59.1 * kiwi-tools-9.24.43-150100.3.59.1 * python3-kiwi-9.24.43-150100.3.59.1 * kiwi-tools-debuginfo-9.24.43-150100.3.59.1 * kiwi-systemdeps-image-validation-9.24.43-150100.3.59.1 * dracut-kiwi-oem-dump-9.24.43-150100.3.59.1 * kiwi-systemdeps-core-9.24.43-150100.3.59.1 * kiwi-man-pages-9.24.43-150100.3.59.1 * kiwi-systemdeps-bootloaders-9.24.43-150100.3.59.1 * kiwi-systemdeps-containers-9.24.43-150100.3.59.1 * dracut-kiwi-live-9.24.43-150100.3.59.1 * kiwi-systemdeps-filesystems-9.24.43-150100.3.59.1 * dracut-kiwi-lib-9.24.43-150100.3.59.1 * kiwi-systemdeps-iso-media-9.24.43-150100.3.59.1 * python-kiwi-debugsource-9.24.43-150100.3.59.1 * kiwi-systemdeps-disk-images-9.24.43-150100.3.59.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.59.1 * dracut-kiwi-overlay-9.24.43-150100.3.59.1 * SUSE Enterprise Storage 7.1 (x86_64) * kiwi-pxeboot-9.24.43-150100.3.59.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * kiwi-tools-9.24.43-150100.3.59.1 * python3-kiwi-9.24.43-150100.3.59.1 * kiwi-tools-debuginfo-9.24.43-150100.3.59.1 * kiwi-systemdeps-image-validation-9.24.43-150100.3.59.1 * dracut-kiwi-oem-dump-9.24.43-150100.3.59.1 * kiwi-systemdeps-core-9.24.43-150100.3.59.1 * kiwi-man-pages-9.24.43-150100.3.59.1 * kiwi-systemdeps-bootloaders-9.24.43-150100.3.59.1 * dracut-kiwi-live-9.24.43-150100.3.59.1 * kiwi-systemdeps-filesystems-9.24.43-150100.3.59.1 * dracut-kiwi-lib-9.24.43-150100.3.59.1 * kiwi-systemdeps-iso-media-9.24.43-150100.3.59.1 * python-kiwi-debugsource-9.24.43-150100.3.59.1 * kiwi-systemdeps-disk-images-9.24.43-150100.3.59.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.59.1 * dracut-kiwi-overlay-9.24.43-150100.3.59.1 * SUSE Enterprise Storage 7 (x86_64) * kiwi-pxeboot-9.24.43-150100.3.59.1 * SUSE CaaS Platform 4.0 (x86_64) * kiwi-pxeboot-9.24.43-150100.3.59.1 * kiwi-tools-9.24.43-150100.3.59.1 * python3-kiwi-9.24.43-150100.3.59.1 * kiwi-tools-debuginfo-9.24.43-150100.3.59.1 * dracut-kiwi-oem-dump-9.24.43-150100.3.59.1 * kiwi-systemdeps-core-9.24.43-150100.3.59.1 * kiwi-man-pages-9.24.43-150100.3.59.1 * dracut-kiwi-live-9.24.43-150100.3.59.1 * python-kiwi-debugsource-9.24.43-150100.3.59.1 * dracut-kiwi-lib-9.24.43-150100.3.59.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.59.1 * dracut-kiwi-overlay-9.24.43-150100.3.59.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * dracut-kiwi-oem-repart-9.24.43-150100.3.59.1 * dracut-kiwi-lib-9.24.43-150100.3.59.1 * python-kiwi-debugsource-9.24.43-150100.3.59.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * dracut-kiwi-oem-dump-9.24.43-150100.3.59.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.59.1 * dracut-kiwi-lib-9.24.43-150100.3.59.1 * python-kiwi-debugsource-9.24.43-150100.3.59.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * dracut-kiwi-oem-dump-9.24.43-150100.3.59.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.59.1 * dracut-kiwi-lib-9.24.43-150100.3.59.1 * python-kiwi-debugsource-9.24.43-150100.3.59.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209247 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 8 12:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 08 Sep 2023 12:30:26 -0000 Subject: SUSE-SU-2023:2604-2: moderate: Security update for open-vm-tools Message-ID: <169417622684.17721.12668855921145737359@smelt2.suse.de> # Security update for open-vm-tools Announcement ID: SUSE-SU-2023:2604-2 Rating: moderate References: * #1210695 * #1212143 Cross-References: * CVE-2023-20867 CVSS scores: * CVE-2023-20867 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N * CVE-2023-20867 ( NVD ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for open-vm-tools fixes the following issues: * CVE-2023-20867: Fixed authentication bypass vulnerability in the vgauth module (bsc#1212143). Bug fixes: * Fixed build problem with grpc 1.54 (bsc#1210695). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2604=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2604=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2604=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2604=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2604=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2604=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2604=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2604=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * open-vm-tools-sdmp-debuginfo-12.2.0-150300.29.1 * open-vm-tools-desktop-12.2.0-150300.29.1 * open-vm-tools-debuginfo-12.2.0-150300.29.1 * open-vm-tools-debugsource-12.2.0-150300.29.1 * libvmtools0-debuginfo-12.2.0-150300.29.1 * libvmtools-devel-12.2.0-150300.29.1 * open-vm-tools-sdmp-12.2.0-150300.29.1 * libvmtools0-12.2.0-150300.29.1 * open-vm-tools-12.2.0-150300.29.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.29.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * open-vm-tools-sdmp-debuginfo-12.2.0-150300.29.1 * open-vm-tools-desktop-12.2.0-150300.29.1 * open-vm-tools-debuginfo-12.2.0-150300.29.1 * open-vm-tools-salt-minion-12.2.0-150300.29.1 * open-vm-tools-debugsource-12.2.0-150300.29.1 * libvmtools0-debuginfo-12.2.0-150300.29.1 * libvmtools-devel-12.2.0-150300.29.1 * open-vm-tools-sdmp-12.2.0-150300.29.1 * libvmtools0-12.2.0-150300.29.1 * open-vm-tools-12.2.0-150300.29.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.29.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * open-vm-tools-sdmp-debuginfo-12.2.0-150300.29.1 * open-vm-tools-desktop-12.2.0-150300.29.1 * open-vm-tools-debuginfo-12.2.0-150300.29.1 * open-vm-tools-debugsource-12.2.0-150300.29.1 * libvmtools0-debuginfo-12.2.0-150300.29.1 * libvmtools-devel-12.2.0-150300.29.1 * open-vm-tools-sdmp-12.2.0-150300.29.1 * libvmtools0-12.2.0-150300.29.1 * open-vm-tools-12.2.0-150300.29.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.29.1 * SUSE Manager Proxy 4.2 (x86_64) * open-vm-tools-sdmp-debuginfo-12.2.0-150300.29.1 * open-vm-tools-debuginfo-12.2.0-150300.29.1 * open-vm-tools-debugsource-12.2.0-150300.29.1 * libvmtools0-debuginfo-12.2.0-150300.29.1 * libvmtools-devel-12.2.0-150300.29.1 * open-vm-tools-sdmp-12.2.0-150300.29.1 * libvmtools0-12.2.0-150300.29.1 * open-vm-tools-12.2.0-150300.29.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * open-vm-tools-sdmp-debuginfo-12.2.0-150300.29.1 * open-vm-tools-debuginfo-12.2.0-150300.29.1 * open-vm-tools-debugsource-12.2.0-150300.29.1 * libvmtools0-debuginfo-12.2.0-150300.29.1 * libvmtools-devel-12.2.0-150300.29.1 * open-vm-tools-sdmp-12.2.0-150300.29.1 * libvmtools0-12.2.0-150300.29.1 * open-vm-tools-12.2.0-150300.29.1 * SUSE Manager Server 4.2 (x86_64) * open-vm-tools-sdmp-debuginfo-12.2.0-150300.29.1 * open-vm-tools-debuginfo-12.2.0-150300.29.1 * open-vm-tools-debugsource-12.2.0-150300.29.1 * libvmtools0-debuginfo-12.2.0-150300.29.1 * libvmtools-devel-12.2.0-150300.29.1 * open-vm-tools-sdmp-12.2.0-150300.29.1 * libvmtools0-12.2.0-150300.29.1 * open-vm-tools-12.2.0-150300.29.1 * SUSE Enterprise Storage 7.1 (x86_64) * open-vm-tools-sdmp-debuginfo-12.2.0-150300.29.1 * open-vm-tools-desktop-12.2.0-150300.29.1 * open-vm-tools-debuginfo-12.2.0-150300.29.1 * open-vm-tools-salt-minion-12.2.0-150300.29.1 * open-vm-tools-debugsource-12.2.0-150300.29.1 * libvmtools0-debuginfo-12.2.0-150300.29.1 * libvmtools-devel-12.2.0-150300.29.1 * open-vm-tools-sdmp-12.2.0-150300.29.1 * libvmtools0-12.2.0-150300.29.1 * open-vm-tools-12.2.0-150300.29.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.29.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * open-vm-tools-sdmp-debuginfo-12.2.0-150300.29.1 * open-vm-tools-desktop-12.2.0-150300.29.1 * open-vm-tools-debuginfo-12.2.0-150300.29.1 * open-vm-tools-salt-minion-12.2.0-150300.29.1 * open-vm-tools-debugsource-12.2.0-150300.29.1 * libvmtools0-debuginfo-12.2.0-150300.29.1 * libvmtools-devel-12.2.0-150300.29.1 * open-vm-tools-sdmp-12.2.0-150300.29.1 * libvmtools0-12.2.0-150300.29.1 * open-vm-tools-12.2.0-150300.29.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.29.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20867.html * https://bugzilla.suse.com/show_bug.cgi?id=1210695 * https://bugzilla.suse.com/show_bug.cgi?id=1212143 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 8 16:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 08 Sep 2023 16:30:16 -0000 Subject: SUSE-SU-2023:3563-1: moderate: Security update for icu73_2 Message-ID: <169419061694.931.17178792576054072664@smelt2.suse.de> # Security update for icu73_2 Announcement ID: SUSE-SU-2023:3563-1 Rating: moderate References: * #1030253 * #1095425 * #1103893 * #1112183 * #1146907 * #1158955 * #1159131 * #1161007 * #1162882 * #1166844 * #1167603 * #1182252 * #1182645 * #1192935 * #1193951 * #354372 * #437293 * #824262 * PED-4917 * SLE-11118 Cross-References: * CVE-2020-10531 * CVE-2020-21913 CVSS scores: * CVE-2020-10531 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2020-10531 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2020-21913 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-21913 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves two vulnerabilities, contains two features and has 16 security fixes can now be installed. ## Description: This update for icu73_2 fixes the following issues: * Update to release 73.2 * CLDR extends the support for ?short? Chinese sort orders to cover some additional, required characters for Level 2. This is carried over into ICU collation. * ICU has a modified character conversion table, mapping some GB18030 characters to Unicode characters that were encoded after GB18030-2005. * fixes builds where UCHAR_TYPE is re-defined such as libqt5-qtwebengine * Update to release 73.1 * Improved Japanese and Korean short-text line breaking * Reduction of C++ memory use in date formatting * Update to release 72.1 * Support for Unicode 15, including new characters, scripts, emoji, and corresponding API constants. * Support for CLDR 42 locale data with various additions and corrections. * Shift to tzdb 2022e. Pre-1970 data for a number of timezones has been removed. * bump library packagename to libicu71 to match the version. * update to 71.1: * updates to CLDR 41 locale data with various additions and corrections. * phrase-based line breaking for Japanese. Existing line breaking methods follow standards and conventions for body text but do not work well for short Japanese text, such as in titles and headings. This new feature is optimized for these use cases. * support for Hindi written in Latin letters (hi_Latn). The CLDR data for this increasingly popular locale has been significantly revised and expanded. Note that based on user expectations, hi_Latn incorporates a large amount of English, and can also be referred to as ?Hinglish?. * time zone data updated to version 2022a. Note that pre-1970 data for a number of time zones has been removed, as has been the case in the upstream tzdata release since 2021b. * ICU-21793 Fix ucptrietest golden diff [bsc#1192935] * Update to release 70.1: * Unicode 14 (new characters, scripts, emoji, and API constants) * CLDR 40 (many additions and corrections) * Fixes for measurement unit formatting * Can now be built with up to C++20 compilers * ICU-21613 Fix undefined behaviour in ComplexUnitsConverter::applyRounder * Update to release 69.1 * CLDR 39 * For Norwegian, "no" is back to being the canonical code, with "nb" treated as equivalent. This aligns handling of Norwegian with other macro language codes. * Binary prefixes in measurement units (KiB, MiB, etc.) * Time zone offsets from local time: New APIs BasicTimeZone::getOffsetFromLocal() (C++) and ucal_getTimeZoneOffsetFromLocal() * Backport ICU-21366 (bsc#1182645) * Update to release 68.2 * Fix memory problem in FormattedStringBuilder * Fix assertion when setKeywordValue w/ long value. * Fix UBSan breakage on 8bit of rbbi * fix int32_t overflow in listFormat * Fix memory handling in MemoryPool::operator=() * Fix memory leak in AliasReplacer * Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361 * Update to release 68.1 * CLDR 38 * Measurement unit preferences * PluralRules selection for ranges of numbers * Locale ID canonicalization now conforms to the CLDR spec including edge cases * DateIntervalFormat supports output options such as capitalization * Measurement units are normalized in skeleton string output * Time zone data (tzdata) version 2020d * Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) * Update to version 67.1 * Unicode 13 (ICU-20893, same as in ICU 66) * Total of 5930 new characters * 4 new scripts * 55 new emoji characters, plus additional new sequences * New CJK extension, first characters in plane 3: U+30000..U+3134A * CLDR 37 * New language at Modern coverage: Nigerian Pidgin * New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese * Region containment: EU no longer includes GB * Unicode 13 root collation data and Chinese data for collation and transliteration * DateTimePatternGenerator now obeys the "hc" preference in the locale identifier (ICU-20442) * Various other improvements for ECMA-402 conformance * Number skeletons have a new "concise" form that can be used in MessageFormat strings (ICU-20418) * Currency formatting options for formal and other currency display name variants (ICU-20854) * ListFormatter: new public API to select the style & type (ICU-12863) * ListFormatter now selects the proper ?and?/?or? form for Spanish & Hebrew (ICU-21016) * Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272) * LocaleMatcher: New option to ignore one-way matches (ICU-20936), and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR) * acceptLanguage() reimplemented via LocaleMatcher (ICU-20700) * Data build tool: tzdbNames.res moved from the "zone_tree" category to the "zone_supplemental" category (ICU-21073) * Fixed uses of u8"literals" broken by the C++20 introduction of the incompatible char8_t type (ICU-20972), * and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984). * Support for manipulating CLDR 37 unit identifiers in MeasureUnit. * Fix potential integer overflow in UnicodeString:doAppend (bsc#1166844, CVE-2020-10531). * Update to version 66.1 * Unicode 13 support * Fix uses of u8"literals" broken by C++20 introduction of incompatible char8_t type. (ICU-20972) * use LocalMemory for cmd to prevent use after free (bsc#1193951 CVE-2020-21913). * Remove /usr/lib(64)/icu/current [bsc#1158955]. * Update to release 65.1 (jsc#SLE-11118). * Updated to CLDR 36 locale data with many additions and corrections, and some new measurement units. * The Java LocaleMatcher API is improved, and ported to C++. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3563=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3563=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3563=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3563=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3563=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3563=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3563=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3563=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3563=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3563=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3563=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3563=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3563=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3563=1 ## Package List: * SUSE Manager Retail Branch Server 4.2 (x86_64) * libicu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * libicu73_2-doc-73.2-150000.1.3.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libicu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * libicu73_2-doc-73.2-150000.1.3.1 * SUSE Manager Server 4.2 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 * libicu73_2-bedata-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 * libicu73_2-bedata-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 * libicu73_2-bedata-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 * libicu73_2-bedata-73.2-150000.1.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libicu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-doc-73.2-150000.1.3.1 * openSUSE Leap 15.4 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 * libicu73_2-bedata-73.2-150000.1.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libicu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-doc-73.2-150000.1.3.1 * openSUSE Leap 15.5 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 * libicu73_2-bedata-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 * libicu73_2-bedata-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 * libicu73_2-bedata-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 * libicu73_2-bedata-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 * libicu73_2-bedata-73.2-150000.1.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libicu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * libicu73_2-doc-73.2-150000.1.3.1 * Basesystem Module 15-SP4 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 * libicu73_2-bedata-73.2-150000.1.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libicu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * libicu73_2-doc-73.2-150000.1.3.1 * Basesystem Module 15-SP5 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 * libicu73_2-bedata-73.2-150000.1.3.1 * SUSE Manager Proxy 4.2 (x86_64) * libicu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * libicu73_2-doc-73.2-150000.1.3.1 * SUSE Manager Proxy 4.2 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 ## References: * https://www.suse.com/security/cve/CVE-2020-10531.html * https://www.suse.com/security/cve/CVE-2020-21913.html * https://bugzilla.suse.com/show_bug.cgi?id=1030253 * https://bugzilla.suse.com/show_bug.cgi?id=1095425 * https://bugzilla.suse.com/show_bug.cgi?id=1103893 * https://bugzilla.suse.com/show_bug.cgi?id=1112183 * https://bugzilla.suse.com/show_bug.cgi?id=1146907 * https://bugzilla.suse.com/show_bug.cgi?id=1158955 * https://bugzilla.suse.com/show_bug.cgi?id=1159131 * https://bugzilla.suse.com/show_bug.cgi?id=1161007 * https://bugzilla.suse.com/show_bug.cgi?id=1162882 * https://bugzilla.suse.com/show_bug.cgi?id=1166844 * https://bugzilla.suse.com/show_bug.cgi?id=1167603 * https://bugzilla.suse.com/show_bug.cgi?id=1182252 * https://bugzilla.suse.com/show_bug.cgi?id=1182645 * https://bugzilla.suse.com/show_bug.cgi?id=1192935 * https://bugzilla.suse.com/show_bug.cgi?id=1193951 * https://bugzilla.suse.com/show_bug.cgi?id=354372 * https://bugzilla.suse.com/show_bug.cgi?id=437293 * https://bugzilla.suse.com/show_bug.cgi?id=824262 * https://jira.suse.com/browse/PED-4917 * https://jira.suse.com/browse/SLE-11118 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 8 16:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 08 Sep 2023 16:30:19 -0000 Subject: SUSE-SU-2023:3562-1: important: Security update for MozillaFirefox Message-ID: <169419061981.931.3245380595348943009@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:3562-1 Rating: important References: * #1213746 * #1214606 Cross-References: * CVE-2023-4051 * CVE-2023-4053 * CVE-2023-4574 * CVE-2023-4575 * CVE-2023-4576 * CVE-2023-4577 * CVE-2023-4578 * CVE-2023-4580 * CVE-2023-4581 * CVE-2023-4582 * CVE-2023-4583 * CVE-2023-4584 * CVE-2023-4585 CVSS scores: * CVE-2023-4051 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4053 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves 13 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Firefox was updated to Extended Support Release 115.2.0 ESR (MFSA 2023-36) (bsc#1214606). * CVE-2023-4574: Fixed memory corruption in IPC ColorPickerShownCallback (bmo#1846688) * CVE-2023-4575: Fixed memory corruption in IPC FilePickerShownCallback (bmo#1846689) * CVE-2023-4576: Fixed integer Overflow in RecordedSourceSurfaceCreation (bmo#1846694) * CVE-2023-4577: Fixed memory corruption in JIT UpdateRegExpStatics (bmo#1847397) * CVE-2023-4051: Fixed full screen notification obscured by file open dialog (bmo#1821884) * CVE-2023-4578: Fixed Out of Memory Exception in SpiderMonkey could have triggered an (bmo#1839007) * CVE-2023-4053: Fixed full screen notification obscured by external program (bmo#1839079) * CVE-2023-4580: Fixed push notifications saved to disk unencrypted (bmo#1843046) * CVE-2023-4581: Fixed XLL file extensions downloadable without warnings (bmo#1843758) * CVE-2023-4582: Fixed buffer Overflow in WebGL glGetProgramiv (bmo#1773874) * CVE-2023-4583: Fixed browsing Context potentially not cleared when closing Private Window (bmo#1842030) * CVE-2023-4584: Fixed memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (bmo#1843968, bmo#1845205, bmo#1846080, bmo#1846526, bmo#1847529) * CVE-2023-4585: Fixed memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2(bmo#1751583, bmo#1833504, bmo#1841082, bmo#1847904, bmo#1848999). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3562=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3562=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3562=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * MozillaFirefox-115.2.0-150000.150.100.1 * MozillaFirefox-translations-common-115.2.0-150000.150.100.1 * MozillaFirefox-translations-other-115.2.0-150000.150.100.1 * MozillaFirefox-debugsource-115.2.0-150000.150.100.1 * MozillaFirefox-debuginfo-115.2.0-150000.150.100.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * MozillaFirefox-devel-115.2.0-150000.150.100.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.2.0-150000.150.100.1 * MozillaFirefox-translations-common-115.2.0-150000.150.100.1 * MozillaFirefox-translations-other-115.2.0-150000.150.100.1 * MozillaFirefox-debugsource-115.2.0-150000.150.100.1 * MozillaFirefox-debuginfo-115.2.0-150000.150.100.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * MozillaFirefox-devel-115.2.0-150000.150.100.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * MozillaFirefox-115.2.0-150000.150.100.1 * MozillaFirefox-translations-common-115.2.0-150000.150.100.1 * MozillaFirefox-translations-other-115.2.0-150000.150.100.1 * MozillaFirefox-debugsource-115.2.0-150000.150.100.1 * MozillaFirefox-debuginfo-115.2.0-150000.150.100.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * MozillaFirefox-devel-115.2.0-150000.150.100.1 * SUSE CaaS Platform 4.0 (x86_64) * MozillaFirefox-115.2.0-150000.150.100.1 * MozillaFirefox-translations-common-115.2.0-150000.150.100.1 * MozillaFirefox-translations-other-115.2.0-150000.150.100.1 * MozillaFirefox-debugsource-115.2.0-150000.150.100.1 * MozillaFirefox-debuginfo-115.2.0-150000.150.100.1 * SUSE CaaS Platform 4.0 (noarch) * MozillaFirefox-devel-115.2.0-150000.150.100.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4051.html * https://www.suse.com/security/cve/CVE-2023-4053.html * https://www.suse.com/security/cve/CVE-2023-4574.html * https://www.suse.com/security/cve/CVE-2023-4575.html * https://www.suse.com/security/cve/CVE-2023-4576.html * https://www.suse.com/security/cve/CVE-2023-4577.html * https://www.suse.com/security/cve/CVE-2023-4578.html * https://www.suse.com/security/cve/CVE-2023-4580.html * https://www.suse.com/security/cve/CVE-2023-4581.html * https://www.suse.com/security/cve/CVE-2023-4582.html * https://www.suse.com/security/cve/CVE-2023-4583.html * https://www.suse.com/security/cve/CVE-2023-4584.html * https://www.suse.com/security/cve/CVE-2023-4585.html * https://bugzilla.suse.com/show_bug.cgi?id=1213746 * https://bugzilla.suse.com/show_bug.cgi?id=1214606 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 8 16:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 08 Sep 2023 16:30:21 -0000 Subject: SUSE-SU-2023:3561-1: important: Security update for skopeo Message-ID: <169419062189.931.2525523227713443837@smelt2.suse.de> # Security update for skopeo Announcement ID: SUSE-SU-2023:3561-1 Rating: important References: * #1212475 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one security fix can now be installed. ## Description: This update of skopeo fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3561=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3561=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3561=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3561=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3561=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3561=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3561=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3561=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3561=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3561=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3561=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3561=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * skopeo-debuginfo-1.12.0-150300.11.5.1 * skopeo-1.12.0-150300.11.5.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * skopeo-debuginfo-1.12.0-150300.11.5.1 * skopeo-1.12.0-150300.11.5.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * skopeo-debuginfo-1.12.0-150300.11.5.1 * skopeo-1.12.0-150300.11.5.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * skopeo-debuginfo-1.12.0-150300.11.5.1 * skopeo-1.12.0-150300.11.5.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * skopeo-debuginfo-1.12.0-150300.11.5.1 * skopeo-1.12.0-150300.11.5.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * skopeo-debuginfo-1.12.0-150300.11.5.1 * skopeo-1.12.0-150300.11.5.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * skopeo-debuginfo-1.12.0-150300.11.5.1 * skopeo-1.12.0-150300.11.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * skopeo-debuginfo-1.12.0-150300.11.5.1 * skopeo-1.12.0-150300.11.5.1 * SUSE Manager Proxy 4.2 (x86_64) * skopeo-debuginfo-1.12.0-150300.11.5.1 * skopeo-1.12.0-150300.11.5.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * skopeo-debuginfo-1.12.0-150300.11.5.1 * skopeo-1.12.0-150300.11.5.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * skopeo-debuginfo-1.12.0-150300.11.5.1 * skopeo-1.12.0-150300.11.5.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * skopeo-debuginfo-1.12.0-150300.11.5.1 * skopeo-1.12.0-150300.11.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 8 16:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 08 Sep 2023 16:30:24 -0000 Subject: SUSE-SU-2023:3560-1: important: Security update for geoipupdate Message-ID: <169419062485.931.8767317772297639102@smelt2.suse.de> # Security update for geoipupdate Announcement ID: SUSE-SU-2023:3560-1 Rating: important References: * #1212475 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one security fix can now be installed. ## Description: This update of geoipupdate fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3560=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3560=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3560=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3560=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3560=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3560=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3560=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3560=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3560=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3560=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3560=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3560=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3560=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3560=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3560=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3560=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3560=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3560=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3560=1 ## Package List: * SUSE Manager Proxy 4.2 (x86_64) * geoipupdate-legacy-4.2.2-150000.1.14.1 * geoipupdate-4.2.2-150000.1.14.1 * geoipupdate-debuginfo-4.2.2-150000.1.14.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * geoipupdate-legacy-4.2.2-150000.1.14.1 * geoipupdate-4.2.2-150000.1.14.1 * geoipupdate-debuginfo-4.2.2-150000.1.14.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * geoipupdate-legacy-4.2.2-150000.1.14.1 * geoipupdate-4.2.2-150000.1.14.1 * geoipupdate-debuginfo-4.2.2-150000.1.14.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * geoipupdate-legacy-4.2.2-150000.1.14.1 * geoipupdate-4.2.2-150000.1.14.1 * geoipupdate-debuginfo-4.2.2-150000.1.14.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * geoipupdate-legacy-4.2.2-150000.1.14.1 * geoipupdate-4.2.2-150000.1.14.1 * geoipupdate-debuginfo-4.2.2-150000.1.14.1 * SUSE CaaS Platform 4.0 (x86_64) * geoipupdate-legacy-4.2.2-150000.1.14.1 * geoipupdate-4.2.2-150000.1.14.1 * geoipupdate-debuginfo-4.2.2-150000.1.14.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * geoipupdate-legacy-4.2.2-150000.1.14.1 * geoipupdate-4.2.2-150000.1.14.1 * geoipupdate-debuginfo-4.2.2-150000.1.14.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * geoipupdate-legacy-4.2.2-150000.1.14.1 * geoipupdate-4.2.2-150000.1.14.1 * geoipupdate-debuginfo-4.2.2-150000.1.14.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * geoipupdate-legacy-4.2.2-150000.1.14.1 * geoipupdate-4.2.2-150000.1.14.1 * geoipupdate-debuginfo-4.2.2-150000.1.14.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * geoipupdate-legacy-4.2.2-150000.1.14.1 * geoipupdate-4.2.2-150000.1.14.1 * geoipupdate-debuginfo-4.2.2-150000.1.14.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * geoipupdate-legacy-4.2.2-150000.1.14.1 * geoipupdate-4.2.2-150000.1.14.1 * geoipupdate-debuginfo-4.2.2-150000.1.14.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * geoipupdate-legacy-4.2.2-150000.1.14.1 * geoipupdate-4.2.2-150000.1.14.1 * geoipupdate-debuginfo-4.2.2-150000.1.14.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * geoipupdate-legacy-4.2.2-150000.1.14.1 * geoipupdate-4.2.2-150000.1.14.1 * geoipupdate-debuginfo-4.2.2-150000.1.14.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * geoipupdate-legacy-4.2.2-150000.1.14.1 * geoipupdate-4.2.2-150000.1.14.1 * geoipupdate-debuginfo-4.2.2-150000.1.14.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * geoipupdate-legacy-4.2.2-150000.1.14.1 * geoipupdate-4.2.2-150000.1.14.1 * geoipupdate-debuginfo-4.2.2-150000.1.14.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * geoipupdate-legacy-4.2.2-150000.1.14.1 * geoipupdate-4.2.2-150000.1.14.1 * geoipupdate-debuginfo-4.2.2-150000.1.14.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * geoipupdate-legacy-4.2.2-150000.1.14.1 * geoipupdate-4.2.2-150000.1.14.1 * geoipupdate-debuginfo-4.2.2-150000.1.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * geoipupdate-legacy-4.2.2-150000.1.14.1 * geoipupdate-4.2.2-150000.1.14.1 * geoipupdate-debuginfo-4.2.2-150000.1.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * geoipupdate-legacy-4.2.2-150000.1.14.1 * geoipupdate-4.2.2-150000.1.14.1 * geoipupdate-debuginfo-4.2.2-150000.1.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * geoipupdate-legacy-4.2.2-150000.1.14.1 * geoipupdate-4.2.2-150000.1.14.1 * geoipupdate-debuginfo-4.2.2-150000.1.14.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 8 16:30:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 08 Sep 2023 16:30:27 -0000 Subject: SUSE-SU-2023:3559-1: important: Security update for MozillaFirefox Message-ID: <169419062732.931.14404735296956609065@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:3559-1 Rating: important References: * #1214606 Cross-References: * CVE-2023-4051 * CVE-2023-4053 * CVE-2023-4574 * CVE-2023-4575 * CVE-2023-4576 * CVE-2023-4577 * CVE-2023-4578 * CVE-2023-4580 * CVE-2023-4581 * CVE-2023-4582 * CVE-2023-4583 * CVE-2023-4584 * CVE-2023-4585 CVSS scores: * CVE-2023-4051 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4053 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves 13 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Firefox was updated to Extended Support Release 115.2.0 ESR (MFSA 2023-36) (bsc#1214606). * CVE-2023-4574: Fixed memory corruption in IPC ColorPickerShownCallback (bmo#1846688) * CVE-2023-4575: Fixed memory corruption in IPC FilePickerShownCallback (bmo#1846689) * CVE-2023-4576: Fixed integer Overflow in RecordedSourceSurfaceCreation (bmo#1846694) * CVE-2023-4577: Fixed memory corruption in JIT UpdateRegExpStatics (bmo#1847397) * CVE-2023-4051: Fixed full screen notification obscured by file open dialog (bmo#1821884) * CVE-2023-4578: Fixed Out of Memory Exception in SpiderMonkey could have triggered an (bmo#1839007) * CVE-2023-4053: Fixed full screen notification obscured by external program (bmo#1839079) * CVE-2023-4580: Fixed push notifications saved to disk unencrypted (bmo#1843046) * CVE-2023-4581: Fixed XLL file extensions downloadable without warnings (bmo#1843758) * CVE-2023-4582: Fixed buffer Overflow in WebGL glGetProgramiv (bmo#1773874) * CVE-2023-4583: Fixed browsing Context potentially not cleared when closing Private Window (bmo#1842030) * CVE-2023-4584: Fixed memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (bmo#1843968, bmo#1845205, bmo#1846080, bmo#1846526, bmo#1847529) * CVE-2023-4585: Fixed memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2(bmo#1751583, bmo#1833504, bmo#1841082, bmo#1847904, bmo#1848999). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3559=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3559=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3559=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3559=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-115.2.0-112.176.1 * MozillaFirefox-debuginfo-115.2.0-112.176.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * MozillaFirefox-devel-115.2.0-112.176.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * MozillaFirefox-debuginfo-115.2.0-112.176.1 * MozillaFirefox-debugsource-115.2.0-112.176.1 * MozillaFirefox-translations-common-115.2.0-112.176.1 * MozillaFirefox-115.2.0-112.176.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * MozillaFirefox-devel-115.2.0-112.176.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-115.2.0-112.176.1 * MozillaFirefox-debugsource-115.2.0-112.176.1 * MozillaFirefox-translations-common-115.2.0-112.176.1 * MozillaFirefox-115.2.0-112.176.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * MozillaFirefox-devel-115.2.0-112.176.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * MozillaFirefox-debuginfo-115.2.0-112.176.1 * MozillaFirefox-debugsource-115.2.0-112.176.1 * MozillaFirefox-translations-common-115.2.0-112.176.1 * MozillaFirefox-115.2.0-112.176.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * MozillaFirefox-devel-115.2.0-112.176.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4051.html * https://www.suse.com/security/cve/CVE-2023-4053.html * https://www.suse.com/security/cve/CVE-2023-4574.html * https://www.suse.com/security/cve/CVE-2023-4575.html * https://www.suse.com/security/cve/CVE-2023-4576.html * https://www.suse.com/security/cve/CVE-2023-4577.html * https://www.suse.com/security/cve/CVE-2023-4578.html * https://www.suse.com/security/cve/CVE-2023-4580.html * https://www.suse.com/security/cve/CVE-2023-4581.html * https://www.suse.com/security/cve/CVE-2023-4582.html * https://www.suse.com/security/cve/CVE-2023-4583.html * https://www.suse.com/security/cve/CVE-2023-4584.html * https://www.suse.com/security/cve/CVE-2023-4585.html * https://bugzilla.suse.com/show_bug.cgi?id=1214606 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 8 16:30:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 08 Sep 2023 16:30:30 -0000 Subject: SUSE-RU-2023:3558-1: moderate: Recommended update for containerd, docker, runc Message-ID: <169419063045.931.5861764787036643251@smelt2.suse.de> # Recommended update for containerd, docker, runc Announcement ID: SUSE-RU-2023:3558-1 Rating: moderate References: * #1207004 * #1208074 * #1208441 * #1210298 * #1211578 Affected Products: * Containers Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has five fixes can now be installed. ## Description: This update for containerd, docker, runc fixes the following issues: containerd was updated to 1.6.21 (bsc#1211578) * Require a minimum Go version explicitly (bsc#1210298) Docker was updated to 24.0.5-ce (bsc#1211578) runc was updated to 1.1.8. * Allow to install container-selinux instead of apparmor-parser * Change to using systemd-sysusers * Update runc.keyring to upstream version * Fix the inability to use `/dev/null` when inside a container (bsc#1207004) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 12 zypper in -t patch SUSE-SLE-Module-Containers-12-2023-3558=1 ## Package List: * Containers Module 12 (ppc64le s390x x86_64) * runc-1.1.8-16.34.1 * containerd-1.6.21-16.82.1 * runc-debuginfo-1.1.8-16.34.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207004 * https://bugzilla.suse.com/show_bug.cgi?id=1208074 * https://bugzilla.suse.com/show_bug.cgi?id=1208441 * https://bugzilla.suse.com/show_bug.cgi?id=1210298 * https://bugzilla.suse.com/show_bug.cgi?id=1211578 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 8 16:30:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 08 Sep 2023 16:30:32 -0000 Subject: SUSE-SU-2023:3557-1: important: Security update for rekor Message-ID: <169419063228.931.10006956758577528588@smelt2.suse.de> # Security update for rekor Announcement ID: SUSE-SU-2023:3557-1 Rating: important References: * #1212475 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one security fix can now be installed. ## Description: This update of rekor fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3557=1 openSUSE-SLE-15.4-2023-3557=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3557=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3557=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3557=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * rekor-1.2.1-150400.4.16.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * rekor-1.2.1-150400.4.16.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rekor-1.2.1-150400.4.16.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rekor-1.2.1-150400.4.16.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 8 16:30:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 08 Sep 2023 16:30:35 -0000 Subject: SUSE-SU-2023:3556-1: important: Security update for webkit2gtk3 Message-ID: <169419063548.931.16270134176104639868@smelt2.suse.de> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:3556-1 Rating: important References: * #1213379 * #1213581 * #1213905 * #1214093 Cross-References: * CVE-2023-32393 * CVE-2023-37450 CVSS scores: * CVE-2023-32393 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32393 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37450 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37450 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and has two security fixes can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: * Provide/obsolete WebKit2GTK-%{_apiver}-lang (bsc#1214093) * Have the lang package provide libwebkit2gtk3-lang (bsc#1214093) * Adjustments of update version 2.40.5 (bsc#1213905 bsc#1213379 bsc#1213581): * Added missing CVE references: CVE-2023-32393, CVE-2023-37450 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3556=1 openSUSE-SLE-15.4-2023-3556=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3556=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3556=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3556=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3556=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3556=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3556=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3556=1 ## Package List: * openSUSE Leap 15.4 (noarch) * WebKitGTK-4.1-lang-2.40.5-150400.4.48.1 * WebKitGTK-6.0-lang-2.40.5-150400.4.48.1 * WebKitGTK-4.0-lang-2.40.5-150400.4.48.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libjavascriptcoregtk-4_1-0-2.40.5-150400.4.48.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.40.5-150400.4.48.1 * webkit2gtk3-soup2-minibrowser-2.40.5-150400.4.48.1 * webkit2gtk4-devel-2.40.5-150400.4.48.1 * typelib-1_0-WebKit2-4_0-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-150400.4.48.1 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-150400.4.48.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.40.5-150400.4.48.1 * webkit-jsc-6.0-2.40.5-150400.4.48.1 * typelib-1_0-JavaScriptCore-6_0-2.40.5-150400.4.48.1 * webkit-jsc-4.1-debuginfo-2.40.5-150400.4.48.1 * webkitgtk-6_0-injected-bundles-2.40.5-150400.4.48.1 * typelib-1_0-JavaScriptCore-4_1-2.40.5-150400.4.48.1 * webkit2gtk3-minibrowser-debuginfo-2.40.5-150400.4.48.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.40.5-150400.4.48.1 * libwebkit2gtk-4_1-0-2.40.5-150400.4.48.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-150400.4.48.1 * webkit2gtk3-minibrowser-2.40.5-150400.4.48.1 * libwebkit2gtk-4_0-37-debuginfo-2.40.5-150400.4.48.1 * libwebkitgtk-6_0-4-debuginfo-2.40.5-150400.4.48.1 * webkit2gtk4-debugsource-2.40.5-150400.4.48.1 * webkit-jsc-4-2.40.5-150400.4.48.1 * webkit2gtk3-debugsource-2.40.5-150400.4.48.1 * typelib-1_0-JavaScriptCore-4_0-2.40.5-150400.4.48.1 * webkit2gtk-4_0-injected-bundles-2.40.5-150400.4.48.1 * webkit2gtk4-minibrowser-2.40.5-150400.4.48.1 * libwebkit2gtk-4_1-0-debuginfo-2.40.5-150400.4.48.1 * libjavascriptcoregtk-6_0-1-2.40.5-150400.4.48.1 * webkit-jsc-4.1-2.40.5-150400.4.48.1 * webkit2gtk3-soup2-minibrowser-debuginfo-2.40.5-150400.4.48.1 * typelib-1_0-WebKit2WebExtension-4_1-2.40.5-150400.4.48.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.40.5-150400.4.48.1 * webkit2gtk4-minibrowser-debuginfo-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_0-18-2.40.5-150400.4.48.1 * typelib-1_0-WebKit-6_0-2.40.5-150400.4.48.1 * webkit-jsc-4-debuginfo-2.40.5-150400.4.48.1 * libwebkitgtk-6_0-4-2.40.5-150400.4.48.1 * typelib-1_0-WebKit2-4_1-2.40.5-150400.4.48.1 * webkit2gtk3-soup2-debugsource-2.40.5-150400.4.48.1 * webkit2gtk3-devel-2.40.5-150400.4.48.1 * libwebkit2gtk-4_0-37-2.40.5-150400.4.48.1 * webkit2gtk-4_1-injected-bundles-2.40.5-150400.4.48.1 * webkit-jsc-6.0-debuginfo-2.40.5-150400.4.48.1 * webkit2gtk3-soup2-devel-2.40.5-150400.4.48.1 * openSUSE Leap 15.4 (x86_64) * libwebkit2gtk-4_1-0-32bit-2.40.5-150400.4.48.1 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_1-0-32bit-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_0-18-32bit-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.40.5-150400.4.48.1 * libwebkit2gtk-4_0-37-32bit-2.40.5-150400.4.48.1 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.40.5-150400.4.48.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libwebkit2gtk-4_1-0-64bit-debuginfo-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.40.5-150400.4.48.1 * libwebkit2gtk-4_1-0-64bit-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_1-0-64bit-2.40.5-150400.4.48.1 * libwebkit2gtk-4_0-37-64bit-2.40.5-150400.4.48.1 * libwebkit2gtk-4_0-37-64bit-debuginfo-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_0-18-64bit-2.40.5-150400.4.48.1 * openSUSE Leap 15.5 (noarch) * WebKitGTK-4.1-lang-2.40.5-150400.4.48.1 * WebKitGTK-6.0-lang-2.40.5-150400.4.48.1 * WebKitGTK-4.0-lang-2.40.5-150400.4.48.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-4_1-0-2.40.5-150400.4.48.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.40.5-150400.4.48.1 * webkit2gtk3-soup2-minibrowser-2.40.5-150400.4.48.1 * webkit2gtk4-devel-2.40.5-150400.4.48.1 * typelib-1_0-WebKit2-4_0-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-150400.4.48.1 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-150400.4.48.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.40.5-150400.4.48.1 * webkit-jsc-6.0-2.40.5-150400.4.48.1 * typelib-1_0-JavaScriptCore-6_0-2.40.5-150400.4.48.1 * webkit-jsc-4.1-debuginfo-2.40.5-150400.4.48.1 * webkitgtk-6_0-injected-bundles-2.40.5-150400.4.48.1 * typelib-1_0-JavaScriptCore-4_1-2.40.5-150400.4.48.1 * webkit2gtk3-minibrowser-debuginfo-2.40.5-150400.4.48.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.40.5-150400.4.48.1 * libwebkit2gtk-4_1-0-2.40.5-150400.4.48.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-150400.4.48.1 * webkit2gtk3-minibrowser-2.40.5-150400.4.48.1 * libwebkit2gtk-4_0-37-debuginfo-2.40.5-150400.4.48.1 * libwebkitgtk-6_0-4-debuginfo-2.40.5-150400.4.48.1 * webkit2gtk4-debugsource-2.40.5-150400.4.48.1 * webkit-jsc-4-2.40.5-150400.4.48.1 * webkit2gtk3-debugsource-2.40.5-150400.4.48.1 * typelib-1_0-JavaScriptCore-4_0-2.40.5-150400.4.48.1 * webkit2gtk-4_0-injected-bundles-2.40.5-150400.4.48.1 * webkit2gtk4-minibrowser-2.40.5-150400.4.48.1 * libwebkit2gtk-4_1-0-debuginfo-2.40.5-150400.4.48.1 * libjavascriptcoregtk-6_0-1-2.40.5-150400.4.48.1 * webkit-jsc-4.1-2.40.5-150400.4.48.1 * webkit2gtk3-soup2-minibrowser-debuginfo-2.40.5-150400.4.48.1 * typelib-1_0-WebKit2WebExtension-4_1-2.40.5-150400.4.48.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.40.5-150400.4.48.1 * webkit2gtk4-minibrowser-debuginfo-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_0-18-2.40.5-150400.4.48.1 * typelib-1_0-WebKit-6_0-2.40.5-150400.4.48.1 * webkit-jsc-4-debuginfo-2.40.5-150400.4.48.1 * libwebkitgtk-6_0-4-2.40.5-150400.4.48.1 * typelib-1_0-WebKit2-4_1-2.40.5-150400.4.48.1 * webkit2gtk3-soup2-debugsource-2.40.5-150400.4.48.1 * webkit2gtk3-devel-2.40.5-150400.4.48.1 * libwebkit2gtk-4_0-37-2.40.5-150400.4.48.1 * webkit2gtk-4_1-injected-bundles-2.40.5-150400.4.48.1 * webkit-jsc-6.0-debuginfo-2.40.5-150400.4.48.1 * webkit2gtk3-soup2-devel-2.40.5-150400.4.48.1 * openSUSE Leap 15.5 (x86_64) * libwebkit2gtk-4_1-0-32bit-2.40.5-150400.4.48.1 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_1-0-32bit-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_0-18-32bit-2.40.5-150400.4.48.1 * libwebkit2gtk-4_0-37-32bit-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.40.5-150400.4.48.1 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.40.5-150400.4.48.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.40.5-150400.4.48.1 * libwebkit2gtk-4_1-0-64bit-debuginfo-2.40.5-150400.4.48.1 * libwebkit2gtk-4_1-0-64bit-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_1-0-64bit-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.40.5-150400.4.48.1 * libwebkit2gtk-4_0-37-64bit-2.40.5-150400.4.48.1 * libwebkit2gtk-4_0-37-64bit-debuginfo-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_0-18-64bit-2.40.5-150400.4.48.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-150400.4.48.1 * libwebkit2gtk-4_0-37-debuginfo-2.40.5-150400.4.48.1 * webkit2gtk3-soup2-debugsource-2.40.5-150400.4.48.1 * libwebkit2gtk-4_0-37-2.40.5-150400.4.48.1 * typelib-1_0-JavaScriptCore-4_0-2.40.5-150400.4.48.1 * webkit2gtk-4_0-injected-bundles-2.40.5-150400.4.48.1 * typelib-1_0-WebKit2-4_0-2.40.5-150400.4.48.1 * webkit2gtk3-soup2-devel-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_0-18-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-150400.4.48.1 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-150400.4.48.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-150400.4.48.1 * libwebkit2gtk-4_0-37-debuginfo-2.40.5-150400.4.48.1 * webkit2gtk3-soup2-debugsource-2.40.5-150400.4.48.1 * libwebkit2gtk-4_0-37-2.40.5-150400.4.48.1 * typelib-1_0-JavaScriptCore-4_0-2.40.5-150400.4.48.1 * webkit2gtk-4_0-injected-bundles-2.40.5-150400.4.48.1 * typelib-1_0-WebKit2-4_0-2.40.5-150400.4.48.1 * webkit2gtk3-soup2-devel-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_0-18-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-150400.4.48.1 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-150400.4.48.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-4_1-0-2.40.5-150400.4.48.1 * typelib-1_0-WebKit2-4_1-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.40.5-150400.4.48.1 * webkit2gtk3-devel-2.40.5-150400.4.48.1 * webkit2gtk3-debugsource-2.40.5-150400.4.48.1 * webkit2gtk-4_1-injected-bundles-2.40.5-150400.4.48.1 * typelib-1_0-JavaScriptCore-4_1-2.40.5-150400.4.48.1 * libwebkit2gtk-4_1-0-debuginfo-2.40.5-150400.4.48.1 * typelib-1_0-WebKit2WebExtension-4_1-2.40.5-150400.4.48.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.40.5-150400.4.48.1 * libwebkit2gtk-4_1-0-2.40.5-150400.4.48.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-4_1-0-2.40.5-150400.4.48.1 * typelib-1_0-WebKit2-4_1-2.40.5-150400.4.48.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.40.5-150400.4.48.1 * webkit2gtk3-devel-2.40.5-150400.4.48.1 * webkit2gtk3-debugsource-2.40.5-150400.4.48.1 * webkit2gtk-4_1-injected-bundles-2.40.5-150400.4.48.1 * typelib-1_0-JavaScriptCore-4_1-2.40.5-150400.4.48.1 * libwebkit2gtk-4_1-0-debuginfo-2.40.5-150400.4.48.1 * typelib-1_0-WebKit2WebExtension-4_1-2.40.5-150400.4.48.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.40.5-150400.4.48.1 * libwebkit2gtk-4_1-0-2.40.5-150400.4.48.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libwebkitgtk-6_0-4-2.40.5-150400.4.48.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.40.5-150400.4.48.1 * webkit2gtk4-debugsource-2.40.5-150400.4.48.1 * libwebkitgtk-6_0-4-debuginfo-2.40.5-150400.4.48.1 * webkitgtk-6_0-injected-bundles-2.40.5-150400.4.48.1 * libjavascriptcoregtk-6_0-1-2.40.5-150400.4.48.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libwebkitgtk-6_0-4-2.40.5-150400.4.48.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.40.5-150400.4.48.1 * webkit2gtk4-debugsource-2.40.5-150400.4.48.1 * libwebkitgtk-6_0-4-debuginfo-2.40.5-150400.4.48.1 * webkitgtk-6_0-injected-bundles-2.40.5-150400.4.48.1 * libjavascriptcoregtk-6_0-1-2.40.5-150400.4.48.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32393.html * https://www.suse.com/security/cve/CVE-2023-37450.html * https://bugzilla.suse.com/show_bug.cgi?id=1213379 * https://bugzilla.suse.com/show_bug.cgi?id=1213581 * https://bugzilla.suse.com/show_bug.cgi?id=1213905 * https://bugzilla.suse.com/show_bug.cgi?id=1214093 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 8 16:30:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 08 Sep 2023 16:30:39 -0000 Subject: SUSE-SU-2023:3555-1: important: Security update for libssh2_org Message-ID: <169419063928.931.18207536728631317199@smelt2.suse.de> # Security update for libssh2_org Announcement ID: SUSE-SU-2023:3555-1 Rating: important References: * #1214527 Cross-References: * CVE-2020-22218 CVSS scores: * CVE-2020-22218 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-22218 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for libssh2_org fixes the following issues: * CVE-2020-22218: Fixed a bug in _libssh2_packet_add() which allows to access out of bounds memory. (bsc#1214527) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3555=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3555=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3555=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3555=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3555=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3555=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3555=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3555=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3555=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3555=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3555=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3555=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3555=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3555=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3555=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3555=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3555=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3555=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3555=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3555=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3555=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3555=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3555=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3555=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3555=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3555=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-devel-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * openSUSE Leap 15.4 (x86_64) * libssh2-1-32bit-1.9.0-150000.4.16.1 * libssh2-1-32bit-debuginfo-1.9.0-150000.4.16.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-devel-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * openSUSE Leap 15.5 (x86_64) * libssh2-1-32bit-1.9.0-150000.4.16.1 * libssh2-1-32bit-debuginfo-1.9.0-150000.4.16.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-devel-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-devel-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-devel-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libssh2-1-32bit-1.9.0-150000.4.16.1 * libssh2-1-32bit-debuginfo-1.9.0-150000.4.16.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-devel-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libssh2-1-32bit-1.9.0-150000.4.16.1 * libssh2-1-32bit-debuginfo-1.9.0-150000.4.16.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-devel-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-devel-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-devel-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libssh2-1-32bit-1.9.0-150000.4.16.1 * libssh2-1-32bit-debuginfo-1.9.0-150000.4.16.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-devel-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libssh2-1-32bit-1.9.0-150000.4.16.1 * libssh2-1-32bit-debuginfo-1.9.0-150000.4.16.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-devel-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-devel-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libssh2-1-32bit-1.9.0-150000.4.16.1 * libssh2-1-32bit-debuginfo-1.9.0-150000.4.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-devel-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libssh2-1-32bit-1.9.0-150000.4.16.1 * libssh2-1-32bit-debuginfo-1.9.0-150000.4.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-devel-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * SUSE Manager Proxy 4.2 (x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-devel-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-devel-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-devel-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-devel-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-devel-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * SUSE Enterprise Storage 7 (x86_64) * libssh2-1-32bit-1.9.0-150000.4.16.1 * libssh2-1-32bit-debuginfo-1.9.0-150000.4.16.1 * SUSE CaaS Platform 4.0 (x86_64) * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-1-32bit-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 * libssh2-devel-1.9.0-150000.4.16.1 * libssh2-1-32bit-1.9.0-150000.4.16.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libssh2_org-debugsource-1.9.0-150000.4.16.1 * libssh2-1-debuginfo-1.9.0-150000.4.16.1 * libssh2-1-1.9.0-150000.4.16.1 ## References: * https://www.suse.com/security/cve/CVE-2020-22218.html * https://bugzilla.suse.com/show_bug.cgi?id=1214527 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Sep 9 07:03:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 9 Sep 2023 09:03:47 +0200 (CEST) Subject: SUSE-CU-2023:2910-1: Security update of bci/php-apache Message-ID: <20230909070347.106FEF46C@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2910-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-6.41 Container Release : 6.41 Severity : important Type : security References : 1214103 1214106 CVE-2023-3823 CVE-2023-3824 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3528-1 Released: Tue Sep 5 09:59:27 2023 Summary: Security update for php7 Type: security Severity: important References: 1214103,1214106,CVE-2023-3823,CVE-2023-3824 This update for php7 fixes the following issues: - CVE-2023-3823: Fixed an issue with external entity loading in XML without enabling it. (bsc#1214106) - CVE-2023-3824: Fixed a buffer overflow in phar_dir_read(). (bsc#1214103) The following package changes have been done: - php8-cli-8.0.30-150400.4.37.1 updated - php8-8.0.30-150400.4.37.1 updated - apache2-mod_php8-8.0.30-150400.4.37.1 updated - php8-openssl-8.0.30-150400.4.37.1 updated - php8-mbstring-8.0.30-150400.4.37.1 updated - php8-zlib-8.0.30-150400.4.37.1 updated - php8-zip-8.0.30-150400.4.37.1 updated - php8-curl-8.0.30-150400.4.37.1 updated - php8-phar-8.0.30-150400.4.37.1 updated From sle-updates at lists.suse.com Sat Sep 9 07:03:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 9 Sep 2023 09:03:58 +0200 (CEST) Subject: SUSE-CU-2023:2911-1: Security update of bci/php-fpm Message-ID: <20230909070358.52156F46C@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2911-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-6.40 Container Release : 6.40 Severity : important Type : security References : 1214103 1214106 CVE-2023-3823 CVE-2023-3824 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3528-1 Released: Tue Sep 5 09:59:27 2023 Summary: Security update for php7 Type: security Severity: important References: 1214103,1214106,CVE-2023-3823,CVE-2023-3824 This update for php7 fixes the following issues: - CVE-2023-3823: Fixed an issue with external entity loading in XML without enabling it. (bsc#1214106) - CVE-2023-3824: Fixed a buffer overflow in phar_dir_read(). (bsc#1214103) The following package changes have been done: - php8-cli-8.0.30-150400.4.37.1 updated - php8-8.0.30-150400.4.37.1 updated - php8-fpm-8.0.30-150400.4.37.1 updated - php8-openssl-8.0.30-150400.4.37.1 updated - php8-mbstring-8.0.30-150400.4.37.1 updated - php8-zlib-8.0.30-150400.4.37.1 updated - php8-zip-8.0.30-150400.4.37.1 updated - php8-curl-8.0.30-150400.4.37.1 updated - php8-phar-8.0.30-150400.4.37.1 updated From sle-updates at lists.suse.com Sat Sep 9 07:04:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 9 Sep 2023 09:04:09 +0200 (CEST) Subject: SUSE-CU-2023:2912-1: Security update of bci/php Message-ID: <20230909070409.C023AF46C@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2912-1 Container Tags : bci/php:8 , bci/php:8-6.40 Container Release : 6.40 Severity : important Type : security References : 1214103 1214106 CVE-2023-3823 CVE-2023-3824 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3528-1 Released: Tue Sep 5 09:59:27 2023 Summary: Security update for php7 Type: security Severity: important References: 1214103,1214106,CVE-2023-3823,CVE-2023-3824 This update for php7 fixes the following issues: - CVE-2023-3823: Fixed an issue with external entity loading in XML without enabling it. (bsc#1214106) - CVE-2023-3824: Fixed a buffer overflow in phar_dir_read(). (bsc#1214103) The following package changes have been done: - php8-cli-8.0.30-150400.4.37.1 updated - php8-8.0.30-150400.4.37.1 updated - php8-openssl-8.0.30-150400.4.37.1 updated - php8-mbstring-8.0.30-150400.4.37.1 updated - php8-zlib-8.0.30-150400.4.37.1 updated - php8-curl-8.0.30-150400.4.37.1 updated - php8-zip-8.0.30-150400.4.37.1 updated - php8-phar-8.0.30-150400.4.37.1 updated - container:sles15-image-15.0.0-36.5.30 updated From sle-updates at lists.suse.com Mon Sep 11 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Sep 2023 08:30:02 -0000 Subject: SUSE-SU-2023:3572-1: important: Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP1) Message-ID: <169442100274.15175.11416324319430019799@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP1) Announcement ID: SUSE-SU-2023:3572-1 Rating: important References: * #1213063 * #1213244 Cross-References: * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-150100_197_151 fixes several issues. The following security issues were fixed: * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-3572=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_151-default-2-150100.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 11 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Sep 2023 08:30:05 -0000 Subject: SUSE-SU-2023:3571-1: important: Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP1) Message-ID: <169442100508.15175.7631010033227365241@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP1) Announcement ID: SUSE-SU-2023:3571-1 Rating: important References: * #1212849 * #1213063 * #1213244 Cross-References: * CVE-2023-3090 * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-150100_197_148 fixes several issues. The following security issues were fixed: * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-3571=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_148-default-3-150100.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 11 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Sep 2023 08:30:07 -0000 Subject: SUSE-SU-2023:3566-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP1) Message-ID: <169442100780.15175.4016595024117384433@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP1) Announcement ID: SUSE-SU-2023:3566-1 Rating: important References: * #1208839 * #1210630 * #1212849 * #1213063 * #1213244 Cross-References: * CVE-2023-1077 * CVE-2023-2176 * CVE-2023-3090 * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-150100_197_145 fixes several issues. The following security issues were fixed: * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210630). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-3566=1 SUSE-SLE- Module-Live-Patching-15-SP1-2023-3567=1 SUSE-SLE-Module-Live- Patching-15-SP1-2023-3568=1 SUSE-SLE-Module-Live-Patching-15-SP1-2023-3569=1 SUSE-SLE-Module-Live-Patching-15-SP1-2023-3570=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_137-default-5-150100.2.1 * kernel-livepatch-4_12_14-150100_197_145-default-5-150100.2.1 * kernel-livepatch-4_12_14-150100_197_126-default-10-150100.2.2 * kernel-livepatch-4_12_14-150100_197_123-default-10-150100.2.2 * kernel-livepatch-4_12_14-150100_197_142-default-5-150100.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1210630 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 11 10:52:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Sep 2023 12:52:21 +0200 (CEST) Subject: SUSE-CU-2023:2913-1: Security update of ses/7.1/ceph/prometheus-server Message-ID: <20230911105221.D1D6DF46C@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/prometheus-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2913-1 Container Tags : ses/7.1/ceph/prometheus-server:2.37.6 , ses/7.1/ceph/prometheus-server:2.37.6.3.2.497 , ses/7.1/ceph/prometheus-server:latest , ses/7.1/ceph/prometheus-server:sle15.3.pacific Container Release : 3.2.497 Severity : important Type : security References : 1089497 1158763 1201627 1202234 1204023 1206627 1207534 1208049 1208298 1208612 1208721 1209229 1209565 1210740 1210999 1211261 1211419 1211661 1211741 1211828 1212187 1212187 1212222 1212260 1212279 1213189 1213231 1213487 1213517 1213557 1213673 1213853 1214054 1214290 CVE-2022-41715 CVE-2022-41723 CVE-2022-4304 CVE-2022-46146 CVE-2023-2603 CVE-2023-28370 CVE-2023-31484 CVE-2023-3446 CVE-2023-36054 CVE-2023-3817 CVE-2023-4016 ----------------------------------------------------------------- The container ses/7.1/ceph/prometheus-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2497-1 Released: Tue Jun 13 15:37:25 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1211661,1212187 This update for libzypp fixes the following issues: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2598-1 Released: Wed Jun 21 15:17:04 2023 Summary: Security update for golang-github-prometheus-prometheus Type: security Severity: important References: 1204023,1208049,1208298,CVE-2022-41715,CVE-2022-41723,CVE-2022-46146 This update for golang-github-prometheus-prometheus fixes the following issues: golang-github-prometheus-prometheus: - Security issues fixed in this version update to 2.37.6: * CVE-2022-46146: Fix basic authentication bypass vulnerability (bsc#1208049, jsc#PED-3576) * CVE-2022-41715: Update our regexp library to fix upstream (bsc#1204023) * CVE-2022-41723: Fixed go issue to avoid quadratic complexity in HPACK decoding (bsc#1208298) - Other non-security bugs fixed and changes in this version update to 2.37.6: * [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory leak. * [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup. * [BUGFIX] Agent: Fix validation of flag options and prevent WAL from growing more than desired. * [BUGFIX] Properly close file descriptor when logging unfinished queries. * [BUGFIX] TSDB: In the WAL watcher metrics, expose the type='exemplar' label instead of type='unknown' for exemplar records. * [BUGFIX] Alerting: Fix Alertmanager targets not being updated when alerts were queued. * [BUGFIX] Hetzner SD: Make authentication files relative to Prometheus config file. * [BUGFIX] Promtool: Fix promtool check config not erroring properly on failures. * [BUGFIX] Scrape: Keep relabeled scrape interval and timeout on reloads. * [BUGFIX] TSDB: Don't increment prometheus_tsdb_compactions_failed_total when context is canceled. * [BUGFIX] TSDB: Fix panic if series is not found when deleting series. * [BUGFIX] TSDB: Increase prometheus_tsdb_mmap_chunk_corruptions_total on out of sequence errors. * [BUGFIX] Uyuni SD: Make authentication files relative to Prometheus configuration file and fix default configuration values. * [BUGFIX] Fix serving of static assets like fonts and favicon. * [BUGFIX] promtool: Add --lint-fatal option. * [BUGFIX] Changing TotalQueryableSamples from int to int64. * [BUGFIX] tsdb/agent: Ignore duplicate exemplars. * [BUGFIX] TSDB: Fix chunk overflow appending samples at a variable rate. * [BUGFIX] Stop rule manager before TSDB is stopped. * [BUGFIX] Kubernetes SD: Explicitly include gcp auth from k8s.io. * [BUGFIX] Fix OpenMetrics parser to sort uppercase labels correctly. * [BUGFIX] UI: Fix scrape interval and duration tooltip not showing on target page. * [BUGFIX] Tracing/GRPC: Set TLS credentials only when insecure is false. * [BUGFIX] Agent: Fix ID collision when loading a WAL with multiple segments. * [BUGFIX] Remote-write: Fix a deadlock between Batch and flushing the queue. * [BUGFIX] PromQL: Properly return an error from histogram_quantile when metrics have the same labelset. * [BUGFIX] UI: Fix bug that sets the range input to the resolution. * [BUGFIX] TSDB: Fix a query panic when memory-snapshot-on-shutdown is enabled. * [BUGFIX] Parser: Specify type in metadata parser errors. * [BUGFIX] Scrape: Fix label limit changes not applying. * [BUGFIX] Remote-write: Fix deadlock between adding to queue and getting batch. * [BUGFIX] TSDB: Fix panic when m-mapping head chunks onto the disk. * [BUGFIX] Azure SD: Fix a regression when public IP Address isn't set. * [BUGFIX] Azure SD: Fix panic when public IP Address isn't set. * [BUGFIX] Remote-write: Fix deadlock when stopping a shard. * [BUGFIX] SD: Fix no such file or directory in K8s SD when not running inside K8s. * [BUGFIX] Promtool: Make exit codes more consistent. * [BUGFIX] Promtool: Fix flakiness of rule testing. * [BUGFIX] Remote-write: Update prometheus_remote_storage_queue_highest_sent_timestamp_seconds metric when write irrecoverably fails. * [BUGFIX] Storage: Avoid panic in BufferedSeriesIterator. * [BUGFIX] TSDB: CompactBlockMetas should produce correct mint/maxt for overlapping blocks. * [BUGFIX] TSDB: Fix logging of exemplar storage size. * [BUGFIX] UI: Fix overlapping click targets for the alert state checkboxes. * [BUGFIX] UI: Fix Unhealthy filter on target page to actually display only Unhealthy targets. * [BUGFIX] UI: Fix autocompletion when expression is empty. * [BUGFIX] TSDB: Fix deadlock from simultaneous GC and write. * [CHANGE] TSDB: Delete *.tmp WAL files when Prometheus starts. * [CHANGE] promtool: Add new flag --lint (enabled by default) for the commands check rules and check config, resulting in a new exit code (3) for linter errors. * [CHANGE] UI: Classic UI removed. * [CHANGE] Tracing: Migrate from Jaeger to OpenTelemetry based tracing. * [CHANGE] PromQL: Promote negative offset and @ modifer to stable features. * [CHANGE] Web: Promote remote-write-receiver to stable. * [FEATURE] Nomad SD: New service discovery for Nomad built-in service discovery. * [FEATURE] Add lowercase and uppercase relabel action. * [FEATURE] SD: Add IONOS Cloud integration. * [FEATURE] SD: Add Vultr integration. * [FEATURE] SD: Add Linode SD failure count metric. * [FEATURE] Add prometheus_ready metric. * [FEATURE] Support for automatically setting the variable GOMAXPROCS to the container CPU limit. Enable with the flag `--enable-feature=auto-gomaxprocs`. * [FEATURE] PromQL: Extend statistics with total and peak number of samples in a query. Additionally, per-step statistics are available with --enable-feature=promql-per-step-stats and using stats=all in the query API. Enable with the flag `--enable-feature=per-step-stats`. * [FEATURE] Config: Add stripPort template function. * [FEATURE] Promtool: Add cardinality analysis to check metrics, enabled by flag --extended. * [FEATURE] SD: Enable target discovery in own K8s namespace. * [FEATURE] SD: Add provider ID label in K8s SD. * [FEATURE] Web: Add limit field to the rules API. * [ENHANCEMENT] Kubernetes SD: Allow attaching node labels for endpoint role. * [ENHANCEMENT] PromQL: Optimise creation of signature with/without labels. * [ENHANCEMENT] TSDB: Memory optimizations. * [ENHANCEMENT] TSDB: Reduce sleep time when reading WAL. * [ENHANCEMENT] OAuth2: Add appropriate timeouts and User-Agent header. * [ENHANCEMENT] Add stripDomain to template function. * [ENHANCEMENT] UI: Enable active search through dropped targets. * [ENHANCEMENT] promtool: support matchers when querying label * [ENHANCEMENT] Add agent mode identifier. * [ENHANCEMENT] TSDB: more efficient sorting of postings read from WAL at startup. * [ENHANCEMENT] Azure SD: Add metric to track Azure SD failures. * [ENHANCEMENT] Azure SD: Add an optional resource_group configuration. * [ENHANCEMENT] Kubernetes SD: Support discovery.k8s.io/v1 EndpointSlice (previously only discovery.k8s.io/v1beta1 EndpointSlice was supported). * [ENHANCEMENT] Kubernetes SD: Allow attaching node metadata to discovered pods. * [ENHANCEMENT] OAuth2: Support for using a proxy URL to fetch OAuth2 tokens. * [ENHANCEMENT] Configuration: Add the ability to disable HTTP2. * [ENHANCEMENT] Config: Support overriding minimum TLS version. * [ENHANCEMENT] TSDB: Disable the chunk write queue by default and allow configuration with the experimental flag `--storage.tsdb.head-chunks-write-queue-size`. * [ENHANCEMENT] HTTP SD: Add a failure counter. * [ENHANCEMENT] Azure SD: Set Prometheus User-Agent on requests. * [ENHANCEMENT] Uyuni SD: Reduce the number of logins to Uyuni. * [ENHANCEMENT] Scrape: Log when an invalid media type is encountered during a scrape. * [ENHANCEMENT] Scrape: Accept application/openmetrics-text;version=1.0.0 in addition to version=0.0.1. * [ENHANCEMENT] Remote-read: Add an option to not use external labels as selectors for remote read. * [ENHANCEMENT] UI: Optimize the alerts page and add a search bar. * [ENHANCEMENT] UI: Improve graph colors that were hard to see. * [ENHANCEMENT] Config: Allow escaping of $ with $$ when using environment variables with external labels. * [ENHANCEMENT] Remote-write: Avoid allocations by buffering concrete structs instead of interfaces. * [ENHANCEMENT] Remote-write: Log time series details for out-of-order samples in remote write receiver. * [ENHANCEMENT] Remote-write: Shard up more when backlogged. * [ENHANCEMENT] TSDB: Use simpler map key to improve exemplar ingest performance. * [ENHANCEMENT] TSDB: Avoid allocations when popping from the intersected postings heap. * [ENHANCEMENT] TSDB: Make chunk writing non-blocking, avoiding latency spikes in remote-write. * [ENHANCEMENT] TSDB: Improve label matching performance. * [ENHANCEMENT] UI: Optimize the service discovery page and add a search bar. * [ENHANCEMENT] UI: Optimize the target page and add a search bar. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2742-1 Released: Fri Jun 30 11:40:56 2023 Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Type: recommended Severity: moderate References: 1202234,1209565,1211261,1212187,1212222 This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2956-1 Released: Tue Jul 25 08:33:38 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211419,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3144-1 Released: Wed Aug 2 09:28:51 2023 Summary: Security update for SUSE Manager Client Tools Type: security Severity: moderate References: 1208612,1211741,1212279,CVE-2023-28370 This update fixes the following issues: python-tornado: - Security fixes: * CVE-2023-28370: Fixed an open redirect issue in the static file handler (bsc#1211741) prometheus-blackbox_exporter: - Use obscpio for go modules service - Set version number - Set build date from SOURCE_DATE_EPOCH - Update to 0.24.0 (bsc#1212279, jsc#PED-4556) * Requires go1.19 - Avoid empty validation script - Add rc symlink for backwards compatibility spacecmd: - Version 4.3.22-1 * Bypass traditional systems check on older SUMA instances (bsc#1208612) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3179-1 Released: Thu Aug 3 13:59:38 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,1213487,CVE-2022-4304,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). - Update further expiring certificates that affect tests [bsc#1201627] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3284-1 Released: Fri Aug 11 10:29:50 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3291-1 Released: Fri Aug 11 12:51:21 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3365-1 Released: Fri Aug 18 20:35:01 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3515-1 Released: Fri Sep 1 15:54:25 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) The following package changes have been done: - glibc-2.31-150300.52.2 updated - golang-github-prometheus-prometheus-2.37.6-150100.4.17.1 updated - krb5-1.19.2-150300.13.1 updated - libassuan0-2.5.5-150000.4.5.2 updated - libcap2-2.26-150000.4.9.1 updated - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libldap-data-2.4.46-150200.14.17.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.75.1 updated - libopenssl1_1-1.1.1d-150200.11.75.1 updated - libprocps7-3.3.15-150000.7.34.1 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 updated - libsolv-tools-0.7.24-150200.20.2 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libzypp-17.31.20-150200.75.1 updated - login_defs-4.8.1-150300.4.9.1 updated - openssl-1_1-1.1.1d-150200.11.75.1 updated - perl-base-5.26.1-150300.17.14.1 updated - procps-3.3.15-150000.7.34.1 updated - shadow-4.8.1-150300.4.9.1 updated - system-user-prometheus-1.0.0-150000.10.1 updated - zypper-1.14.63-150200.59.1 updated - container:sles15-image-15.0.0-17.20.180 updated From sle-updates at lists.suse.com Mon Sep 11 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Sep 2023 12:30:02 -0000 Subject: SUSE-RU-2023:3575-1: moderate: Recommended update for python3-ec2metadata Message-ID: <169443540227.27459.6924374700973515627@smelt2.suse.de> # Recommended update for python3-ec2metadata Announcement ID: SUSE-RU-2023:3575-1 Rating: moderate References: * #1214215 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for python3-ec2metadata fixes the following issues: * Update to version 5.0.0 (bsc#1214215) * Remove the '\--use-token' command line option as AWS is deprecating access to instance metadata without authentication token, therefore the ability to access metadata without token has been removed. * Support access to the metadata server over IPv6. If the customer enables the IPv6 endpoint for an instance it will be preferred over the IPv4 endpoint ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3575=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3575=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3575=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3575=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3575=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3575=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-3575=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-3575=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-3575=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3575=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3575=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python3-ec2metadata-5.0.0-150000.3.12.1 * openSUSE Leap 15.5 (noarch) * python3-ec2metadata-5.0.0-150000.3.12.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-ec2metadata-5.0.0-150000.3.12.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-ec2metadata-5.0.0-150000.3.12.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-ec2metadata-5.0.0-150000.3.12.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-ec2metadata-5.0.0-150000.3.12.1 * Public Cloud Module 15-SP1 (noarch) * python3-ec2metadata-5.0.0-150000.3.12.1 * Public Cloud Module 15-SP2 (noarch) * python3-ec2metadata-5.0.0-150000.3.12.1 * Public Cloud Module 15-SP3 (noarch) * python3-ec2metadata-5.0.0-150000.3.12.1 * Public Cloud Module 15-SP4 (noarch) * python3-ec2metadata-5.0.0-150000.3.12.1 * Public Cloud Module 15-SP5 (noarch) * python3-ec2metadata-5.0.0-150000.3.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214215 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 11 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Sep 2023 12:30:05 -0000 Subject: SUSE-RU-2023:3574-1: moderate: Recommended update for azure-cli Message-ID: <169443540542.27459.4814857053166757176@smelt2.suse.de> # Recommended update for azure-cli Announcement ID: SUSE-RU-2023:3574-1 Rating: moderate References: * #1214728 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one fix can now be installed. ## Description: This update for azure-cli fixes the following issues: * Fixed an issue when python-pytest dependecny in azure-cli breaks DMS. (bsc#1214728) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-3574=1 ## Package List: * Public Cloud Module 12 (noarch) * azure-cli-2.17.1-2.23.1 * Public Cloud Module 12 (aarch64 ppc64le s390x x86_64) * azure-cli-test-2.17.1-2.23.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214728 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 11 16:50:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Sep 2023 16:50:31 -0000 Subject: SUSE-SU-2023:3576-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP5) Message-ID: <169445103144.28744.18272307786428942963@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:3576-1 Rating: important References: * #1208839 * #1210630 * #1212849 * #1213063 * #1213244 Cross-References: * CVE-2023-1077 * CVE-2023-2176 * CVE-2023-3090 * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_133 fixes several issues. The following security issues were fixed: * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210630). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-3576=1 SUSE-SLE-Live- Patching-12-SP5-2023-3578=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_133-default-11-2.2 * kgraft-patch-4_12_14-122_130-default-13-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1210630 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 11 16:50:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Sep 2023 16:50:34 -0000 Subject: SUSE-RU-2023:3581-1: moderate: Recommended update for flatpak-builder Message-ID: <169445103439.28744.10804553091375251393@smelt2.suse.de> # Recommended update for flatpak-builder Announcement ID: SUSE-RU-2023:3581-1 Rating: moderate References: * #1214708 Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for flatpak-builder fixes the following issues: * Cherry-pick an upstream patch to fix corrupted files when using a large fs with 64-bit inodes (bsc#1214708) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3581=1 openSUSE-SLE-15.4-2023-3581=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3581=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3581=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3581=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * flatpak-builder-debuginfo-1.2.2-150400.3.3.1 * flatpak-builder-debugsource-1.2.2-150400.3.3.1 * flatpak-builder-1.2.2-150400.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * flatpak-builder-debuginfo-1.2.2-150400.3.3.1 * flatpak-builder-debugsource-1.2.2-150400.3.3.1 * flatpak-builder-1.2.2-150400.3.3.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * flatpak-builder-debuginfo-1.2.2-150400.3.3.1 * flatpak-builder-debugsource-1.2.2-150400.3.3.1 * flatpak-builder-1.2.2-150400.3.3.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * flatpak-builder-debuginfo-1.2.2-150400.3.3.1 * flatpak-builder-debugsource-1.2.2-150400.3.3.1 * flatpak-builder-1.2.2-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214708 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 11 16:50:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Sep 2023 16:50:36 -0000 Subject: SUSE-SU-2023:3580-1: moderate: Security update for python-Django Message-ID: <169445103620.28744.14839446330774331701@smelt2.suse.de> # Security update for python-Django Announcement ID: SUSE-SU-2023:3580-1 Rating: moderate References: * #1214667 Cross-References: * CVE-2023-41164 CVSS scores: Affected Products: * HPE Helion OpenStack 8 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise Server 12 SP3 * SUSE OpenStack Cloud 8 * SUSE OpenStack Cloud Crowbar 8 An update that solves one vulnerability can now be installed. ## Description: This update for python-Django fixes the following issues: * CVE-2023-41164: Fixed a potential denial of service vulnerability in django.utils.encoding.uri_to_iri() (bsc#1214667). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPE Helion OpenStack 8 zypper in -t patch HPE-Helion-OpenStack-8-2023-3580=1 * SUSE OpenStack Cloud 8 zypper in -t patch SUSE-OpenStack-Cloud-8-2023-3580=1 * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-3580=1 ## Package List: * HPE Helion OpenStack 8 (noarch) * python-Django-1.11.29-3.51.1 * SUSE OpenStack Cloud 8 (noarch) * python-Django-1.11.29-3.51.1 * SUSE OpenStack Cloud Crowbar 8 (noarch) * python-Django-1.11.29-3.51.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41164.html * https://bugzilla.suse.com/show_bug.cgi?id=1214667 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 11 16:50:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Sep 2023 16:50:37 -0000 Subject: SUSE-RU-2023:3579-1: moderate: Recommended update for salt-shaptools Message-ID: <169445103749.28744.11888817215985724979@smelt2.suse.de> # Recommended update for salt-shaptools Announcement ID: SUSE-RU-2023:3579-1 Rating: moderate References: Affected Products: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that can now be installed. ## Description: This update for salt-shaptools fixes the following issues: * Version 0.3.18 * Salt no longer vendors six (>=salt-3006.0) https://github.com/saltstack/salt/issues/63874 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SAP-12-SP5-2023-3579=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * salt-shaptools-0.3.18+git.1690200022.db379c1-4.16.3 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 11 16:50:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Sep 2023 16:50:40 -0000 Subject: SUSE-RU-2023:3577-1: low: Recommended update for crypto-policies Message-ID: <169445104077.28744.12202028179562071938@smelt2.suse.de> # Recommended update for crypto-policies Announcement ID: SUSE-RU-2023:3577-1 Rating: low References: * #1209998 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for crypto-policies fixes the following issues: * Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3577=1 SUSE-2023-3577=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3577=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3577=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3577=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3577=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3577=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3577=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3577=1 ## Package List: * openSUSE Leap 15.4 (noarch) * crypto-policies-scripts-20210917.c9d86d1-150400.3.3.1 * crypto-policies-20210917.c9d86d1-150400.3.3.1 * openSUSE Leap 15.5 (noarch) * crypto-policies-scripts-20210917.c9d86d1-150400.3.3.1 * crypto-policies-20210917.c9d86d1-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * crypto-policies-20210917.c9d86d1-150400.3.3.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * crypto-policies-20210917.c9d86d1-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * crypto-policies-20210917.c9d86d1-150400.3.3.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * crypto-policies-20210917.c9d86d1-150400.3.3.1 * Basesystem Module 15-SP4 (noarch) * crypto-policies-scripts-20210917.c9d86d1-150400.3.3.1 * crypto-policies-20210917.c9d86d1-150400.3.3.1 * Basesystem Module 15-SP5 (noarch) * crypto-policies-scripts-20210917.c9d86d1-150400.3.3.1 * crypto-policies-20210917.c9d86d1-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209998 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 11 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Sep 2023 20:30:04 -0000 Subject: SUSE-SU-2023:3585-1: important: Security update for the Linux Kernel (Live Patch 44 for SLE 12 SP5) Message-ID: <169446420427.18631.8360008017098949605@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 44 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:3585-1 Rating: important References: * #1208839 * #1212849 * #1213063 * #1213244 Cross-References: * CVE-2023-1077 * CVE-2023-3090 * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_162 fixes several issues. The following security issues were fixed: * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-3585=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_162-default-3-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 11 20:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Sep 2023 20:30:07 -0000 Subject: SUSE-SU-2023:3582-1: important: Security update for the Linux Kernel (Live Patch 42 for SLE 12 SP5) Message-ID: <169446420704.18631.5370201761143290193@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 42 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:3582-1 Rating: important References: * #1208839 * #1210630 * #1212849 * #1213063 * #1213244 Cross-References: * CVE-2023-1077 * CVE-2023-2176 * CVE-2023-3090 * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_156 fixes several issues. The following security issues were fixed: * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210630). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-3582=1 SUSE-SLE-Live- Patching-12-SP5-2023-3583=1 SUSE-SLE-Live-Patching-12-SP5-2023-3584=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_150-default-7-2.2 * kgraft-patch-4_12_14-122_156-default-5-2.1 * kgraft-patch-4_12_14-122_153-default-5-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1210630 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 12 07:06:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Sep 2023 09:06:30 +0200 (CEST) Subject: SUSE-CU-2023:2916-1: Recommended update of suse/389-ds Message-ID: <20230912070630.EE633FCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2916-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-14.56 , suse/389-ds:latest Container Release : 14.56 Severity : low Type : recommended References : 1209998 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low References: 1209998 This update for crypto-policies fixes the following issues: - Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.32 updated From sle-updates at lists.suse.com Tue Sep 12 07:07:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Sep 2023 09:07:10 +0200 (CEST) Subject: SUSE-CU-2023:2919-1: Recommended update of suse/registry Message-ID: <20230912070710.5AD91FCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2919-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-14.21 , suse/registry:latest Container Release : 14.21 Severity : low Type : recommended References : 1209998 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low References: 1209998 This update for crypto-policies fixes the following issues: - Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.3.1 updated From sle-updates at lists.suse.com Tue Sep 12 07:09:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Sep 2023 09:09:05 +0200 (CEST) Subject: SUSE-CU-2023:2927-1: Recommended update of bci/openjdk Message-ID: <20230912070905.17A8FFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2927-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-10.44 , bci/openjdk:latest Container Release : 10.44 Severity : low Type : recommended References : 1209998 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low References: 1209998 This update for crypto-policies fixes the following issues: - Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.32 updated From sle-updates at lists.suse.com Tue Sep 12 07:09:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Sep 2023 09:09:31 +0200 (CEST) Subject: SUSE-CU-2023:2929-1: Recommended update of bci/php-apache Message-ID: <20230912070931.E54DBFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2929-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-6.42 Container Release : 6.42 Severity : low Type : recommended References : 1209998 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low References: 1209998 This update for crypto-policies fixes the following issues: - Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.32 updated From sle-updates at lists.suse.com Tue Sep 12 07:09:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Sep 2023 09:09:44 +0200 (CEST) Subject: SUSE-CU-2023:2930-1: Recommended update of bci/php-fpm Message-ID: <20230912070944.E2F41FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2930-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-6.41 Container Release : 6.41 Severity : low Type : recommended References : 1209998 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low References: 1209998 This update for crypto-policies fixes the following issues: - Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.32 updated From sle-updates at lists.suse.com Tue Sep 12 07:10:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Sep 2023 09:10:22 +0200 (CEST) Subject: SUSE-CU-2023:2933-1: Recommended update of bci/python Message-ID: <20230912071022.2E856FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2933-1 Container Tags : bci/python:3 , bci/python:3-8.49 , bci/python:3.11 , bci/python:3.11-8.49 , bci/python:latest Container Release : 8.49 Severity : low Type : recommended References : 1209998 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low References: 1209998 This update for crypto-policies fixes the following issues: - Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.32 updated From sle-updates at lists.suse.com Tue Sep 12 07:10:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Sep 2023 09:10:36 +0200 (CEST) Subject: SUSE-CU-2023:2934-1: Recommended update of bci/python Message-ID: <20230912071036.5F85EFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2934-1 Container Tags : bci/python:3 , bci/python:3-10.47 , bci/python:3.6 , bci/python:3.6-10.47 Container Release : 10.47 Severity : low Type : recommended References : 1209998 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low References: 1209998 This update for crypto-policies fixes the following issues: - Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.32 updated From sle-updates at lists.suse.com Tue Sep 12 07:11:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Sep 2023 09:11:03 +0200 (CEST) Subject: SUSE-CU-2023:2936-1: Recommended update of suse/sle15 Message-ID: <20230912071103.4FF25FCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2936-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.32 , suse/sle15:15.5 , suse/sle15:15.5.36.5.32 Container Release : 36.5.32 Severity : low Type : recommended References : 1209998 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low References: 1209998 This update for crypto-policies fixes the following issues: - Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.3.1 updated From sle-updates at lists.suse.com Tue Sep 12 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Sep 2023 08:30:03 -0000 Subject: SUSE-SU-2023:3589-1: important: Security update for terraform-provider-aws Message-ID: <169450740315.32018.881953735986176890@smelt2.suse.de> # Security update for terraform-provider-aws Announcement ID: SUSE-SU-2023:3589-1 Rating: important References: * #1212475 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP5 An update that has one security fix can now be installed. ## Description: This update of terraform-provider-aws fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-3589=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-3589=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3589=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3589=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3589=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3589=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3589=1 ## Package List: * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * terraform-provider-aws-3.11.0-150200.6.9.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * terraform-provider-aws-3.11.0-150200.6.9.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * terraform-provider-aws-3.11.0-150200.6.9.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * terraform-provider-aws-3.11.0-150200.6.9.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * terraform-provider-aws-3.11.0-150200.6.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * terraform-provider-aws-3.11.0-150200.6.9.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * terraform-provider-aws-3.11.0-150200.6.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 12 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Sep 2023 08:30:05 -0000 Subject: SUSE-SU-2023:3588-1: important: Security update for terraform-provider-null Message-ID: <169450740545.32018.665510843958896823@smelt2.suse.de> # Security update for terraform-provider-null Announcement ID: SUSE-SU-2023:3588-1 Rating: important References: * #1212475 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP5 An update that has one security fix can now be installed. ## Description: This update of terraform-provider-null fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3588=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3588=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3588=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-3588=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-3588=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3588=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3588=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * terraform-provider-null-3.0.0-150200.6.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * terraform-provider-null-3.0.0-150200.6.9.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * terraform-provider-null-3.0.0-150200.6.9.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * terraform-provider-null-3.0.0-150200.6.9.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * terraform-provider-null-3.0.0-150200.6.9.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * terraform-provider-null-3.0.0-150200.6.9.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * terraform-provider-null-3.0.0-150200.6.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 12 08:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Sep 2023 08:30:08 -0000 Subject: SUSE-SU-2023:3587-1: important: Security update for terraform-provider-helm Message-ID: <169450740856.32018.2161698709193889113@smelt2.suse.de> # Security update for terraform-provider-helm Announcement ID: SUSE-SU-2023:3587-1 Rating: important References: * #1212475 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP5 An update that has one security fix can now be installed. ## Description: This update of terraform-provider-helm fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3587=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3587=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3587=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-3587=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-3587=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3587=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3587=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150200.6.14.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150200.6.14.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150200.6.14.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150200.6.14.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150200.6.14.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150200.6.14.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150200.6.14.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 12 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Sep 2023 16:30:02 -0000 Subject: SUSE-RU-2023:3590-1: moderate: Recommended update for mozilla-nss Message-ID: <169453620296.3312.8362053580077539679@smelt2.suse.de> # Recommended update for mozilla-nss Announcement ID: SUSE-RU-2023:3590-1 Rating: moderate References: * #1176173 Affected Products: * Certifications Module 15-SP3 * SUSE Linux Enterprise Desktop 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that has one fix can now be installed. ## Description: This update for mozilla-nss fixes the following issue: * FIPS: Adjust the Diffie-Hellman and Elliptic Curve Diffie-Hellman algorithms to be NIST SP800-56Arev3 compliant (bsc#1176173). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Certifications Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Certifications-15-SP3-2023-3590=1 ## Package List: * Certifications Module 15-SP3 (aarch64 ppc64le s390x x86_64) * libsoftokn3-debuginfo-3.47.1-3.51.1 * mozilla-nss-3.47.1-3.51.1 * mozilla-nss-tools-debuginfo-3.47.1-3.51.1 * mozilla-nss-certs-3.47.1-3.51.1 * mozilla-nss-debuginfo-3.47.1-3.51.1 * libfreebl3-3.47.1-3.51.1 * mozilla-nss-sysinit-3.47.1-3.51.1 * mozilla-nss-certs-debuginfo-3.47.1-3.51.1 * libfreebl3-debuginfo-3.47.1-3.51.1 * libsoftokn3-3.47.1-3.51.1 * mozilla-nss-tools-3.47.1-3.51.1 * mozilla-nss-debugsource-3.47.1-3.51.1 * libfreebl3-hmac-3.47.1-3.51.1 * mozilla-nss-devel-3.47.1-3.51.1 * mozilla-nss-sysinit-debuginfo-3.47.1-3.51.1 * libsoftokn3-hmac-3.47.1-3.51.1 * Certifications Module 15-SP3 (x86_64) * mozilla-nss-sysinit-32bit-debuginfo-3.47.1-3.51.1 * mozilla-nss-32bit-3.47.1-3.51.1 * libfreebl3-32bit-debuginfo-3.47.1-3.51.1 * libfreebl3-32bit-3.47.1-3.51.1 * mozilla-nss-certs-32bit-3.47.1-3.51.1 * libfreebl3-hmac-32bit-3.47.1-3.51.1 * mozilla-nss-32bit-debuginfo-3.47.1-3.51.1 * mozilla-nss-certs-32bit-debuginfo-3.47.1-3.51.1 * mozilla-nss-sysinit-32bit-3.47.1-3.51.1 * libsoftokn3-32bit-debuginfo-3.47.1-3.51.1 * libsoftokn3-32bit-3.47.1-3.51.1 * libsoftokn3-hmac-32bit-3.47.1-3.51.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1176173 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 13 07:03:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Sep 2023 09:03:52 +0200 (CEST) Subject: SUSE-CU-2023:2937-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20230913070352.DF208FCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2937-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.206 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.206 Severity : low Type : recommended References : 1209998 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low References: 1209998 This update for crypto-policies fixes the following issues: - Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.3.1 updated - container:sles15-image-15.0.0-27.14.96 updated From sle-updates at lists.suse.com Wed Sep 13 07:04:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Sep 2023 09:04:36 +0200 (CEST) Subject: SUSE-CU-2023:2938-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20230913070436.E9A84FCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2938-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.103 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.103 Severity : low Type : recommended References : 1209998 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low References: 1209998 This update for crypto-policies fixes the following issues: - Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.3.1 updated - container:sles15-image-15.0.0-27.14.96 updated From sle-updates at lists.suse.com Wed Sep 13 07:04:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Sep 2023 09:04:47 +0200 (CEST) Subject: SUSE-CU-2023:2939-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20230913070447.56AB9FCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2939-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.41 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.41 Severity : low Type : recommended References : 1209998 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low References: 1209998 This update for crypto-policies fixes the following issues: - Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.32 updated From sle-updates at lists.suse.com Wed Sep 13 07:09:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Sep 2023 09:09:16 +0200 (CEST) Subject: SUSE-CU-2023:2943-1: Recommended update of bci/python Message-ID: <20230913070916.878AEFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2943-1 Container Tags : bci/python:3 , bci/python:3-15.47 , bci/python:3.10 , bci/python:3.10-15.47 Container Release : 15.47 Severity : low Type : recommended References : 1209998 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low References: 1209998 This update for crypto-policies fixes the following issues: - Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.3.1 updated - container:sles15-image-15.0.0-27.14.96 updated From sle-updates at lists.suse.com Wed Sep 13 07:10:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Sep 2023 09:10:13 +0200 (CEST) Subject: SUSE-CU-2023:2944-1: Recommended update of suse/sle15 Message-ID: <20230913071013.66283FCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2944-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.96 , suse/sle15:15.4 , suse/sle15:15.4.27.14.96 Container Release : 27.14.96 Severity : low Type : recommended References : 1209998 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low References: 1209998 This update for crypto-policies fixes the following issues: - Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.3.1 updated From sle-updates at lists.suse.com Wed Sep 13 07:11:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Sep 2023 09:11:51 +0200 (CEST) Subject: SUSE-CU-2023:2950-1: Recommended update of bci/openjdk-devel Message-ID: <20230913071151.C4CD5FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2950-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-8.93 Container Release : 8.93 Severity : low Type : recommended References : 1209998 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low References: 1209998 This update for crypto-policies fixes the following issues: - Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.3.1 updated - container:bci-openjdk-11-15.5.11-9.45 updated From sle-updates at lists.suse.com Wed Sep 13 07:12:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Sep 2023 09:12:07 +0200 (CEST) Subject: SUSE-CU-2023:2951-1: Recommended update of bci/openjdk Message-ID: <20230913071207.904D3FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2951-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-9.45 Container Release : 9.45 Severity : low Type : recommended References : 1209998 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low References: 1209998 This update for crypto-policies fixes the following issues: - Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.32 updated From sle-updates at lists.suse.com Wed Sep 13 07:12:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Sep 2023 09:12:24 +0200 (CEST) Subject: SUSE-CU-2023:2952-1: Recommended update of bci/openjdk-devel Message-ID: <20230913071224.2BAEEFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2952-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-10.90 , bci/openjdk-devel:latest Container Release : 10.90 Severity : low Type : recommended References : 1209998 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low References: 1209998 This update for crypto-policies fixes the following issues: - Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.3.1 updated - container:bci-openjdk-17-15.5.17-10.45 updated From sle-updates at lists.suse.com Wed Sep 13 07:12:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Sep 2023 09:12:54 +0200 (CEST) Subject: SUSE-CU-2023:2954-1: Recommended update of bci/php Message-ID: <20230913071254.3E2D8FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2954-1 Container Tags : bci/php:8 , bci/php:8-6.42 Container Release : 6.42 Severity : low Type : recommended References : 1209998 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low References: 1209998 This update for crypto-policies fixes the following issues: - Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.32 updated From sle-updates at lists.suse.com Wed Sep 13 08:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Sep 2023 08:30:06 -0000 Subject: SUSE-SU-2023:3592-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP5) Message-ID: <169459380624.5343.15978828981711515963@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:3592-1 Rating: important References: * #1208839 * #1210630 * #1212849 * #1213063 * #1213244 Cross-References: * CVE-2023-1077 * CVE-2023-2176 * CVE-2023-3090 * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_136 fixes several issues. The following security issues were fixed: * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210630). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-3592=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_136-default-10-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1210630 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 13 08:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Sep 2023 08:30:08 -0000 Subject: SUSE-SU-2023:3591-1: low: Security update for shadow Message-ID: <169459380813.5343.7335185245975719259@smelt2.suse.de> # Security update for shadow Announcement ID: SUSE-SU-2023:3591-1 Rating: low References: * #1214806 Cross-References: * CVE-2023-4641 CVSS scores: * CVE-2023-4641 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for shadow fixes the following issues: * CVE-2023-4641: Fixed potential password leak (bsc#1214806). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3591=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3591=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * login_defs-4.8.1-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * shadow-debugsource-4.8.1-150400.3.3.1 * shadow-4.8.1-150400.3.3.1 * shadow-debuginfo-4.8.1-150400.3.3.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * login_defs-4.8.1-150400.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * shadow-debugsource-4.8.1-150400.3.3.1 * shadow-4.8.1-150400.3.3.1 * shadow-debuginfo-4.8.1-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4641.html * https://bugzilla.suse.com/show_bug.cgi?id=1214806 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 13 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Sep 2023 12:30:06 -0000 Subject: SUSE-SU-2023:3594-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP3) Message-ID: <169460820642.28304.835831567373797089@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:3594-1 Rating: important References: * #1208839 * #1210630 * #1211187 * #1211395 * #1212849 * #1213063 * #1213244 Cross-References: * CVE-2023-1077 * CVE-2023-2156 * CVE-2023-2176 * CVE-2023-3090 * CVE-2023-32233 * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_93 fixes several issues. The following security issues were fixed: * CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211187). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210630). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-3594=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_93-default-13-150300.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-32233.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1210630 * https://bugzilla.suse.com/show_bug.cgi?id=1211187 * https://bugzilla.suse.com/show_bug.cgi?id=1211395 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 13 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Sep 2023 12:30:08 -0000 Subject: SUSE-RU-2023:3593-1: low: Recommended update for ERICSSON-release Message-ID: <169460820802.28304.17970459643434700264@smelt2.suse.de> # Recommended update for ERICSSON-release Announcement ID: SUSE-RU-2023:3593-1 Rating: low References: Affected Products: * Galera for Ericsson 15 SP5 An update that can now be installed. ## Description: This update for ERICSSON-release fixes the following issue: * Create release package for Ericsson 15-SP5 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Galera for Ericsson 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-ERICSSON-2023-3593=1 ## Package List: * Galera for Ericsson 15 SP5 (x86_64) * ERICSSON-release-15.5-150500.1.3.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 13 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Sep 2023 16:30:03 -0000 Subject: SUSE-SU-2023:3596-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP1) Message-ID: <169462260336.13347.4476007939640572049@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP1) Announcement ID: SUSE-SU-2023:3596-1 Rating: important References: * #1208839 * #1210630 * #1212849 * #1213063 * #1213244 Cross-References: * CVE-2023-1077 * CVE-2023-2176 * CVE-2023-3090 * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-150100_197_131 fixes several issues. The following security issues were fixed: * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210630). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-3596=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_131-default-8-150100.2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1210630 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 13 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Sep 2023 16:30:08 -0000 Subject: SUSE-SU-2023:3595-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP3) Message-ID: <169462260814.13347.10173733002654177377@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:3595-1 Rating: important References: * #1208839 * #1210630 * #1211187 * #1211395 * #1212849 * #1213063 * #1213244 Cross-References: * CVE-2023-1077 * CVE-2023-2156 * CVE-2023-2176 * CVE-2023-3090 * CVE-2023-32233 * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_106 fixes several issues. The following security issues were fixed: * CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211187). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210630). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-3595=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_106-default-8-150300.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-32233.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1210630 * https://bugzilla.suse.com/show_bug.cgi?id=1211187 * https://bugzilla.suse.com/show_bug.cgi?id=1211395 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 13 20:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Sep 2023 20:30:03 -0000 Subject: SUSE-SU-2023:3598-1: important: Security update for the Linux Kernel (Live Patch 45 for SLE 12 SP5) Message-ID: <169463700320.12751.6520024250798566429@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 45 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:3598-1 Rating: important References: * #1213063 * #1213244 Cross-References: * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_165 fixes several issues. The following security issues were fixed: * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-3598=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_165-default-2-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Sep 14 07:02:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Sep 2023 09:02:56 +0200 (CEST) Subject: SUSE-CU-2023:2958-1: Security update of rancher/elemental-teal-iso/5.4 Message-ID: <20230914070256.3BB6DFCA4@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-teal-iso/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2958-1 Container Tags : rancher/elemental-teal-iso/5.4:1.2.2 , rancher/elemental-teal-iso/5.4:1.2.2-2.9 , rancher/elemental-teal-iso/5.4:latest Container Release : 2.9 Severity : important Type : security References : 1168481 1187364 1187364 1187365 1187366 1187366 1187367 1187367 1198773 1198773 1200441 1200441 1201519 1201551 1201551 1204844 1206346 1207004 1208074 1208962 1209884 1209888 1210004 1210298 1211079 1211124 1211418 1211419 1211578 CVE-2021-3592 CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3594 CVE-2021-3595 CVE-2021-3595 CVE-2023-25809 CVE-2023-2602 CVE-2023-2603 CVE-2023-27561 CVE-2023-28642 ----------------------------------------------------------------- The container rancher/elemental-teal-iso/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1465-1 Released: Fri Apr 29 11:36:02 2022 Summary: Security update for libslirp Type: security Severity: important References: 1187364,1187366,1187367,1198773,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595 This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366). - Fix a dhcp regression [bsc#1198773] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1730-1 Released: Wed May 18 16:56:21 2022 Summary: Security update for libslirp Type: security Severity: important References: 1187364,1187366,1187367,1198773,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595 This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366). - Fix a dhcp regression [bsc#1198773] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2941-1 Released: Tue Aug 30 10:51:09 2022 Summary: Security update for libslirp Type: security Severity: moderate References: 1187365,1201551,CVE-2021-3593 This update for libslirp fixes the following issues: - CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365). Non-security fixes: - Fix the version header (bsc#1201551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1913-1 Released: Wed Apr 19 14:23:14 2023 Summary: Recommended update for libslirp, slirp4netns Type: recommended Severity: moderate References: 1201551 This update for libslirp and slirp4netns fixes the following issues: libslirp was updated to version 4.7.0+44 (current git master): * Fix vmstate regression * Align outgoing packets * Bump incoming packet alignment to 8 bytes * vmstate: only enable when building under GNU C * ncsitest: Fix build with msvc * Separate out SLIRP_PACKED to SLIRP_PACKED_BEGIN/END * ncsi: Add Mellanox Get Mac Address handler * slirp: Add out-of-band ethernet address * ncsi: Add OEM command handler * ncsi: Add basic test for Get Version ID response * ncsi: Use response header for payload length * ncsi: Pass command header to response handlers * ncsi: Add Get Version ID command * ncsi: Pass Slirp structure to response handlers * slirp: Add manufacturer's ID Release v4.7.0 * slirp: invoke client callback before creating timers * pingtest: port to timer_new_opaque * introduce timer_new_opaque callback * introduce slirp_timer_new wrapper * icmp6: make ndp_send_ra static * socket: Handle ECONNABORTED from recv * bootp: fix g_str_has_prefix warning/critical * slirp: Don't duplicate packet in tcp_reass * Rename insque/remque -> slirp_[ins|rem]que * mbuf: Use SLIRP_DEBUG to enable mbuf debugging instead of DEBUG * Replace inet_ntoa() with safer inet_ntop() * Add VMS_END marker * bootp: add support for UEFI HTTP boot * IPv6 DNS proxying support * Add missing scope_id in caching * socket: Move closesocket(so->s_aux) to sofree * socket: Check so_type instead of so_tcpcb for Unix-to-inet translation * socket: Add s_aux field to struct socket for storing auxilliary socket * socket: Initialize so_type in socreate * socket: Allocate Unix-to-TCP hostfwd port from OS by binding to port 0 * Allow to disable internal DHCP server * slirp_pollfds_fill: Explain why dividing so_snd.sb_datalen by two * CI: run integration tests with slirp4netns * socket: Check address family for Unix-to-inet accept translation * socket: Add debug args for tcpx_listen (inet and Unix sockets) * socket: Restore original definition of fhost * socket: Move include to socket.h * Support Unix sockets in hostfwd * resolv: fix IPv6 resolution on Darwin * Use the exact sockaddr size in getnameinfo call * Initialize sin6_scope_id to zero * slirp_socketpair_with_oob: Connect pair through 127.0.0.1 * resolv: fix memory leak when using libresolv * pingtest: Add a trivial ping test * icmp: Support falling back on trying a SOCK_RAW socket Update to version 4.6.1+7: * Haiku: proper path to resolv.conf for DNS server * Fix for Haiku * dhcp: Always send DHCP_OPT_LEN bytes in options Update to version 4.6.1: * Fix 'DHCP broken in libslirp v4.6.0' Update to version 4.6.0: * udp: check upd_input buffer size * tftp: introduce a header structure * tftp: check tftp_input buffer size * upd6: check udp6_input buffer size * bootp: check bootp_input buffer size * bootp: limit vendor-specific area to input packet memory buffer Update to version 4.4.0: * socket: consume empty packets * slirp: check pkt_len before reading protocol header * Add DNS resolving for iOS * sosendoob: better document what urgc is used for * TCPIPHDR_DELTA: Fix potential negative value * udp, udp6, icmp, icmp6: Enable forwarding errors on Linux * icmp, icmp6: Add icmp_forward_error and icmp6_forward_error * udp, udp6, icmp: handle TTL value * ip_stripoptions use memmove slirp4netns was updated to 1.2.0: * Add slirp4netns --target-type=bess /path/to/bess.sock for supporting UML (#281) * Explicitly support DHCP (#270) * Update parson to v1.1.3 (#273) kgabis/parson at 70dc239...2d7b3dd Update to version 1.1.11: * Add --macaddress option to specify the MAC address of the tap interface. * Updated the man page. Update to version 1.1.8: Update to 1.0.0: * --enable-sandbox is now out of experimental ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2003-1 Released: Tue Apr 25 18:05:42 2023 Summary: Security update for runc Type: security Severity: important References: 1168481,1208962,1209884,1209888,CVE-2023-25809,CVE-2023-27561,CVE-2023-28642 This update for runc fixes the following issues: Update to runc v1.1.5: Security fixes: - CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884). - CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962). - CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888). Other fixes: - Fix the inability to use `/dev/null` when inside a container. - Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481). - Fix rare runc exec/enter unshare error on older kernels. - nsexec: Check for errors in `write_log()`. - Drop version-specific Go requirement. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2256-1 Released: Fri May 19 15:26:43 2023 Summary: Security update for runc Type: security Severity: important References: 1200441 This update of runc fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2325-1 Released: Tue May 30 15:57:30 2023 Summary: Security update for cni Type: security Severity: important References: 1200441 This update of cni fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2657-1 Released: Tue Jun 27 14:43:57 2023 Summary: Recommended update for libcontainers-common Type: recommended Severity: moderate References: 1211124 This update for libcontainers-common fixes the following issues: - New subpackage libcontainers-sles-mounts which adds SLE-specific mounts on SLE systems (bsc#1211124) - Own /etc/containers/systemd and /usr/share/containers/systemd for podman quadlet - Remove container-storage-driver.sh to default to the overlay driver instead of btrfs ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2658-1 Released: Tue Jun 27 14:46:15 2023 Summary: Recommended update for containerd, docker, runc Type: recommended Severity: moderate References: 1207004,1208074,1210298,1211578 This update for containerd, docker, runc fixes the following issues: - Update to containerd v1.6.21 (bsc#1211578) - Update to Docker 23.0.6-ce (bsc#1211578) - Update to runc v1.1.7 - Require a minimum Go version explicitly (bsc#1210298) - Re-unify packaging for SLE-12 and SLE-15 - Fix build on SLE-12 by switching back to libbtrfs-devel headers - Allow man pages to be built without internet access in OBS - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux - Fix syntax of boolean dependency - Allow to install container-selinux instead of apparmor-parser - Change to using systemd-sysusers - Update runc.keyring to upstream version - Fix the inability to use `/dev/null` when inside a container (bsc#1207004) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2868-1 Released: Tue Jul 18 11:35:52 2023 Summary: Security update for cni Type: security Severity: important References: 1206346 This update of cni fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3217-1 Released: Mon Aug 7 16:51:10 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) The following package changes have been done: - libsemanage-conf-3.4-150400.1.8 added - libsepol2-3.4-150400.1.11 added - libsemanage2-3.4-150400.1.8 added - libcontainers-common-20230214-150400.3.8.1 updated - libslirp0-4.7.0+44-150300.15.2 added - runc-1.1.7-150000.46.1 updated - cni-0.7.1-150100.3.12.1 updated - slirp4netns-1.2.0-150300.8.5.2 updated - util-linux-systemd-2.37.2-150400.8.20.1 removed From sle-updates at lists.suse.com Thu Sep 14 07:02:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Sep 2023 09:02:59 +0200 (CEST) Subject: SUSE-CU-2023:2960-1: Security update of rancher/elemental-teal-rt/5.4 Message-ID: <20230914070259.9181BFCA4@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-teal-rt/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2960-1 Container Tags : rancher/elemental-teal-rt/5.4:1.2.2 , rancher/elemental-teal-rt/5.4:1.2.2-1.21 , rancher/elemental-teal-rt/5.4:latest Container Release : 1.21 Severity : important Type : security References : 1065729 1065729 1109158 1142685 1150305 1152472 1152489 1155798 1160435 1168481 1172073 1174777 1187364 1187364 1187365 1187366 1187366 1187367 1187367 1187829 1189998 1189998 1189999 1191731 1193629 1193629 1193629 1194869 1194869 1194869 1194869 1194869 1195655 1195921 1197093 1198400 1198773 1198773 1200441 1200441 1200441 1200441 1201519 1201551 1201551 1203039 1203200 1203325 1203906 1204844 1205650 1205756 1205758 1205760 1205762 1205803 1206024 1206346 1206346 1206418 1206552 1206578 1206649 1206891 1206992 1207004 1207088 1207129 1207168 1207185 1207553 1207574 1207894 1208050 1208074 1208076 1208364 1208410 1208510 1208600 1208602 1208604 1208737 1208758 1208788 1208815 1208829 1208845 1208902 1208962 1209039 1209052 1209118 1209256 1209287 1209288 1209290 1209292 1209307 1209366 1209367 1209495 1209532 1209547 1209556 1209572 1209600 1209615 1209634 1209635 1209636 1209681 1209684 1209687 1209693 1209739 1209779 1209788 1209798 1209799 1209804 1209805 1209856 1209871 1209884 1209888 1209927 1209982 1209999 1210004 1210034 1210050 1210158 1210165 1210202 1210203 1210206 1210294 1210298 1210301 1210329 1210335 1210336 1210337 1210439 1210449 1210450 1210453 1210454 1210469 1210498 1210506 1210533 1210551 1210565 1210584 1210627 1210629 1210647 1210725 1210741 1210762 1210763 1210764 1210765 1210766 1210767 1210768 1210769 1210770 1210771 1210775 1210780 1210783 1210791 1210793 1210806 1210816 1210817 1210827 1210853 1210940 1210943 1210947 1210953 1210986 1211025 1211037 1211043 1211044 1211079 1211089 1211105 1211113 1211124 1211131 1211131 1211205 1211243 1211263 1211280 1211281 1211299 1211346 1211387 1211410 1211414 1211418 1211419 1211449 1211465 1211519 1211564 1211578 1211590 1211592 1211686 1211687 1211688 1211689 1211690 1211691 1211692 1211693 1211714 1211738 1211796 1211804 1211807 1211808 1211811 1211847 1211852 1211855 1211867 1211960 1212051 1212129 1212154 1212155 1212158 1212265 1212301 1212350 1212448 1212494 1212502 1212504 1212513 1212540 1212561 1212563 1212564 1212584 1212592 1212603 1212604 1212605 1212606 1212619 1212701 1212741 1212835 1212838 1212842 1212846 1212861 1212869 1212892 1212901 1212905 1213010 1213011 1213012 1213013 1213014 1213015 1213016 1213017 1213018 1213019 1213020 1213021 1213024 1213025 1213032 1213034 1213035 1213036 1213037 1213038 1213039 1213040 1213041 1213059 1213061 1213087 1213088 1213089 1213090 1213092 1213093 1213094 1213095 1213096 1213098 1213099 1213100 1213102 1213103 1213104 1213105 1213106 1213107 1213108 1213109 1213110 1213111 1213112 1213113 1213114 1213134 1213167 1213245 1213247 1213252 1213258 1213259 1213263 1213264 1213272 1213286 1213287 1213304 1213523 1213524 1213543 1213585 1213586 1213588 1213620 1213653 1213705 1213713 1213715 1213747 1213756 1213759 1213777 1213810 1213812 1213856 1213857 1213863 1213867 1213870 1213871 CVE-2017-5753 CVE-2021-3592 CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3594 CVE-2021-3595 CVE-2021-3595 CVE-2022-2196 CVE-2022-40982 CVE-2022-4269 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2022-4744 CVE-2023-0386 CVE-2023-0394 CVE-2023-0459 CVE-2023-0778 CVE-2023-1077 CVE-2023-1079 CVE-2023-1249 CVE-2023-1281 CVE-2023-1380 CVE-2023-1382 CVE-2023-1513 CVE-2023-1582 CVE-2023-1611 CVE-2023-1637 CVE-2023-1652 CVE-2023-1670 CVE-2023-1829 CVE-2023-1838 CVE-2023-1855 CVE-2023-1989 CVE-2023-1990 CVE-2023-1998 CVE-2023-2002 CVE-2023-2008 CVE-2023-2019 CVE-2023-20569 CVE-2023-20593 CVE-2023-21102 CVE-2023-2124 CVE-2023-21400 CVE-2023-2156 CVE-2023-2156 CVE-2023-2162 CVE-2023-2166 CVE-2023-2176 CVE-2023-2235 CVE-2023-2269 CVE-2023-23001 CVE-2023-23006 CVE-2023-2483 CVE-2023-2513 CVE-2023-25809 CVE-2023-2602 CVE-2023-2603 CVE-2023-27561 CVE-2023-28327 CVE-2023-28410 CVE-2023-28464 CVE-2023-28466 CVE-2023-28642 CVE-2023-2985 CVE-2023-3006 CVE-2023-30456 CVE-2023-30772 CVE-2023-3090 CVE-2023-31083 CVE-2023-31084 CVE-2023-3111 CVE-2023-3117 CVE-2023-31248 CVE-2023-3141 CVE-2023-31436 CVE-2023-3161 CVE-2023-3212 CVE-2023-32233 CVE-2023-3268 CVE-2023-33288 CVE-2023-3357 CVE-2023-3358 CVE-2023-3389 CVE-2023-3390 CVE-2023-35001 CVE-2023-3567 CVE-2023-35788 CVE-2023-35823 CVE-2023-35828 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 CVE-2023-3812 CVE-2023-4004 ----------------------------------------------------------------- The container rancher/elemental-teal-rt/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1465-1 Released: Fri Apr 29 11:36:02 2022 Summary: Security update for libslirp Type: security Severity: important References: 1187364,1187366,1187367,1198773,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595 This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366). - Fix a dhcp regression [bsc#1198773] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1730-1 Released: Wed May 18 16:56:21 2022 Summary: Security update for libslirp Type: security Severity: important References: 1187364,1187366,1187367,1198773,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595 This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366). - Fix a dhcp regression [bsc#1198773] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2941-1 Released: Tue Aug 30 10:51:09 2022 Summary: Security update for libslirp Type: security Severity: moderate References: 1187365,1201551,CVE-2021-3593 This update for libslirp fixes the following issues: - CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365). Non-security fixes: - Fix the version header (bsc#1201551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1814-1 Released: Tue Apr 11 14:40:34 2023 Summary: Security update for podman Type: security Severity: important References: 1197093,1208364,1208510,1209495,CVE-2023-0778 This update for podman fixes the following issues: Update to version 4.4.4: * libpod: always use direct mapping * macos pkginstaller: do not fail when podman-mac-helper fails * podman-mac-helper: install: do not error if already installed - podman.spec: Bump required version for libcontainers-common (bsc#1209495) Update to version 4.4.3: * compat: /auth: parse server address correctly * vendor github.com/containers/common at v0.51.1 * pkginstaller: bump Qemu to version 7.2.0 * podman machine: Adjust Chrony makestep config * [v4.4] fix --health-on-failure=restart in transient unit * podman logs passthrough driver support --cgroups=split * journald logs: simplify entry parsing * podman logs: read journald with passthrough * journald: remove initializeJournal() * netavark: only use aardvark ip as nameserver * compat API: network create return 409 for duplicate * fix 'podman logs --since --follow' flake * system service --log-level=trace: support hijack * podman-mac-helper: exit 1 on error * bump golang.org/x/net to v0.8.0 * Fix package restore * Quadlet - use the default runtime Update to version 4.4.2: * Revert 'CI: Temporarily disable all AWS EC2-based tasks' * kube play: only enforce passthrough in Quadlet * Emergency fix for man pages: check for broken includes * CI: Temporarily disable all AWS EC2-based tasks * quadlet system tests: add useful defaults, logging * volume,container: chroot to source before exporting content * install sigproxy before start/attach * Update to c/image 5.24.1 * events + container inspect test: RHEL fixes - podman.spec: add `crun` requirement for quadlet - podman.spec: set PREFIX at build stage (bsc#1208510) - CVE-2023-0778: Fixed symlink exchange attack in podman export volume (bsc#1208364) Update to version 4.4.1: * kube play: do not teardown unconditionally on error * Resolve symlink path for qemu directory if possible * events: document journald identifiers * Quadlet: exit 0 when there are no files to process * Cleanup podman-systemd.unit file * Install podman-systemd.unit man page, make quadlet discoverable * Add missing return after errors * oci: bind mount /sys with --userns=(auto|pod:) * docs: specify order preference for FROM * Cirrus: Fix & remove GraphQL API tests * test: adapt test to work on cgroupv1 * make hack/markdown-preprocess parallel-safe * Fix default handling of pids-limit * system tests: fix volume exec/noexec test Update to version 4.4.0: * Emergency fix for RHEL8 gating tests * Do not mount /dev/tty into rootless containers * Fixes port collision issue on use of --publish-all * Fix usage of absolute windows paths with --image-path * fix #17244: use /etc/timezone where `timedatectl` is missing on Linux * podman-events: document verbose create events * Making gvproxy.exe optional for building Windows installer * Add gvproxy to Windows packages * Match VT device paths to be blocked from mounting exactly * Clean up more language for inclusiveness * Set runAsNonRoot=true in gen kube * quadlet: Add device support for .volume files * fix: running check error when podman is default in wsl * fix: don't output 'ago' when container is currently up and running * journald: podman logs only show logs for current user * journald: podman events only show events for current user * Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml) * DB: make loading container states optional * ps: do not sync container * Allow --device-cgroup-rule to be passed in by docker API * Create release notes for v4.4.0 * Cirrus: Update operating branch * fix APIv2 python attach test flake * ps: query health check in batch mode * make example volume import, not import volume * Correct output when inspecting containers created with --ipc * Vendor containers/(storage, image, common, buildah) * Get correct username in pod when using --userns=keep-id * ps: get network data in batch mode * build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0 * add hack/perf for comparing two container engines * systems: retrofit dns options test to honor other search domains * ps: do not create copy of container config * libpod: set search domain independently of nameservers * libpod,netavark: correctly populate /etc/resolv.conf with custom dns server * podman: relay custom DNS servers to network stack * (fix) mount_program is in storage.options.overlay * Change example target to default in doc * network create: do not allow `default` as name * kube-play: add support for HostPID in podSpec * build(deps): bump github.com/docker/docker * Let's see if #14653 is fixed or not * Add support for podman build --group-add * vendor in latests containers/(storage, common, build, image) * unskip network update test * do not install swagger by default * pasta: skip 'Local forwarder, IPv4' test * add testbindings Makefile target * update CI images to include pasta * [CI:DOCS] Add CNI deprecation notices to documentation * Cirrus: preserve podman-server logs * waitPidStop: reduce sleep time to 10ms * StopContainer: return if cleanup process changed state * StopSignal: add a comment * StopContainer: small refactor * waitPidStop: simplify code * e2e tests: reenable long-skipped build test * Add openssh-clients to podmanimage * Reworks Windows smoke test to tunnel through interactive session. * fix bud-multiple-platform-with-base-as-default-arg flake * Remove ReservedAnnotations from kube generate specification * e2e: update test/README.md * e2e: use isRootless() instead of rootless.IsRootless() * Cleanup documentation on --userns=auto * Vendor in latest c/common * sig-proxy system test: bump timeout * build(deps): bump github.com/containernetworking/plugins * rootless: rename auth-scripts to preexec-hooks * Docs: version-check updates * commit: use libimage code to parse changes * [CI:DOCS] Remove experimental mac tutorial * man: Document the interaction between --systemd and --privileged * Make rootless privileged containers share the same tty devices as rootfull ones * container kill: handle stopped/exited container * Vendor in latest containers/(image,ocicrypt) * add a comment to container removal * Vendor in latest containers/storage * Cirrus: Run machine tests on PR merge * fix flake in kube system test * kube play: complete container spec * E2E Tests: Use inspect instead of actual data to avoid UDP flake * Use containers/storage/pkg/regexp in place of regexp * Vendor in latest containers/storage * Cirrus: Support using updated/latest NV/AV in PRs * Limit replica count to 1 when deploying from kubernetes YAML * Set StoppedByUser earlier in the process of stopping * podman-play system test: refactor * network: add support for podman network update and --network-dns-server * service container: less verbose error logs * Quadlet Kube - add support for PublishPort key * e2e: fix systemd_activate_test * Compile regex on demand not in init * [docker compat] Don't overwrite the NetworkMode if containers.conf overrides netns. * E2E Test: Play Kube set deadline to connection to avoid hangs * Only prevent VTs to be mounted inside privileged systemd containers * e2e: fix play_kube_test * Updated error message for supported VolumeSource types * Introduce pkg retry logic in win installer task * logformatter: include base SHA, with history link * Network tests: ping redhat.com, not podman.io * cobra: move engine shutdown to Execute * Updated options for QEMU on Windows hosts * Update Mac installer to use gvproxy v0.5.0 * podman: podman rm -f doesn't leave processes * oci: check for valid PID before kill(pid, 0) * linux: add /sys/fs/cgroup if /sys is a bind mount * Quadlet: Add support for ConfigMap key in Kube section * remove service container _after_ pods * Kube Play - allow setting and overriding published host ports * oci: terminate all container processes on cleanup * Update win-sshproxy to 0.5.0 gvisor tag * Vendor in latest containers/common * Fix a potential defer logic error around locking * logformatter: nicer formatting for bats failures * logformatter: refactor verbose line-print * e2e tests: stop using UBI images * k8s-file: podman logs --until --follow exit after time * journald: podman logs --until --follow exit after time * journald: seek to time when --since is used * podman logs: journald fix --since and --follow * Preprocess files in UTF-8 mode * Vendor in latest containers/(common, image, storage) * Switch to C based msi hooks for win installer * hack/bats: improve usage message * hack/bats: add --remote option * hack/bats: fix root/rootless logic * Describe copy volume options * Support sig-proxy for podman-remote attach and start * libpod: fix race condition rm'ing stopping containers * e2e: fix run_volume_test * Add support for Windows ARM64 * Add shared --compress to man pages * Add container error message to ContainerState * Man page checker: require canonical name in SEE ALSO * system df: improve json output code * kube play: fix the error logic with --quiet * System tests: quadlet network test * Fix: List container with volume filter * adding -dryrun flag * Quadlet Container: Add support for EnvironmentFile and EnvironmentHost * Kube Play: use passthrough as the default log-driver if service-container is set * System tests: add missing cleanup * System tests: fix unquoted question marks * Build and use a newer systemd image * Quadlet Network - Fix the name of the required network service * System Test Quadlet - Volume dependency test did not test the dependency * fix `podman system connection - tcp` flake * vendor: bump c/storage to a747b27 * Fix instructions about setting storage driver on command-line * Test README - point users to hack/bats * System test: quadlet kube basic test * Fixed `podman update --pids-limit` * podman-remote,bindings: trim context path correctly when its emptydir * Quadlet Doc: Add section for .kube files * e2e: fix containers_conf_test * Allow '/' to prefix container names to match Docker * Remove references to qcow2 * Fix typos in man page regarding transient storage mode. * make: Use PYTHON var for .install.pre-commit * Add containers.conf read-only flag support * Explain that relabeling/chowning of volumes can take along time * events: support 'die' filter * infra/abi: refactor ContainerRm * When in transient store mode, use rundir for bundlepath * quadlet: Support Type=oneshot container files * hacks/bats: keep QUADLET env var in test env * New system tests for conflicting options * Vendor in latest containers/(buildah, image, common) * Output Size and Reclaimable in human form for json output * podman service: close duplicated /dev/null fd * ginkgo tests: apply ginkgolinter fixes * Add support for hostPath and configMap subpath usage * export: use io.Writer instead of file * rootless: always create userns with euid != 0 * rootless: inhibit copy mapping for euid != 0 * pkg/domain/infra/abi: introduce `type containerWrapper` * vendor: bump to buildah ca578b290144 and use new cache API * quadlet: Handle booleans that have defaults better * quadlet: Rename parser.LookupBoolean to LookupBooleanWithDefault * Add podman-clean-transient.service service * Stop recording annotations set to false * Unify --noheading and -n to be consistent on all commands * pkg/domain/infra/abi: add `getContainers` * Update vendor of containters/(common, image) * specfile: Drop user-add depedency from quadlet subpackage. * quadlet: Default BINDIR to /usr/bin if tag not specified * Quadlet: add network support * Add comment for jsonMarshal command * Always allow pushing from containers-storage * libpod: move NetNS into state db instead of extra bucket * Add initial system tests for quadlets * quadlet: Add --user option * libpod: remove CNI word were no longer applicable * libpod: fix header length in http attach with logs * podman-kube@ template: use `podman kube` * build(deps): bump github.com/docker/docker * wait: add --ignore option * qudlet: Respect $PODMAN env var for podman binary * e2e: Add assert-key-is-regex check to quadlet e2e testsuite * e2e: Add some assert to quadlet test to make sure testcases are sane * remove unmapped ports from inspect port bindings * update podman-network-create for clarity * Vendor in latest containers/common with default capabilities * pkg/rootless: Change error text ... * rootless: add cli validator * rootless: define LIBEXECPODMAN * doc: fix documentation for idmapped mounts * bump golangci-lint to v1.50.1 * build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.24.2 * [CI:DOCS] podman-mount: s/umount/unmount/ * create/pull --help: list pull policies * Network Create: Add --ignore flag to support idempotent script * Make qemu security model none * libpod: use OCI idmappings for mounts * stop reporting errors removing containers that don't exist * test: added test from wait endpoint with to long label * quadlet: Default VolatileTmp to off * build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.11 * docs/options/ipc: fix list syntax * Docs: Add dedicated DOWNLOAD doc w/ links to bins * Make a consistently-named windows installer * checkpoint restore: fix --ignore-static-ip/mac * add support for subpath in play kube for named volumes * build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0 * golangci-lint: remove three deprecated linters * parse-localbenchmarks: separate standard deviation * build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0 * podman play kube support container startup probe * Add podman buildx version support * Cirrus: Collect benchmarks on machine instances * Cirrus: Remove escape codes from log files * [CI:DOCS] Clarify secret target behavior * Fix typo on network docs * podman-remote build add --volume support * remote: allow --http-proxy for remote clients * Cleanup kube play workloads if error happens * health check: ignore dependencies of transient systemd units/timers * fix: event read from syslog * Fixes secret (un)marshaling for kube play. * Remove 'you' from man pages * build(deps): bump golang.org/x/tools from 0.3.0 to 0.4.0 in /test/tools * [CI:DOCS] test/README.md: run tests with podman-remote * e2e: keeps the http_proxy value * Makefile: Add podman-mac-helper to darwin client zip * test/e2e: enable 'podman run with ipam none driver' for nv * [skip-ci] GHA/Cirrus-cron: Fix execution order * kube sdnotify: run proxies for the lifespan of the service * Update containers common package * podman manpage: Use man-page links instead of file names * e2e: fix e2e tests in proxy environment * Fix test * disable healthchecks automatically on non systemd systems * Quadlet Kube: Add support for userns flag * [CI:DOCS] Add warning about --opts,o with mount's -o * Add podman system prune --external * Add some tests for transient store * runtime: In transient_store mode, move bolt_state.db to rundir * runtime: Handle the transient store options * libpod: Move the creation of TmpDir to an earlier time * network create: support '-o parent=XXX' for ipvlan * compat API: allow MacAddress on container config * Quadlet Kube: Add support for relative path for YAML file * notify k8s system test: move sending message into exec * runtime: do not chown idmapped volumes * quadlet: Drop ExecStartPre=rm %t/%N.cid * Quadlet Kube: Set SyslogIdentifier if was not set * Add a FreeBSD cross build to the cirrus alt build task * Add completion for --init-ctr * Fix handling of readonly containers when defined in kube.yaml * Build cross-compilation fixes * libpod: Track healthcheck API changes in healthcheck_unsupported.go * quadlet: Use same default capability set as podman run * quadlet: Drop --pull=never * quadlet: Change default of ReadOnly to no * quadlet: Change RunInit default to no * quadlet: Change NoNewPrivileges default to false * test: podman run with checkpoint image * Enable 'podman run' for checkpoint images * test: Add tests for checkpoint images * CI setup: simplify environment passthrough code * Init containers should not be restarted * Update c/storage after https://github.com/containers/storage/pull/1436 * Set the latest release explicitly * add friendly comment * fix an overriding logic and load config problem * Update the issue templates * Update vendor of containers/(image, buildah) * [CI:DOCS] Skip windows-smoke when not useful * [CI:DOCS] Remove broken gate-container docs * OWNERS: add Jason T. Greene * hack/podmansnoop: print arguments * Improve atomicity of VM state persistence on Windows * [CI:BUILD] copr: enable podman-restart.service on rpm installation * macos: pkg: Use -arm64 suffix instead of -aarch64 * linux: Add -linux suffix to podman-remote-static binaries * linux: Build amd64 and arm64 podman-remote-static binaries * container create: add inspect data to event * Allow manual override of install location * Run codespell on code * Add missing parameters for checkpoint/restore endpoint * Add support for startup healthchecks * Add information on metrics to the `network create` docs * Introduce podman machine os commands * Document that ignoreRootFS depends on export/import * Document ignoreVolumes in checkpoint/restore endpoint * Remove leaveRunning from swagger restore endpoint * libpod: Add checks to avoid nil pointer dereference if network setup fails * Address golangci-lint issues * Documenting Hyper-V QEMU acceleration settings * Kube Play: fix the handling of the optional field of SecretVolumeSource * Update Vendor of containers/(common, image, buildah) * Fix swapped NetInput/-Output stats * libpod: Use O_CLOEXEC for descriptors returned by (*Container).openDirectory * chore: Fix MD for Troubleshooting Guide link in GitHub Issue Template * test/tools: rebuild when files are changed * ginkgo tests: apply ginkgolinter fixes * ginkgo: restructure install work flow * Fix manpage emphasis * specgen: support CDI devices from containers.conf * vendor: update containers/common * pkg/trust: Take the default policy path from c/common/pkg/config * Add validate-in-container target * Adding encryption decryption feature * container restart: clean up healthcheck state * Add support for podman-remote manifest annotate * Quadlet: Add support for .kube files * Update vendor of containers/(buildah, common, storage, image) * specgen: honor user namespace value * [CI:DOCS] Migrate OSX Cross to M1 * quadlet: Rework uid/gid remapping * GHA: Fix cirrus re-run workflow for other repos. * ssh system test: skip until it becomes a test * shell completion: fix hard coded network drivers * libpod: Report network setup errors properly on FreeBSD * E2E Tests: change the registry for the search test to avoid authentication * pkginstaller: install podman-mac-helper by default * Fix language. Mostly spelling a -> an * podman machine: Propagate SSL_CERT_FILE and SSL_CERT_DIR to systemd environment. * [CI:DOCS] Fix spelling and typos * Modify man page of '--pids-limit' option to correct a default value. * Update docs/source/markdown/podman-remote.1.md * Update pkg/bindings/connection.go * Add more documentation on UID/GID Mappings with --userns=keep-id * support podman-remote to connect tcpURL with proxy * Removing the RawInput from the API output * fix port issues for CONTAINER_HOST * CI: Package versions: run in the 'main' step * build(deps): bump github.com/rootless-containers/rootlesskit * pkg/domain: Make checkExecPreserveFDs platform-specific * e2e tests: fix restart race * Fix podman --noout to suppress all output * remove pod if creation has failed * pkg/rootless: Implement rootless.IsFdInherited on FreeBSD * Fix more podman-logs flakes * healthcheck system tests: try to fix flake * libpod: treat ESRCH from /proc/PID/cgroup as ENOENT * GHA: Configure workflows for reuse * compat,build: handle docker's preconfigured cacheTo,cacheFrom * docs: deprecate pasta network name * utils: Enable cgroup utils for FreeBSD * pkg/specgen: Disable kube play tests on FreeBSD * libpod/lock: Fix build and tests for SHM locks on FreeBSD * podman cp: fix copying with '.' suffix * pkginstaller: bump Qemu to version 7.1.0 * specgen,wasm: switch to crun-wasm wherever applicable * vendor: bump c/common to v0.50.2-0.20221111184705-791b83e1cdf1 * libpod: Make unit test for statToPercent Linux only * Update vendor of containers/storage * fix connection usage with containers.conf * Add --quiet and --no-info flags to podman machine start * Add hidden podman manifest inspect -v option * Add podman volume create -d short option for driver * Vendor in latest containers/(common,image,storage) * Add podman system events alias to podman events * Fix search_test to return correct version of alpine * GHA: Fix undefined secret env. var. * Release notes for 4.3.1 * GHA: Fix make_email-body script reference * Add release keys to README * GHA: Fix typo setting output parameter * GHA: Fix typo. * New tool, docs/version-check * Formalize our compare-against-docker mechanism * Add restart-sec for container service files * test/tools: bump module to go 1.17 * contrib/cirrus/check_go_changes.sh: ignore test/tools/vendor * build(deps): bump golang.org/x/tools from 0.1.12 to 0.2.0 in /test/tools * libpod: Add FreeBSD support in packageVersion * Allow podman manigest push --purge|-p as alias for --rm * [CI:DOCS] Add performance tutorial * [CI:DOCS] Fix build targets in build_osx.md. * fix --format {{json .}} output to match docker * remote: fix manifest add --annotation * Skip test if `--events-backend` is necessary with podman-remote * kube play: update the handling of PersistentVolumeClaim * system tests: fix a system test in proxy environment * Use single unqualified search registry on Windows * test/system: Add, use tcp_port_probe() to check for listeners rather than binds * test/system: Add tests for pasta(1) connectivity * test/system: Move network-related helpers to helpers.network.bash * test/system: Use procfs to find bound ports, with optional address and protocol * test/system: Use port_is_free() from wait_for_port() * libpod: Add pasta networking mode * More log-flake work * Fix test flakes caused by improper podman-logs * fix incorrect systemd booted check * Cirrus: Add tests for GHA scripts * GHA: Update scripts to pass shellcheck * Cirrus: Shellcheck github-action scripts * Cirrus: shellcheck support for github-action scripts * GHA: Fix cirrus-cron scripts * Makefile: don't install to tmpfiles.d on FreeBSD * Make sure we can build and read each line of docker py's api client * Docker compat build api - make sure only one line appears per flush * Run codespell on code * Update vendor of containers/(image, storage, common) * Allow namespace path network option for pods. * Cirrus: Never skip running Windows Cross task * GHA: Auto. re-run failed cirrus-cron builds once * GHA: Migrate inline script to file * GHA: Simplify script reference * test/e2e: do not use apk in builds * remove container/pod id file along with container/pod * Cirrus: Synchronize windows image * Add --insecure,--tls-verify,--verbose flags to podman manifest inspect * runtime: add check for valid pod systemd cgroup * CI: set and verify DESIRED_NETWORK (netavark, cni) * [CI:DOCS] troubleshooting: document keep-id options * Man pages: refactor common options: --security-opt * Cirrus: Guarantee CNI testing w/o nv/av present * Cirrus: temp. disable all Ubuntu testing * Cirrus: Update to F37beta * buildah bud tests: better handling of remote * quadlet: Warn in generator if using short names * Add Windows Smoke Testing * Add podman kube apply command * docs: offer advice on installing test dependencies * Fix documentation on read-only-tmpfs * version bump to 4.4.0-dev * deps: bump go-criu to v6 * Makefile: Add cross build targets for freebsd * pkg/machine: Make this build on FreeBSD/arm64 * pkg/rctl: Remove unused cgo dependency * man pages: assorted underscore fixes * Upgrade GitHub actions packages from v2 to v3 * vendor github.com/godbus/dbus/v5 at 4b691ce * [CI:DOCS] fix --tmpdir typos * Do not report that /usr/share/containers/storage.conf has been edited. * Eval symlinks on XDG_RUNTIME_DIR * hack/podmansnoop * rootless: support keep-id with one mapping * rootless: add argument to GetConfiguredMappings * Update vendor containers/(common,storage,buildah,image) * Fix deadlock between 'podman ps' and 'container inspect' commands * Add information about where the libpod/boltdb database lives * Consolidate the dependencies for the IsTerminal() API * Ensure that StartAndAttach locks while sending signals * ginkgo testing: fix podman usernamespace join * Test runners: nuke podman from $PATH before tests * volumes: Fix idmap not working for volumes * FIXME: Temporary workaround for ubi8 CI breakage * System tests: teardown: clean up volumes * update api versions on docs.podman.io * system tests: runlabel: use podman-under-test * system tests: podman network create: use random port * sig-proxy test: bump timeout * play kube: Allow the user to import the contents of a tar file into a volume * Clarify the docs on DropCapability * quadlet tests: Disable kmsg logging while testing * quadlet: Support multiple Network= * quadlet: Add support for Network=... * Fix manpage for podman run --network option * quadlet: Add support for AddDevice= * quadlet: Add support for setting seccomp profile * quadlet: Allow multiple elements on each Add/DropCaps line * quadlet: Embed the correct binary name in the generated comment * quadlet: Drop the SocketActivated key * quadlet: Switch log-driver to passthrough * quadlet: Change ReadOnly to default to enabled * quadlet tests: Run the tests even for (exected) failed tests * quadlet tests: Fix handling of stderr checks * Remove unused script file * notifyproxy: fix container watcher * container/pod id file: truncate instead of throwing an error * quadlet: Use the new podman create volume --ignore * Add podman volume create --ignore * logcollector: include aardvark-dns * build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 * build(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1 * docs: generate systemd: point to kube template * docs: kube play: mention restart policy * Fixes: 15858 (podman system reset --force destroy machine) * fix search flake * use cached containers.conf * adding regex support to the ancestor ps filter function * Fix `system df` issues with `-f` and `-v` * markdown-preprocess: cross-reference where opts are used * Default qemu flags for Windows amd64 * build(deps): bump golang.org/x/text from 0.3.8 to 0.4.0 * Update main to reflect v4.3.0 release * build(deps): bump github.com/docker/docker * move quadlet packages into pkg/systemd * system df: fix image-size calculations * Add man page for quadlet * Fix small typo * testimage: add iproute2 & socat, for pasta networking * Set up minikube for k8s testing * Makefile: don't install systemd generator binaries on FreeBSD * [CI:BUILD] copr: podman rpm should depend on containers-common-extra * Podman image: Set default_sysctls to empty for rootless containers * Don't use github.com/docker/distribution * libpod: Add support for 'podman top' on FreeBSD * libpod: Factor out jail name construction from stats_freebsd.go * pkg/util: Add pid information descriptors for FreeBSD * Initial quadlet version integrated in golang * bump golangci-lint to v1.49.0 * Update vendor containers/(common,image,storage) * Allow volume mount dups, iff source and dest dirs * rootless: fix return value handling * Change to correct break statements * vendor containers/psgo at v1.8.0 * Clarify that MacOSX docs are client specific * libpod: Factor out the call to PidFdOpen from (*Container).WaitForExit * Add swagger install + allow version updates in CI * Cirrus: Fix windows clone race * build(deps): bump github.com/docker/docker * kill: wait for the container * generate systemd: set --stop-timeout for stopping containers * hack/tree_status.sh: print diff at the end * Fix markdown header typo * markdown-preprocess: add generic include mechanism * markdown-preprocess: almost complete OO rewrite * Update tests for changed error messages * Update c/image after https://github.com/containers/image/pull/1299 * Man pages: refactor common options (misc) * Man pages: Refactor common options: --detach-keys * vendor containers/storage at main * Man pages: refactor common options: --attach * build(deps): bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0 * KillContainer: improve error message * docs: add missing options * Man pages: refactor common options: --annotation (manifest) * build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 * system tests: health-on-failure: fix broken logic * build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8 * build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1 * ContainerEngine.SetupRootless(): Avoid calling container.Config() * Container filters: Avoid use of ctr.Config() * Avoid unnecessary calls to Container.Spec() * Add and use Container.LinuxResource() helper * play kube: notifyproxy: listen before starting the pod * play kube: add support for configmap binaryData * Add and use libpod/Container.Terminal() helper * Revert 'Add checkpoint image tests' * Revert 'cmd/podman: add support for checkpoint images' * healthcheck: fix --on-failure=stop * Man pages: Add mention of behavior due to XDG_CONFIG_HOME * build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6 * Avoid unnecessary timeout of 250msec when waiting on container shutdown * health checks: make on-failure action retry aware * libpod: Remove 100msec delay during shutdown * libpod: Add support for 'podman pod' on FreeBSD * libpod: Factor out cgroup validation from (*Runtime).NewPod * libpod: Move runtime_pod_linux.go to runtime_pod_common.go * specgen/generate: Avoid a nil dereference in MakePod * libpod: Factor out cgroups handling from (*Pod).refresh * Adds a link to OSX docs in CONTRIBUTING.md * Man pages: refactor common options: --os-version * Create full path to a directory when DirectoryOrCreate is used with play kube * Return error in podman system service if URI scheme is not unix/tcp * Man pages: refactor common options: --time * man pages: document some --format options: images * Clean up when stopping pods * Update vendor of containers/buildah v1.28.0 * Proof of concept: nightly dependency treadmill - Make the priority for picking the storage driver configurable (bsc#1197093) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1913-1 Released: Wed Apr 19 14:23:14 2023 Summary: Recommended update for libslirp, slirp4netns Type: recommended Severity: moderate References: 1201551 This update for libslirp and slirp4netns fixes the following issues: libslirp was updated to version 4.7.0+44 (current git master): * Fix vmstate regression * Align outgoing packets * Bump incoming packet alignment to 8 bytes * vmstate: only enable when building under GNU C * ncsitest: Fix build with msvc * Separate out SLIRP_PACKED to SLIRP_PACKED_BEGIN/END * ncsi: Add Mellanox Get Mac Address handler * slirp: Add out-of-band ethernet address * ncsi: Add OEM command handler * ncsi: Add basic test for Get Version ID response * ncsi: Use response header for payload length * ncsi: Pass command header to response handlers * ncsi: Add Get Version ID command * ncsi: Pass Slirp structure to response handlers * slirp: Add manufacturer's ID Release v4.7.0 * slirp: invoke client callback before creating timers * pingtest: port to timer_new_opaque * introduce timer_new_opaque callback * introduce slirp_timer_new wrapper * icmp6: make ndp_send_ra static * socket: Handle ECONNABORTED from recv * bootp: fix g_str_has_prefix warning/critical * slirp: Don't duplicate packet in tcp_reass * Rename insque/remque -> slirp_[ins|rem]que * mbuf: Use SLIRP_DEBUG to enable mbuf debugging instead of DEBUG * Replace inet_ntoa() with safer inet_ntop() * Add VMS_END marker * bootp: add support for UEFI HTTP boot * IPv6 DNS proxying support * Add missing scope_id in caching * socket: Move closesocket(so->s_aux) to sofree * socket: Check so_type instead of so_tcpcb for Unix-to-inet translation * socket: Add s_aux field to struct socket for storing auxilliary socket * socket: Initialize so_type in socreate * socket: Allocate Unix-to-TCP hostfwd port from OS by binding to port 0 * Allow to disable internal DHCP server * slirp_pollfds_fill: Explain why dividing so_snd.sb_datalen by two * CI: run integration tests with slirp4netns * socket: Check address family for Unix-to-inet accept translation * socket: Add debug args for tcpx_listen (inet and Unix sockets) * socket: Restore original definition of fhost * socket: Move include to socket.h * Support Unix sockets in hostfwd * resolv: fix IPv6 resolution on Darwin * Use the exact sockaddr size in getnameinfo call * Initialize sin6_scope_id to zero * slirp_socketpair_with_oob: Connect pair through 127.0.0.1 * resolv: fix memory leak when using libresolv * pingtest: Add a trivial ping test * icmp: Support falling back on trying a SOCK_RAW socket Update to version 4.6.1+7: * Haiku: proper path to resolv.conf for DNS server * Fix for Haiku * dhcp: Always send DHCP_OPT_LEN bytes in options Update to version 4.6.1: * Fix 'DHCP broken in libslirp v4.6.0' Update to version 4.6.0: * udp: check upd_input buffer size * tftp: introduce a header structure * tftp: check tftp_input buffer size * upd6: check udp6_input buffer size * bootp: check bootp_input buffer size * bootp: limit vendor-specific area to input packet memory buffer Update to version 4.4.0: * socket: consume empty packets * slirp: check pkt_len before reading protocol header * Add DNS resolving for iOS * sosendoob: better document what urgc is used for * TCPIPHDR_DELTA: Fix potential negative value * udp, udp6, icmp, icmp6: Enable forwarding errors on Linux * icmp, icmp6: Add icmp_forward_error and icmp6_forward_error * udp, udp6, icmp: handle TTL value * ip_stripoptions use memmove slirp4netns was updated to 1.2.0: * Add slirp4netns --target-type=bess /path/to/bess.sock for supporting UML (#281) * Explicitly support DHCP (#270) * Update parson to v1.1.3 (#273) kgabis/parson at 70dc239...2d7b3dd Update to version 1.1.11: * Add --macaddress option to specify the MAC address of the tap interface. * Updated the man page. Update to version 1.1.8: Update to 1.0.0: * --enable-sandbox is now out of experimental ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1992-1 Released: Tue Apr 25 13:38:03 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1109158,1189998,1193629,1194869,1198400,1203200,1206552,1207168,1207185,1207574,1208602,1208815,1208829,1208902,1209052,1209118,1209256,1209290,1209292,1209366,1209532,1209547,1209556,1209572,1209600,1209634,1209635,1209636,1209681,1209684,1209687,1209779,1209788,1209798,1209799,1209804,1209805,1210050,1210203,CVE-2017-5753,CVE-2022-4744,CVE-2023-0394,CVE-2023-1281,CVE-2023-1513,CVE-2023-1582,CVE-2023-1611,CVE-2023-1637,CVE-2023-1652,CVE-2023-1838,CVE-2023-23001,CVE-2023-28327,CVE-2023-28464,CVE-2023-28466 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779, bsc#1198400). - CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). - CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). The following non-security bugs were fixed: - ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes). - ALSA: asihpi: check pao in control_message() (git-fixes). - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes). - ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes). - ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes). - ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes). - ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes). - ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes). - ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes). - ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes). - ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes). - ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes). - Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes). - Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes). - Fix error path in pci-hyperv to unlock the mutex state_lock - HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes). - HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes). - Input: alps - fix compatibility with -funsigned-char (bsc#1209805). - Input: focaltech - use explicitly signed char type (git-fixes). - Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes). - KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi). - KVM: x86: fix sending PV IPI (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFS: fix disabling of swap (git-fixes). - NFSD: Protect against filesystem freezing (git-fixes). - NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes). - NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes). - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - NFSd: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes). - NFSd: fix race to check ls_layouts (git-fixes). - NFSd: shut down the NFSv4 state objects before the filecache (git-fixes). - NFSd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes). - NFSd: zero out pointers after putting nfsd_files on COPY setup error (git-fixes). - NFSv4.1 provide mount option to toggle trunking discovery (git-fixes). - NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes). - NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes). - NFSv4: fix state manager flag printing (git-fixes). - NFSv4: keep state manager thread active if swap is enabled (git-fixes). - PCI/DPC: Await readiness of secondary bus after reset (git-fixes). - PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). - PCI: hv: Use async probing to reduce boot time (bsc#1207185). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). - SUNRPC: Fix a server shutdown leak (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes). - USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes). - USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes). - USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes). - USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes). - USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes). - USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes). - USB: dwc3: Fix a typo in field name (git-fixes). - USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes). - USB: fix memory leak with using debugfs_lookup() (git-fixes). - USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes). - USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes). - USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes). - USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes). - USB: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes). - USB: typec: tcpm: fix warning when handle discover_identity message (git-fixes). - USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes). - USB: ucsi: Fix ucsi->connector race (git-fixes). - USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes). - USB: xhci: tegra: fix sleep in atomic call (git-fixes). - alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes) - arch: fix broken BuildID for arm64 and riscv (bsc#1209798). - arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) - arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes) - arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes). - arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes). - arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes) - arm64: dts: imx8mp: correct usb clocks (git-fixes) - arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes) - arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes) - arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes). - atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes). - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes). - ca8210: fix mac_len negative array access (git-fixes). - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes). - can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes). - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes). - cifs: Fix smb2_set_path_size() (git-fixes). - cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes). - cifs: append path to open_enter trace event (bsc#1193629). - cifs: avoid race conditions with parallel reconnects (bsc#1193629). - cifs: avoid races in parallel reconnects in smb1 (bsc#1193629). - cifs: check only tcon status on tcon related functions (bsc#1193629). - cifs: do not poll server interfaces too regularly (bsc#1193629). - cifs: double lock in cifs_reconnect_tcon() (git-fixes). - cifs: dump pending mids for all channels in DebugData (bsc#1193629). - cifs: empty interface list when server does not support query interfaces (bsc#1193629). - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629). - cifs: fix dentry lookups in directory handle cache (bsc#1193629). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629). - cifs: generate signkey for the channel that's reconnecting (bsc#1193629). - cifs: get rid of dead check in smb2_reconnect() (bsc#1193629). - cifs: lock chan_lock outside match_session (bsc#1193629). - cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629). - cifs: print session id while listing open files (bsc#1193629). - cifs: return DFS root session id in DebugData (bsc#1193629). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629). - cifs: use DFS root session instead of tcon ses (bsc#1193629). - clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes). - debugfs: add debugfs_lookup_and_remove() (git-fixes). - drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815). - drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815). - drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes). - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes). - drm/amdkfd: Fix an illegal memory access (git-fixes). - drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes). - drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes). - drm/i915/active: Fix missing debug object activation (git-fixes). - drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes). - drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes). - drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes). - drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes). - drm/i915/display: clean up comments (git-fixes). - drm/i915/gt: perform uc late init after probe error injection (git-fixes). - drm/i915/psr: Use calculated io and fast wake lines (git-fixes). - drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes). - drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes). - drm/i915: Remove unused bits of i915_vma/active api (git-fixes). - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes). - dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes). - efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes). - fbdev: au1200fb: Fix potential divide by zero (git-fixes). - fbdev: intelfb: Fix potential divide by zero (git-fixes). - fbdev: lxfb: Fix potential divide by zero (git-fixes). - fbdev: nvidia: Fix potential divide by zero (git-fixes). - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes). - fbdev: tgafb: Fix potential divide by zero (git-fixes). - firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes). - fotg210-udc: Add missing completion handler (git-fixes). - ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes). - ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes). - ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). - gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes). - gpio: davinci: Add irq chip flag to skip set wake (git-fixes). - hwmon: fix potential sensor registration fail if of_node is missing (git-fixes). - i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes). - i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes). - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes). - iio: adc: ad7791: fix IRQ flags (git-fixes). - iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes). - iio: adis16480: select CONFIG_CRC32 (git-fixes). - iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes). - iio: light: cm32181: Unregister second I2C client if present (git-fixes). - kABI workaround for xhci (git-fixes). - kABI: x86/msr: Remove .fixup usage (kabi). - kconfig: Update config changed flag before calling callback (git-fixes). - keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes). - lan78xx: Add missing return code checks (git-fixes). - lan78xx: Fix exception on link speed change (git-fixes). - lan78xx: Fix memory allocation bug (git-fixes). - lan78xx: Fix partial packet errors on suspend/resume (git-fixes). - lan78xx: Fix race condition in disconnect handling (git-fixes). - lan78xx: Fix race conditions in suspend/resume handling (git-fixes). - lan78xx: Fix white space and style issues (git-fixes). - lan78xx: Remove unused pause frame queue (git-fixes). - lan78xx: Remove unused timer (git-fixes). - lan78xx: Set flow control threshold to prevent packet loss (git-fixes). - lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes). - locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). - mm: memcg: fix swapcached stat accounting (bsc#1209804). - mm: mmap: remove newline at the end of the trace (git-fixes). - mmc: atmel-mci: fix race between stop command and start of next command (git-fixes). - mtd: rawnand: meson: fix bitmask for length in command word (git-fixes). - mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes). - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes). - mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes). - mtdblock: tolerate corrected bit-flips (git-fixes). - net: asix: fix modprobe 'sysfs: cannot create duplicate filename' (git-fixes). - net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes). - net: phy: Ensure state transitions are processed from phy_stop() (git-fixes). - net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes). - net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes). - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes). - net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes). - net: usb: asix: remove redundant assignment to variable reg (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes). - net: usb: lan78xx: Limit packet length to skb->len (git-fixes). - net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). - net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). - net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). - net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes). - nilfs2: fix sysfs interface lifetime (git-fixes). - nvme-tcp: always fail a request when sending it failed (bsc#1208902). - pNFS/filelayout: Fix coalescing test for single DS (git-fixes). - pinctrl: amd: Disable and mask interrupts on resume (git-fixes). - pinctrl: at91-pio4: fix domain name assignment (git-fixes). - pinctrl: ocelot: Fix alt mode for ocelot (git-fixes). - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes). - platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes). - platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes). - platform/x86: think-lmi: Certificate authentication support (bsc#1210050). - platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes). - platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes). - platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes). - platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050). - platform/x86: think-lmi: Opcode support (bsc#1210050). - platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050). - platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050). - platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050). - platform/x86: think-lmi: add debug_cmd (bsc#1210050). - platform/x86: think-lmi: add missing type attribute (git-fixes). - platform/x86: think-lmi: certificate support clean ups (bsc#1210050). - platform/x86: think-lmi: only display possible_values if available (git-fixes). - platform/x86: think-lmi: use correct possible_values delimiters (git-fixes). - platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050). - platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050). - platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050). - platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050). - platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050). - platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050). - platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050). - platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050). - platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050). - platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050). - platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050). - platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050). - platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050). - platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050). - platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050). - platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050). - platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050). - platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050). - platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050). - platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050). - platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050). - platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050). - platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050). - platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050). - platform/x86: thinkpad_acpi: Remove 'goto err_exit' from hotkey_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050). - platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050). - platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050). - platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050). - platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050). - platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050). - platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050). - platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050). - platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050). - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes). - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869). - powerpc/btext: add missing of_node_put (bsc#1065729). - powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869). - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869). - powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869). - powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869). - powerpc/kexec_file: fix implicit decl error (bsc#1194869). - powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). - powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869). - powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). - powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). - powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). - powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869). - powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869). - powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869). - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes). - pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes). - r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes). - rcu: Fix rcu_torture_read ftrace event (git-fixes). - ring-buffer: Fix race while reader and writer are on the same page (git-fixes). - ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes). - ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). - s390/boot: simplify and fix kernel memory layout setup (bsc#1209600). - s390/dasd: fix no record found for raw_track_access (bsc#1207574). - s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799). - scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). - serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes). - serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes). - serial: fsl_lpuart: Fix comment typo (git-fixes). - smb3: fix unusable share after force unmount failure (bsc#1193629). - smb3: lower default deferred close timeout to address perf regression (bsc#1193629). - struct dwc3: mask new member (git-fixes). - thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes). - thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes). - thunderbolt: Disable interrupt auto clear for rings (git-fixes). - thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes). - thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes). - thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes). - timers: Prevent union confusion from unexpected (git-fixes) - trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes). - trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes). - trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes). - tracing: Add trace_array_puts() to write into instance (git-fixes). - tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes). - tracing: Free error logs of tracing instances (git-fixes). - tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes). - tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes). - tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes). - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes). - tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes). - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). - vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes). - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes). - wifi: mac80211: fix qos on mesh interfaces (git-fixes). - wireguard: ratelimiter: use hrtimer in selftest (git-fixes) - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/fpu: Cache xfeature flags from CPUID (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/msr: Remove .fixup usage (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - x86: Annotate call_on_stack() (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - xfs: convert ptag flags to unsigned (git-fixes). - xfs: do not assert fail on perag references on teardown (git-fixes). - xfs: do not leak btree cursor when insrec fails after a split (git-fixes). - xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes). - xfs: remove xfs_setattr_time() declaration (git-fixes). - xfs: zero inode fork buffer at allocation (git-fixes). - xhci: Free the command allocated for setting LPM if we return early (git-fixes). - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes). - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2003-1 Released: Tue Apr 25 18:05:42 2023 Summary: Security update for runc Type: security Severity: important References: 1168481,1208962,1209884,1209888,CVE-2023-25809,CVE-2023-27561,CVE-2023-28642 This update for runc fixes the following issues: Update to runc v1.1.5: Security fixes: - CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884). - CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962). - CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888). Other fixes: - Fix the inability to use `/dev/null` when inside a container. - Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481). - Fix rare runc exec/enter unshare error on older kernels. - nsexec: Check for errors in `write_log()`. - Drop version-specific Go requirement. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2157-1 Released: Wed May 10 13:21:20 2023 Summary: Security update for conmon Type: security Severity: important References: 1200441 This update of conmon fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2231-1 Released: Wed May 17 10:08:22 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1142685,1155798,1174777,1189999,1194869,1203039,1203325,1206649,1206891,1206992,1207088,1208076,1208845,1209615,1209693,1209739,1209871,1209927,1209999,1210034,1210158,1210202,1210206,1210301,1210329,1210336,1210337,1210439,1210453,1210454,1210469,1210506,1210629,1210725,1210762,1210763,1210764,1210765,1210766,1210767,1210768,1210769,1210770,1210771,1210793,1210816,1210817,1210827,1210943,1210953,1210986,1211025,CVE-2022-2196,CVE-2023-0386,CVE-2023-1670,CVE-2023-1855,CVE-2023-1989,CVE-2023-1990,CVE-2023-1998,CVE-2023-2008,CVE-2023-2019,CVE-2023-2176,CVE-2023-2235,CVE-2023-23006,CVE-2023-30772 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210986). - CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). - CVE-2023-23006: Fixed NULL checking against IS_ERR in dr_domain_init_resources (bsc#1208845). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). - CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-2019: A flaw was found in the netdevsim device driver, more specifically within the scheduling of events. This issue results from the improper management of a reference count and may lead to a denial of service (bsc#1210454). - CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). The following non-security bugs were fixed: - ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953). - ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes). - ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes). - ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes). - ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes). - ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes). - ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes). - ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes). - ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes). - ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes). - ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes). - ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes). - ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes). - ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes). - ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes). - ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes). - ARM: dts: gta04: fix excess dma channel usage (git-fixes). - ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes). - ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes). - ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes). - ASN.1: Fix check for strdup() success (git-fixes). - ASoC: cs35l41: Only disable internal boost (git-fixes). - ASoC: es8316: Handle optional IRQ assignment (git-fixes). - ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes). - ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes). - Add 42a11bf5c543 cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly - Add eee878537941 cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods - Bluetooth: Fix race condition in hidp_session_thread (git-fixes). - Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes). - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - IB/mlx5: Add support for 400G_8X lane speed (git-fixes) - Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes). - Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). - KEYS: Add missing function documentation (git-fixes). - KEYS: Create static version of public_key_verify_signature (git-fixes). - NFS: Cleanup unused rpc_clnt variable (git-fixes). - NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes). - NFSD: callback request does not use correct credential for AUTH_SYS (git-fixes). - PCI/EDR: Clear Device Status after EDR error recovery (git-fixes). - PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes). - PCI: imx6: Install the fault handler only on compatible match (git-fixes). - PCI: loongson: Add more devices that need MRRS quirk (git-fixes). - PCI: loongson: Prevent LS7A MRRS increases (git-fixes). - PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes). - PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes). - RDMA/cma: Allow UD qp_type to join multicast only (git-fixes) - RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes) - RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes) - RDMA/irdma: Fix memory leak of PBLE objects (git-fixes) - RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes) - Remove obsolete KMP obsoletes (bsc#1210469). - Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (git-fixes). - Revert 'pinctrl: amd: Disable and mask interrupts on resume' (git-fixes). - USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes). - USB: dwc3: fix runtime pm imbalance on unbind (git-fixes). - USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). - USB: serial: option: add Quectel RM500U-CN modem (git-fixes). - USB: serial: option: add Telit FE990 compositions (git-fixes). - USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). - amdgpu: disable powerpc support for the newer display engine (bsc#1194869). - arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes). - arm64: dts: meson-g12-common: specify full DMC range (git-fixes). - arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes). - arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes). - arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes). - arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes). - arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes). - arm64: enable jump-label jump-label was disabled on arm64 by a backport error. - bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes). - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). - cifs: fix negotiate context parsing (bsc#1210301). - clk: add missing of_node_put() in 'assigned-clocks' property parsing (git-fixes). - clk: at91: clk-sam9x60-pll: fix return value check (git-fixes). - clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes). - clk: sprd: set max_register according to mapping range (git-fixes). - clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes). - config: arm64: enable ERRATUM_843419 Config option was incorrectly replaced by the rt-refresh-configs script - cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953). - cpufreq: CPPC: Fix performance/frequency conversion (git-fixes). - cpumask: fix incorrect cpumask scanning result checks (bsc#1210943). - crypto: caam - Clear some memory in instantiate_rng (git-fixes). - crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes). - crypto: sa2ul - Select CRYPTO_DES (git-fixes). - crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes). - driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes). - drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes). - drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes). - drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes). - drm/amd/display: Fix potential null dereference (git-fixes). - drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869). - drm/armada: Fix a potential double free in an error handling path (git-fixes). - drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes). - drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes). - drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes). - drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes). - drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes). - drm/i915: Fix fast wake AUX sync len (git-fixes). - drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes). - drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes). - drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes). - drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes). - drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes). - drm/msm: fix NULL-deref on snapshot tear down (git-fixes). - drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes). - drm/panel: otm8009a: Set backlight parent to panel device (git-fixes). - drm/probe-helper: Cancel previous job before starting new one (git-fixes). - drm/rockchip: Drop unbalanced obj unref (git-fixes). - drm/vgem: add missing mutex_destroy (git-fixes). - drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes). - drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes). - dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes). - dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes). - dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes). - dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes). - dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes). - dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes). - e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). - efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes). - ext4: Fix deadlock during directory rename (bsc#1210763). - ext4: Fix possible corruption when moving a directory (bsc#1210763). - ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766). - ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767). - ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076). - ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764). - ext4: fix possible double unlock when moving a directory (bsc#1210763). - ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793). - fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes). - firmware: qcom_scm: Clear download bit during reboot (git-fixes). - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). - fpga: bridge: fix kernel-doc parameter description (git-fixes). - hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes). - hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes). - hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes). - i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes). - i2c: hisi: Avoid redundant interrupts (git-fixes). - i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes). - i2c: ocores: generate stop condition after timeout in polling mode (git-fixes). - i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes). - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes). - iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes). - ipmi: fix SSIF not responding under certain cond (git-fixes). - ipmi:ssif: Add send_retries increment (git-fixes). - k-m-s: Drop Linux 2.6 support - kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi). - kABI: x86/msi: Fix msi message data shadow struct (kabi). - kabi/severities: ignore KABI for NVMe target (bsc#1174777) The target code is only for testing and there are no external users. - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - locking/rwbase: Mitigate indefinite writer starvation. - media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes). - media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes). - media: max9286: Free control handler (git-fixes). - media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes). - media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes). - media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes). - media: venus: dec: Fix handling of the start cmd (git-fixes). - memstick: fix memory leak if card device is never registered (git-fixes). - mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768). - mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034). - mm: take a page reference when removing device exclusive entries (bsc#1211025). - mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes). - mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes). - mtd: core: fix error path for nvmem provider (git-fixes). - mtd: core: fix nvmem error reporting (git-fixes). - mtd: core: provide unique name for nvmem device, take two (git-fixes). - mtd: spi-nor: Fix a trivial typo (git-fixes). - net: phy: nxp-c45-tja11xx: add remove callback (git-fixes). - net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes). - nfsd: call op_release, even when op_func returns an error (git-fixes). - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes). - nilfs2: initialize unused bytes in segment summary blocks (git-fixes). - nvme initialize core quirks before calling nvme_init_subsystem (git-fixes). - nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes). - nvme-fcloop: fix 'inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage' (git-fixes). - nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes). - nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes). - nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes). - nvme-pci: fix doorbell buffer value endianness (git-fixes). - nvme-pci: fix mempool alloc size (git-fixes). - nvme-pci: fix page size checks (git-fixes). - nvme-pci: fix timeout request state check (git-fixes). - nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes). - nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes). - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes). - nvme: add device name to warning in uuid_show() (git-fixes). - nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes). - nvme: copy firmware_rev on each init (git-fixes). - nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes). - nvme: fix async event trace event (git-fixes). - nvme: fix handling single range discard request (git-fixes). - nvme: fix per-namespace chardev deletion (git-fixes). - nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes). - nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes). - nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes). - nvme: move nvme_multi_css into nvme.h (git-fixes). - nvme: return err on nvme_init_non_mdts_limits fail (git-fixes). - nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693). - nvme: set dma alignment to dword (git-fixes). - nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes). - nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes). - nvmet-tcp: fix incomplete data digest send (git-fixes). - nvmet-tcp: fix regression in data_digest calculation (git-fixes). - nvmet: add helpers to set the result field for connect commands (git-fixes). - nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes). - nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes). - nvmet: fix I/O Command Set specific Identify Controller (git-fixes). - nvmet: fix Identify Active Namespace ID list handling (git-fixes). - nvmet: fix Identify Controller handling (git-fixes). - nvmet: fix Identify Namespace handling (git-fixes). - nvmet: fix a memory leak (git-fixes). - nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes). - nvmet: fix a use-after-free (git-fixes). - nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes). - nvmet: force reconnect when number of queue changes (git-fixes). - nvmet: looks at the passthrough controller when initializing CAP (git-fixes). - nvmet: only allocate a single slab for bvecs (git-fixes). - nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes). - perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes). - perf/core: Fix the same task check in perf_event_set_output (git fixes). - perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes). - perf: fix perf_event_context->time (git fixes). - platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes). - platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes). - power: supply: cros_usbpd: reclassify 'default case!' as debug (git-fixes). - power: supply: generic-adc-battery: fix unit scaling (git-fixes). - powerpc/64: Always build with 128-bit long double (bsc#1194869). - powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869). - powerpc/hv-gpci: Fix hv_gpci event list (git fixes). - powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes). - powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc: declare unmodified attribute_group usages const (git-fixes). - regulator: core: Avoid lockdep reports when resolving supplies (git-fixes). - regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes). - regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes). - regulator: fan53555: Explicitly include bits header (git-fixes). - regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes). - regulator: stm32-pwr: fix of_iomap leak (git-fixes). - remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes). - remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes). - remoteproc: st: Call of_node_put() on iteration error (git-fixes). - remoteproc: stm32: Call of_node_put() on iteration error (git-fixes). - rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes). - rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes). - sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Move calculate of avg_load to a better location (bsc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325). - sched/fair: sanitize vruntime of entity being placed (bsc#1203325). - sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999 (Scheduler functional and performance backports)). - sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798 (CPU scheduler functional and performance backports)). - scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). - scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039) (renamed now that it's upstgream) - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). - scsi: core: Fix a procfs host directory removal regression (git-fixes). - scsi: core: Fix a source code comment (git-fixes). - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes). - scsi: hisi_sas: Check devm_add_action() return value (git-fixes). - scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes). - scsi: ipr: Work around fortify-string warning (git-fixes). - scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes). - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes). - scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes). - scsi: kABI workaround for fc_host_fpin_rcv (git-fixes). - scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). - scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes). - scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943). - scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943). - scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943). - scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943). - scsi: lpfc: Fix double word in comments (bsc#1210943). - scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943). - scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943). - scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943). - scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943). - scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943). - scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943). - scsi: lpfc: Silence an incorrect device output (bsc#1210943). - scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943). - scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943). - scsi: megaraid_sas: Fix crash after a double completion (git-fixes). - scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes). - scsi: mpt3sas: Do not print sense pool info twice (git-fixes). - scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix a memory leak (git-fixes). - scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). - scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes). - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). - scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943). - scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes). - scsi: ses: Do not attach if enclosure has no components (git-fixes). - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). - scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes). - seccomp: Move copy_seccomp() to no failure path (bsc#1210817). - selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes). - selftests: sigaltstack: fix -Wuninitialized (git-fixes). - selinux: ensure av_permissions.h is built when needed (git-fixes). - selinux: fix Makefile dependencies of flask.h (git-fixes). - serial: 8250: Add missing wakeup event reporting (git-fixes). - serial: 8250_bcm7271: Fix arbitration handling (git-fixes). - serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes). - serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes). - signal handling: do not use BUG_ON() for debugging (bsc#1210439). - signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816). - signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816). - signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816). - soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes). - spi: cadence-quadspi: fix suspend-resume implementations (git-fixes). - spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes). - spi: qup: Do not skip cleanup in remove's error path (git-fixes). - staging: iio: resolver: ads1210: fix config mode (git-fixes). - staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes). - stat: fix inconsistency between struct stat and struct compat_stat (git-fixes). - sunrpc: only free unix grouplist after RCU settles (git-fixes). - supported.conf: declaring usb_f_ncm supported as requested in (jsc#PED-3750) Support for the legacy functionality g_ncm is still under discussion (see jsc-PED#3200) For maintainance see (jsc#PED-3759) - supported.conf: support u_ether and libcomposite (jsc-PED#3750) This is necessary for g_ncm (for maintainance see jsc-PED#3759) - tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes). - tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes). - udf: Check consistency of Space Bitmap Descriptor (bsc#1210771). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Support splicing to file (bsc#1210770). - usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). - usb: chipidea: imx: avoid unnecessary probe defer (git-fixes). - usb: dwc3: gadget: Change condition for processing suspend event (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes). - usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes). - usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes). - usb: host: xhci-rcar: remove leftover quirk handling (git-fixes). - virt/coco/sev-guest: Add throttling awareness (bsc#1209927). - virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927). - virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927). - virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927). - virt/coco/sev-guest: Do some code style cleanups (bsc#1209927). - virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927). - virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927). - virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927). - virtio_ring: do not update event idx on get_buf (git-fixes). - vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes). - wifi: ath6kl: minor fix for allocation size (git-fixes). - wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes). - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes). - wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes). - wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes). - wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes). - wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes). - wifi: iwlwifi: fw: move memset before early return (git-fixes). - wifi: iwlwifi: make the loop for card preparation effective (git-fixes). - wifi: iwlwifi: mvm: check firmware response size (git-fixes). - wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes). - wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes). - wifi: iwlwifi: mvm: initialize seq variable (git-fixes). - wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes). - wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes). - wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes). - wifi: mac80211: adjust scan cancel comment/check (git-fixes). - wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes). - wifi: mt76: fix 6GHz high channel not be scanned (git-fixes). - wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes). - wifi: mwifiex: mark OF related data as maybe unused (git-fixes). - wifi: rt2x00: Fix memory leak when handling surveys (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes). - wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes). - writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769). - x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes). - x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes). - x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes). - x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). - x86/entry: Avoid very early RET (git-fixes). - x86/entry: Do not call error_entry() for XENPV (git-fixes). - x86/entry: Move CLD to the start of the idtentry macro (git-fixes). - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes). - x86/entry: Switch the stack after error_entry() returns (git-fixes). - x86/fpu: Prevent FPU state corruption (git-fixes). - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes). - x86/msi: Fix msi message data shadow struct (git-fixes). - x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes). - x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes). - x86/tsx: Disable TSX development mode at boot (git-fixes). - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes). - xhci: fix debugfs register accesses while suspended (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2256-1 Released: Fri May 19 15:26:43 2023 Summary: Security update for runc Type: security Severity: important References: 1200441 This update of runc fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2324-1 Released: Tue May 30 15:52:17 2023 Summary: Security update for cni-plugins Type: security Severity: important References: 1200441 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2325-1 Released: Tue May 30 15:57:30 2023 Summary: Security update for cni Type: security Severity: important References: 1200441 This update of cni fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2527-1 Released: Fri Jun 16 19:04:57 2023 Summary: Recommended update for NetworkManager Type: recommended Severity: moderate References: This update for NetworkManager fixes the following issues: - Create /etc/NetworkManager/conf.d by default, allowing easy override for NetworkManager.conf file with drop-in - Move default config file to /usr/lib/NetworkManager/NetworkManager.conf, as part of main package - Ensure /usr/lib/NetworkManager/conf.d is part of the package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2657-1 Released: Tue Jun 27 14:43:57 2023 Summary: Recommended update for libcontainers-common Type: recommended Severity: moderate References: 1211124 This update for libcontainers-common fixes the following issues: - New subpackage libcontainers-sles-mounts which adds SLE-specific mounts on SLE systems (bsc#1211124) - Own /etc/containers/systemd and /usr/share/containers/systemd for podman quadlet - Remove container-storage-driver.sh to default to the overlay driver instead of btrfs ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2658-1 Released: Tue Jun 27 14:46:15 2023 Summary: Recommended update for containerd, docker, runc Type: recommended Severity: moderate References: 1207004,1208074,1210298,1211578 This update for containerd, docker, runc fixes the following issues: - Update to containerd v1.6.21 (bsc#1211578) - Update to Docker 23.0.6-ce (bsc#1211578) - Update to runc v1.1.7 - Require a minimum Go version explicitly (bsc#1210298) - Re-unify packaging for SLE-12 and SLE-15 - Fix build on SLE-12 by switching back to libbtrfs-devel headers - Allow man pages to be built without internet access in OBS - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux - Fix syntax of boolean dependency - Allow to install container-selinux instead of apparmor-parser - Change to using systemd-sysusers - Update runc.keyring to upstream version - Fix the inability to use `/dev/null` when inside a container (bsc#1207004) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2782-1 Released: Tue Jul 4 17:34:42 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1152472,1152489,1160435,1172073,1189998,1191731,1193629,1194869,1195655,1195921,1203906,1205650,1205756,1205758,1205760,1205762,1205803,1206024,1206578,1207553,1208050,1208410,1208600,1208604,1208758,1209039,1209287,1209288,1209367,1209856,1209982,1210165,1210294,1210449,1210450,1210498,1210533,1210551,1210647,1210741,1210775,1210783,1210791,1210806,1210940,1210947,1211037,1211043,1211044,1211089,1211105,1211113,1211131,1211205,1211263,1211280,1211281,1211299,1211346,1211387,1211410,1211414,1211449,1211465,1211519,1211564,1211590,1211592,1211686,1211687,1211688,1211689,1211690,1211691,1211692,1211693,1211714,1211796,1211804,1211807,1211808,1211847,1211852,1211855,1211960,1212129,1212154,1212155,1212158,1212350,1212448,1212494,1212504,1212513,1212540,1212561,1212563,1212564,1212584,1212592,CVE-2022-4269,CVE-2022-45884,CVE-2022-45885,CVE-2022-45886,CVE-2022-45887,CVE-2022-45919,CVE-2023-1077,CVE-2023-1079,CVE-2023-1249,CVE-2023-1380,CVE-2023-1382,CVE-2023-2002,CVE- 2023-21102,CVE-2023-2124,CVE-2023-2156,CVE-2023-2162,CVE-2023-2269,CVE-2023-2483,CVE-2023-2513,CVE-2023-28410,CVE-2023-3006,CVE-2023-30456,CVE-2023-31084,CVE-2023-3141,CVE-2023-31436,CVE-2023-3161,CVE-2023-32233,CVE-2023-33288,CVE-2023-35788,CVE-2023-35823,CVE-2023-35828 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-35828: Fixed a use-after-free flaw inside renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). - CVE-2023-35823: Fixed a use-after-free in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). - CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). - CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). - CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294). - CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855). - CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037). - CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). - CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155). - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). - CVE-2023-1249: Fixed a use-after-free flaw inside the core dump subsystem, that could have been used to crash the system (bsc#1209039). - CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). The following non-security bugs were fixed: - 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes). - ACPI: EC: Fix oops when removing custom query handlers (git-fixes). - ACPI: bus: Ensure that notify handlers are not running after removal (git-fixes). - ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes). - ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes). - ACPI: tables: Add support for NBFT (bsc#1195921). - ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes). - ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git-fixes). - ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes). - ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes). - ALSA: firewire-digi00x: prevent potential use after free (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes). - ALSA: hda/realtek: Add Lenovo P3 Tower platform (git-fixes). - ALSA: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes). - ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes). - ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes). - ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50AU (git-fixes). - ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes). - ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes). - ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes). - ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes). - ALSA: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes). - ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes). - ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes). - ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes). - ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes). - ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes). - ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes). - ALSA: hda: Fix unhandled register update during auto-suspend period (git-fixes). - ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes). - ALSA: oss: avoid missing-prototype warnings (git-fixes). - ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes). - ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes). - ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes). - ALSA: usb-audio: Fix broken resume due to UAC3 power state (git-fixes). - ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes). - ARM: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes) - ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes). - ARM: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes). - ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes). - ARM: dts: vexpress: add missing cache properties (git-fixes). - ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes). - ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes). - ASoC: codecs: wsa881x: do not set can_multi_write flag (git-fixes). - ASoC: dwc: limit the number of overrun messages (git-fixes). - ASoC: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes). - ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes). - ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes). - ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes). - ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes). - ASoC: soc-pcm: test if a BE can be prepared (git-fixes). - ASoC: ssm2602: Add workaround for playback distortions (git-fixes). - Add a bug reference to two existing drm-hyperv changes (bsc#1211281). - Also include kernel-docs build requirements for ALP - Avoid unsuported tar parameter on SLE12 - Bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes). - Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes). - Bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes). - Bluetooth: L2CAP: fix 'bad unlock balance' in l2cap_disconnect_rsp (git-fixes). - Bluetooth: btintel: Add LE States quirk support (git-fixes). - Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes). - Bluetooth: hci_qca: fix debugfs registration (git-fixes). - Documentation/filesystems: ramfs-rootfs-initramfs: use :Author: (git-fixes). - Documentation/filesystems: sharedsubtree: add section headings (git-fixes). - HID: google: add jewel USB id (git-fixes). - HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes). - HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes). - HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280). - HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes). - HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes). - HID: wacom: Set a default resolution for older tablets (git-fixes). - HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes). - HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes). - HID: wacom: generic: Set battery quirk only when we see battery data (git-fixes). - IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes) - IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes) - IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes) - IB/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes) - Input: fix open count when closing inhibited device (git-fixes). - Input: psmouse - fix OOB access in Elantech protocol (git-fixes). - Input: xpad - add constants for GIP interface numbers (git-fixes). - Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes). - KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes). - KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes) - KVM: Disallow user memslot with size that exceeds 'unsigned long' (git-fixes) - KVM: Do not create VM debugfs files outside of the VM directory (git-fixes) - KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes) - KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes). - KVM: Prevent module exit until all VMs are freed (git-fixes) - KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes). - KVM: SVM: Fix benign 'bool vs. int' comparison in svm_set_cr0() (git-fixes). - KVM: SVM: Fix potential overflow in SEV's send|receive_update_data() (git-fixes). - KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes). - KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes). - KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes). - KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes). - KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git-fixes). - KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes). - KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes). - KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes). - KVM: arm64: Do not arm a hrtimer for an already pending timer (git-fixes) - KVM: arm64: Do not hypercall before EL2 init (git-fixes) - KVM: arm64: Do not return from void function (git-fixes) - KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes) - KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes) - KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes) - KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes) - KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes) - KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes) - KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes) - KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes) - KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes) - KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes) - KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes) - KVM: arm64: Save PSTATE early on exit (git-fixes) - KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes) - KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes) - KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes) - KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes) - KVM: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes) - KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes). - KVM: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes). - KVM: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes). - KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes). - KVM: nVMX: Inject #GP, not #UD, if 'generic' VMXON CR0/CR4 check fails (git-fixes). - KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes). - KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes). - KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes). - KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes). - KVM: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes). - KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes). - KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes). - KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes). - KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes). - KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes). - KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes). - KVM: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes). - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes). - KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes). - KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes). - KVM: x86: Protect the unused bits in MSR exiting flags (git-fixes). - KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes). - KVM: x86: Report deprecated x87 features in supported CPUID (git-fixes). - KVM: x86: do not set st->preempted when going back to user space (git-fixes). - KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes). - KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes). - PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes). - PM: hibernate: Do not get block device exclusively in test_resume mode (git-fixes). - PM: hibernate: Turn snapshot_test into global variable (git-fixes). - PM: hibernate: fix load_image_and_restore() error path (git-fixes). - RDMA/bnxt_re: Fix a possible memory leak (git-fixes) - RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes) - RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes) - RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes) - RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes) - RDMA/efa: Fix unsupported page sizes in device (git-fixes) - RDMA/hns: Fix base address table allocation (git-fixes) - RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes) - RDMA/hns: Modify the value of long message loopback slice (git-fixes) - RDMA/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383). - RDMA/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383). - RDMA/irdma: Fix Local Invalidate fencing (git-fixes) - RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383). - RDMA/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383). - RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383). - RDMA/irdma: Prevent QP use after free (git-fixes) - RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383). - RDMA/irdma: Remove excess error variables (jsc#SLE-18383). - RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022). - RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Fix a bug when the PF indicates more entries for registering memory on first packet (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022). - RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255). - RDMA/mlx5: Fix flow counter query via DEVX (git-fixes) - RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes) - RDMA/rdmavt: Delete unnecessary NULL check (git-fixes) - RDMA/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes) - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - RDMA/rxe: Fix the error 'trying to register non-static key in rxe_cleanup_task' (git-fixes) - RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes) - RDMA/siw: Fix potential page_array out of range access (git-fixes) - RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes) - RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes) - Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes). - Revert 'KVM: set owner of cpu and vm file operations' (git-fixes) - SMB3.1.1: add new tree connect ShareFlags (bsc#1193629). - SMB3: Add missing locks to protect deferred close file list (git-fixes). - SMB3: Close all deferred handles of inode in case of handle lease break (bsc#1193629). - SMB3: Close deferred file handles in case of handle lease break (bsc#1193629). - SMB3: drop reference to cfile before sending oplock break (bsc#1193629). - SMB3: force unmount was failing to close deferred close files (bsc#1193629). - SUNRPC: Clean up svc_deferred_class trace events (git-fixes). - SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775). - Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes). - Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1. - USB / dwc3: Fix a checkpatch warning in core.c (git-fixes). - USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes). - USB: core: Add routines for endpoint checks in old drivers (git-fixes). - USB: dwc3: fix use-after-free on core driver unbind (git-fixes). - USB: dwc3: qcom: fix NULL-deref on suspend (git-fixes). - USB: serial: option: add Quectel EM061KGL series (git-fixes). - USB: sisusbvga: Add endpoint checks (git-fixes). - USB: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes). - affs: initialize fsdata in affs_truncate() (git-fixes). - apparmor: add a kernel label to use on kernel objects (bsc#1211113). - arm64: Always load shadow stack pointer directly from the task struct (git-fixes) - arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes) - arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes). - arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes). - arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes). - arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes). - arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes). - arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes). - arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes). - arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes). - arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes). - arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes). - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes) - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes). - asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes). - ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes). - ata: pata_octeon_cf: drop kernel-doc notation (git-fixes). - ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes). - batman-adv: Broken sync while rescheduling delayed work (git-fixes). - block: add a bdev_max_zone_append_sectors helper (git-fixes). - bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes). - bnxt: Do not read past the end of test names (jsc#SLE-18978). - bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978). - bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978). - bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978). - bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978). - bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes). - bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978). - bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978). - bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978). - bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes). - bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes). - bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes). - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978). - bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978). - bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes) - bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes) - bpf, arm64: Feed byte-offset into bpf line info (git-fixes) - bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes) - bpf: Add extra path pointer check to d_path helper (git-fixes). - bpf: Fix UAF in task local storage (bsc#1212564). - can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes). - can: j1939: change j1939_netdev_lock type to mutex (git-fixes). - can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes). - can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes). - can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes). - can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes). - can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes). - can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes). - can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes). - can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes). - can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes). - cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes). - ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540). - ceph: force updating the msg pointer in non-split case (bsc#1211804). - cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906). - cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650). - cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650). - cgroup: Make cgroup_get_from_id() prettier (bsc#1205650). - cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650). - cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563). - cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561). - cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650). - cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563). - cgroup: reduce dependency on cgroup_mutex (bsc#1205650). - cifs: Avoid a cast in add_lease_context() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes). - cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758). - cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629). - cifs: fix potential race when tree connecting ipc (bsc#1208758). - cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758). - cifs: fix sharing of DFS connections (bsc#1208758). - cifs: fix smb1 mount regression (bsc#1193629). - cifs: mapchars mount option ignored (bsc#1193629). - cifs: missing lock when updating session status (bsc#1193629). - cifs: print smb3_fs_context::source when mounting (bsc#1193629). - cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758). - cifs: protect session status check in smb2_reconnect() (bsc#1208758). - cifs: release leases for deferred close handles when freezing (bsc#1193629). - cifs: sanitize paths in cifs_update_super_prepath (git-fixes). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes). - clk: qcom: regmap: add PHY clock source implementation (git-fixes). - clk: tegra20: fix gcc-7 constant overflow warning (git-fixes). - configfs: fix possible memory leak in configfs_create_dir() (git-fixes). - crypto: acomp - define max size for destination (jsc#PED-3692) - crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692) - crypto: qat - Fix unsigned function returning negative (jsc#PED-3692) - crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692) - crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692) - crypto: qat - abstract PFVF receive logic (jsc#PED-3692) - crypto: qat - abstract PFVF send function (jsc#PED-3692) - crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692) - crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692) - crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692) - crypto: qat - add backlog mechanism (jsc#PED-3692) - crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692) - crypto: qat - add check to validate firmware images (jsc#PED-3692) - crypto: qat - add limit to linked list parsing (jsc#PED-3692) - crypto: qat - add misc workqueue (jsc#PED-3692) - crypto: qat - add missing restarting event notification in (jsc#PED-3692) - crypto: qat - add param check for DH (jsc#PED-3692) - crypto: qat - add param check for RSA (jsc#PED-3692) - crypto: qat - add pfvf_ops (jsc#PED-3692) - crypto: qat - add resubmit logic for decompression (jsc#PED-3692) - crypto: qat - add support for 401xx devices (jsc#PED-3692) - crypto: qat - add support for compression for 4xxx (jsc#PED-3692) - crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692) - crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692) - crypto: qat - change PFVF ACK behaviour (jsc#PED-3692) - crypto: qat - change behaviour of (jsc#PED-3692) - crypto: qat - change bufferlist logic interface (jsc#PED-3692) - crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692) - crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692) - crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692) - crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692) - crypto: qat - do not rely on min version (jsc#PED-3692) - crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692) - crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692) - crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692) - crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692) - crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692) - crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - extend buffer list interface (jsc#PED-3692) - crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692) - crypto: qat - extract send and wait from (jsc#PED-3692) - crypto: qat - fix DMA transfer direction (jsc#PED-3692) - crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692) - crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692) - crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692) - crypto: qat - fix a typo in a comment (jsc#PED-3692) - crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692) - crypto: qat - fix definition of ring reset results (jsc#PED-3692) - crypto: qat - fix error return code in adf_probe (jsc#PED-3692) - crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692) - crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692) - crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692) - crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692) - crypto: qat - fix wording and formatting in code comment (jsc#PED-3692) - crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692) - crypto: qat - free irq in case of failure (jsc#PED-3692) - crypto: qat - free irqs only if allocated (jsc#PED-3692) - crypto: qat - generalize crypto request buffers (jsc#PED-3692) - crypto: qat - get compression extended capabilities (jsc#PED-3692) - crypto: qat - handle retries due to collisions in (jsc#PED-3692) - crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692) - crypto: qat - improve logging of PFVF messages (jsc#PED-3692) - crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692) - crypto: qat - introduce support for PFVF block messages (jsc#PED-3692) - crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692) - crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692) - crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692) - crypto: qat - make PFVF message construction direction (jsc#PED-3692) - crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692) - crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692) - crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692) - crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692) - crypto: qat - move pfvf collision detection values (jsc#PED-3692) - crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692) - crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692) - crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692) - crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692) - crypto: qat - re-enable registration of algorithms (jsc#PED-3692) - crypto: qat - refactor PF top half for PFVF (jsc#PED-3692) - crypto: qat - refactor pfvf version request messages (jsc#PED-3692) - crypto: qat - refactor submission logic (jsc#PED-3692) - crypto: qat - relocate PFVF PF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF VF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF disabled function (jsc#PED-3692) - crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692) - crypto: qat - relocate backlog related structures (jsc#PED-3692) - crypto: qat - relocate bufferlist logic (jsc#PED-3692) - crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692) - crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692) - crypto: qat - remove empty sriov_configure() (jsc#PED-3692) - crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692) - crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692) - crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692) - crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692) - crypto: qat - remove unneeded assignment (jsc#PED-3692) - crypto: qat - remove unneeded braces (jsc#PED-3692) - crypto: qat - remove unneeded packed attribute (jsc#PED-3692) - crypto: qat - remove unused PFVF stubs (jsc#PED-3692) - crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692) - crypto: qat - rename bufferlist functions (jsc#PED-3692) - crypto: qat - rename pfvf collision constants (jsc#PED-3692) - crypto: qat - reorganize PFVF code (jsc#PED-3692) - crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692) - crypto: qat - replace deprecated MSI API (jsc#PED-3692) - crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692) - crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692) - crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692) - crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692) - crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692) - crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692) - crypto: qat - simplify adf_enable_aer() (jsc#PED-3692) - crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692) - crypto: qat - split PFVF message decoding from handling (jsc#PED-3692) - crypto: qat - stop using iommu_present() (jsc#PED-3692) - crypto: qat - store the PFVF protocol version of the (jsc#PED-3692) - crypto: qat - store the ring-to-service mapping (jsc#PED-3692) - crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692) - crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692) - crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692) - crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692) - crypto: qat - use hweight for bit counting (jsc#PED-3692) - crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692) - crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692) - crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692) - crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes). - cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992). - debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes). - dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes). - dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes). - dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes). - dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes). - dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes). - dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes). - dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes). - dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes). - dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes). - dmaengine: mv_xor_v2: Fix an error code (git-fixes). - dmaengine: pl330: rename _start to prevent build error (git-fixes). - do not reuse connection if share marked as isolated (bsc#1193629). - docs: networking: fix x25-iface.rst heading & index order (git-fixes). - drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes). - drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes). - drm/amd/display: Fix hang when skipping modeset (git-fixes). - drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes). - drm/amd/display: edp do not add non-edid timings (git-fixes). - drm/amd/display: fix flickering caused by S/G mode (git-fixes). - drm/amd/pm: Fix power context allocation in SMU13 (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes). - drm/amd: Fix an out of bounds error in BIOS parser (git-fixes). - drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes). - drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes). - drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes). - drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes). - drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes). - drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes). - drm/amdgpu: release gpu full access after 'amdgpu_device_ip_late_init' (git-fixes). - drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes). - drm/amdgpu: update drm_display_info correctly when the edid is read (git-fixes). - drm/ast: Fix ARM compatibility (git-fixes). - drm/displayid: add displayid_get_header() and check bounds better (git-fixes). - drm/exynos: fix g2d_open/close helper function definitions (git-fixes). - drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes). - drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes). - drm/i915/dg2: Support 4k at 30 on HDMI (git-fixes). - drm/i915/dp: prevent potential div-by-zero (git-fixes). - drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes). - drm/i915/selftests: Add some missing error propagation (git-fixes). - drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes). - drm/i915/selftests: Stop using kthread_stop() (git-fixes). - drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes). - drm/i915: Use 18 fast wake AUX sync len (git-fixes). - drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes). - drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes). - drm/msm/dp: unregister audio driver during unbind (git-fixes). - drm/msm/dpu: Add INTF_5 interrupts (git-fixes). - drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes). - drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes). - drm/msm: Be more shouty if per-process pgtables are not working (git-fixes). - drm/msm: Set max segment size earlier (git-fixes). - drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes). - drm/nouveau: add nv_encoder pointer check for NULL (git-fixes). - drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes). - drm/sched: Remove redundant check (git-fixes). - drm/tegra: Avoid potential 32-bit integer overflow (git-fixes). - drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes). - drm/ttm: optimize pool allocations a bit v2 (git-fixes). - drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes). - dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes). - dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes). - dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes). - dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes). - dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes). - dt-bindings: usb: snps,dwc3: Fix 'snps,hsphy_interface' type (git-fixes). - eeprom: at24: also select REGMAP (git-fixes). - ext4: unconditionally enable the i_version counter (bsc#1211299). - f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes). - fbcon: Fix null-ptr-deref in soft_cursor (git-fixes). - fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472). - fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes). - fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes). - fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489) - fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387). - fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes). - fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes). - fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes). - fbdev: udlfb: Fix endpoint check (git-fixes). - firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes). - firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes). - firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes). - fs/jfs: fix shift exponent db_agl2size negative (git-fixes). - fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes). - fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes). - fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes). - fuse: always revalidate rename target dentry (bsc#1211808). - fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807). - futex: Resend potentially swallowed owner death notification (git-fixes). - google/gve:fix repeated words in comments (bsc#1211519). - gpio: mockup: Fix mode of debugfs files (git-fixes). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (git-fixes). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (git-fixes). - gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes). - gve: enhance no queue page list detection (bsc#1211519). - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes). - hfs/hfsplus: use WARN_ON for sanity check (git-fixes). - hfs: Fix OOB Write in hfs_asc2mac (git-fixes). - hfs: fix OOB Read in __hfs_brec_find (git-fixes). - hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes). - hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes). - i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes). - i2c: omap: Fix standard mode false ACK readings (git-fixes). - i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes). - i2c: tegra: Fix PEC support for SMBUS block read (git-fixes). - i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378). - i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378). - i40e: Fix DMA mappings leak (jsc#SLE-18378). - i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378). - i40e: Fix VF set max MTU size (jsc#SLE-18378). - i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378). - i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378). - i40e: Fix calculating the number of queue pairs (jsc#SLE-18378). - i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378). - i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378). - i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378). - i40e: Fix for VF MAC address 0 (jsc#SLE-18378). - i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378). - i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378). - i40e: Fix kernel crash during module removal (jsc#SLE-18378). - i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378). - i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378). - i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378). - i40e: Refactor tc mqprio checks (jsc#SLE-18378). - i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378). - i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378). - i40e: fix flow director packet filter programming (jsc#SLE-18378). - i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378). - i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378). - iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385). - iavf: Detach device during reset task (jsc#SLE-18385). - iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385). - iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385). - iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385). - iavf: Fix a crash during reset task (jsc#SLE-18385). - iavf: Fix bad page state (jsc#SLE-18385). - iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385). - iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385). - iavf: Fix max_rate limiting (jsc#SLE-18385). - iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385). - iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385). - iavf: fix hang on reboot with ice (jsc#SLE-18385). - iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385). - iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385). - iavf: remove mask from iavf_irq_enable_queues() (git-fixes). - ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375). - ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375). - igb: Add lock to avoid data race (jsc#SLE-18379). - igb: Enable SR-IOV after reinit (jsc#SLE-18379). - igb: Initialize mailbox message for VF reset (jsc#SLE-18379). - igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379). - igb: fix bit_shift to be in [1..8] range (git-fixes). - igb: fix nvm.ops.read() error handling (git-fixes). - igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379). - igbvf: Regard vf reset nack as success (jsc#SLE-18379). - igc: Add checking for basetime less than zero (jsc#SLE-18377). - igc: Add ndo_tx_timeout support (jsc#SLE-18377). - igc: Clean the TX buffer and TX descriptor ring (git-fixes). - igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377). - igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377). - igc: Fix possible system crash when loading module (git-fixes). - igc: Lift TAPRIO schedule restriction (jsc#SLE-18377). - igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377). - igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377). - igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377). - igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377). - igc: fix the validation logic for taprio's gate list (jsc#SLE-18377). - igc: read before write to SRRCTL register (jsc#SLE-18377). - igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377). - igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377). - iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes). - iio: adc: ad7192: Change 'shorted' channels to differential (git-fixes). - iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes). - iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes). - iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes). - iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes). - iio: imu: inv_icm42600: fix timestamp reset (git-fixes). - iio: light: vcnl4035: fixed chip ID check (git-fixes). - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448). - init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448). - init: Provide arch_cpu_finalize_init() (bsc#1212448). - init: Remove check_bugs() leftovers (bsc#1212448). - intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553). - ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384). - ixgbe: Enable setting RSS table to default values (jsc#SLE-18384). - ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384). - ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384). - ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384). - ixgbe: fix pci device refcount leak (jsc#SLE-18384). - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384). - jfs: Fix fortify moan in symlink (git-fixes). - kABI workaround for btbcm.c (git-fixes). - kABI workaround for mt76_poll_msec() (git-fixes). - kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes) - kABI: Fixed broken 3rd party dirvers issue (bsc#1208050 bsc#1211414). - kabi/severities: added Microsoft mana symbold (bsc#1210551) - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base. - kernel-docs: Add missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - kernel-source: Remove unused macro variant_symbols - kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). - kprobe: reverse kp->flags when arm_kprobe failed (git-fixes). - kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes). - kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes). - kprobes: Forbid probing on trampoline and BPF code areas (git-fixes). - kprobes: Prohibit probes in gate area (git-fixes). - kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes). - kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes). - kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes). - leds: Fix reference to led_set_brightness() in doc (git-fixes). - leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes). - leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes). - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes). - lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852). - lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852). - lpfc: Clean up SLI-4 CQE status handling (bsc#1211852). - lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852). - lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852). - lpfc: Enhance congestion statistics collection (bsc#1211852). - lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346). - lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852). - lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852). - mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes). - mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes). - mailbox: zynqmp: Fix IPI isr handling (git-fixes). - mailbox: zynqmp: Fix typo in IPI documentation (git-fixes). - mce: fix set_mce_nospec to always unmap the whole page (git-fixes). - media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes). - media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes). - media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes). - media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes). - media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes). - media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes). - media: dvb_ca_en50221: fix a size write bug (git-fixes). - media: dvb_demux: fix a bug for the continuity counter (git-fixes). - media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes). - media: netup_unidvb: fix irq init by register it at the end of probe (git-fixes). - media: netup_unidvb: fix use-after-free at del_timer() (git-fixes). - media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes). - media: radio-shark: Add endpoint checks (git-fixes). - media: rcar_fdp1: Fix the correct variable assignments (git-fixes). - media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449). - mfd: dln2: Fix memory leak in dln2_probe() (git-fixes). - mfd: tqmx86: Correct board names for TQMxE39x (git-fixes). - mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes). - misc: fastrpc: reject new invocations during device removal (git-fixes). - misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes). - mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes). - mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410). - mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410). - mmc: sdhci-esdhc-imx: make 'no-mmc-hs400' works (git-fixes). - mmc: vub300: fix invalid response handling (git-fixes). - mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes). - mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes). - mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes). - mtd: rawnand: marvell: ensure timing values are written (git-fixes). - net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes). - net/net_failover: fix txq exceeding warning (git-fixes). - net/sched: fix initialization order when updating chain 0 head (git-fixes). - net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-fixes). - net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes). - net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes). - net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes). - net: ena: Account for the number of processed bytes in XDP (git-fixes). - net: ena: Do not register memory info on XDP exchange (git-fixes). - net: ena: Fix rx_copybreak value update (git-fixes). - net: ena: Fix toeplitz initial hash value (git-fixes). - net: ena: Set default value for RX interrupt moderation (git-fixes). - net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes). - net: ena: Use bitmask to indicate packet redirection (git-fixes). - net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes). - net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes). - net: hns3: fix reset delay time to avoid configuration timeout (git-fixes). - net: hns3: fix sending pfc frames after reset issue (git-fixes). - net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes). - net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982). - net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022). - net: mana: Add support for jumbo frame (bsc#1210551). - net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551). - net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022). - net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022). - net: mana: Enable RX path to handle various MTU sizes (bsc#1210551). - net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022). - net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes). - net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022). - net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022). - net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022). - net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022). - net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551). - net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551). - net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022). - net: mana: Use napi_build_skb in RX path (bsc#1210551). - net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes). - net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564). - net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes). - net: qrtr: correct types of trace event parameters (git-fixes). - net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes). - net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes). - net: tun: avoid disabling NAPI twice (git-fixes). - net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes). - net: tun: stop NAPI when detaching queues (git-fixes). - net: tun: unlink NAPI from device on destruction (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes). - net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes). - net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes). - nfp: only report pause frame configuration for physical device (git-fixes). - nilfs2: do not write dirty data after degenerating to read-only (git-fixes). - nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes). - nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes). - nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-fixes). - nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes). - nouveau: fix client work fence deletion race (git-fixes). - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes). - nvme-multipath: fix hang when disk goes live over reconnect (git-fixes). - nvme-pci: add quirks for Samsung X5 SSDs (git-fixes). - nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes). - nvme-pci: clear the prp2 field when not used (git-fixes). - nvme-pci: disable write zeroes on various Kingston SSD (git-fixes). - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes). - nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes). - nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes). - nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes). - nvme-tcp: fix bogus request completion when failing to send AER (git-fixes). - nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes). - nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes). - nvme: also return I/O command effects from nvme_command_effects (git-fixes). - nvme: check for duplicate identifiers earlier (git-fixes). - nvme: cleanup __nvme_check_ids (git-fixes). - nvme: fix discard support without oncs (git-fixes). - nvme: fix interpretation of DMRSL (git-fixes). - nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes). - nvme: fix passthrough csi check (git-fixes). - nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes). - nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes). - nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes). - nvme: set non-mdts limits in nvme_scan_work (git-fixes). - nvmet-tcp: add bounds check on Transfer Tag (git-fixes). - nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes). - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes). - nvmet: fix mar and mor off-by-one errors (git-fixes). - nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes). - nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes). - nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes). - nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes). - octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes). - octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes). - octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes). - octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-fixes). - phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes). - phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes). - pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes). - pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes). - pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes). - platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes). - platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes). - platform/x86: hp-wmi: Support touchpad on/off (git-fixes). - platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes). - platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes). - platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes). - power: supply: Fix logic checking if system is running from battery (git-fixes). - power: supply: Ratelimit no data debug output (git-fixes). - power: supply: ab8500: Fix external_power_changed race (git-fixes). - power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes). - power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes). - power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes). - power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes). - power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition (git-fixes). - power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes). - power: supply: bq27xxx: Move bq27xxx_battery_update() down (git-fixes). - power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes). - power: supply: bq27xxx: expose battery data when CI=1 (git-fixes). - power: supply: leds: Fix blink to LED on transition (git-fixes). - power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes). - power: supply: sc27xx: Fix external_power_changed race (git-fixes). - powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729). - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662). - powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes). - powerpc/purgatory: remove PGO flags (bsc#1194869). - powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729). - powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729). - powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662). - pstore: Revert pmsg_lock back to a normal mutex (git-fixes). - purgatory: fix disabling debug info (git-fixes). - pwm: meson: Fix axg ao mux parents (git-fixes). - pwm: meson: Fix g12a ao clk81 name (git-fixes). - qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001). - qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001). - qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001). - qed/qede: Fix scheduling while atomic (git-fixes). - qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001). - qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001). - r8152: fix flow control issue of RTL8156A (git-fixes). - r8152: fix the poor throughput for 2.5G devices (git-fixes). - r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes). - rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes). - regmap: Account for register length when chunking (git-fixes). - regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes). - regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes). - regulator: Fix error checking for debugfs_create_dir (git-fixes). - regulator: mt6359: add read check for PMIC MT6359 (git-fixes). - regulator: pca9450: Fix BUCK2 enable_mask (git-fixes). - regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes). - reiserfs: Add missing calls to reiserfs_security_free() (git-fixes). - reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes). - remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes). - revert 'squashfs: harden sanity check in squashfs_read_xattr_id_table' (git-fixes). - ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes). - ring-buffer: Fix kernel-doc (git-fixes). - ring-buffer: Sync IRQ works before buffer destruction (git-fixes). - rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) - rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches - rtmutex: Ensure that the top waiter is always woken up (git-fixes). - s390/ap: fix crash on older machines based on QCI info missing (bsc#1210947) - s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686). - s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592). - s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687). - s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes). - s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688). - s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689). - s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690). - s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691). - s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692). - s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693). - s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes). - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes). - s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714). - s390: Hard lockups are observed while running stress-ng and LPAR hangs (bsc#1195655 ltc#195733). - scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-fixes). - scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes). - scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes). - scsi: libsas: Add sas_ata_device_link_abort() (git-fixes). - scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes). - scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847). - scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847). - scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847). - scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847). - scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847). - scsi: lpfc: Update congestion warning notification period (bsc#1211847). - scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847). - scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes). - scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes). - scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes). - scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960). - scsi: qla2xxx: Fix hang in task management (bsc#1211960). - scsi: qla2xxx: Fix mem access after free (bsc#1211960). - scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). - scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). - scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). - scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960). - scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960). - scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). - scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). - scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). - scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes). - scsi: stex: Fix gcc 13 warnings (git-fixes). - scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes). - selftests mount: Fix mount_setattr_test builds failed (git-fixes). - selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes). - selftests/resctrl: Allow ->setup() to return errors (git-fixes). - selftests/resctrl: Check for return value after write_schemata() (git-fixes). - selftests/resctrl: Extend CPU vendor detection (git-fixes). - selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes). - selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes). - selftests/sgx: Add 'test_encl.elf' to TEST_FILES (git-fixes). - selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes). - selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes). - selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes). - selftests: xsk: Disable IPv6 on VETH1 (git-fixes). - selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes). - selinux: do not use make's grouped targets feature yet (git-fixes). - serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes). - serial: 8250_bcm7271: balance clk_enable calls (git-fixes). - serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes). - serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes). - serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes). - serial: Add support for Advantech PCI-1611U card (git-fixes). - serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes). - serial: lantiq: add missing interrupt ack (git-fixes). - serial: qcom-geni: fix enabling deactivated interrupt (git-fixes). - serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes). - sfc: Change VF mac via PF as first preference if available (git-fixes). - sfc: Fix module EEPROM reporting for QSFP modules (git-fixes). - sfc: Fix use-after-free due to selftest_work (git-fixes). - sfc: correctly advertise tunneled IPv6 segmentation (git-fixes). - sfc: disable RXFCS and RXALL features by default (git-fixes). - sfc: ef10: do not overwrite offload features at NIC reset (git-fixes). - sfc: fix TX channel offset when using legacy interrupts (git-fixes). - sfc: fix considering that all channels have TX queues (git-fixes). - sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes). - sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes). - sfc: include vport_id in filter spec hash and equal() (git-fixes). - smb3: display debug information better for encryption (bsc#1193629). - smb3: fix problem remounting a share after shutdown (bsc#1193629). - smb3: improve parallel reads of large files (bsc#1193629). - smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629). - smb3: move some common open context structs to smbfs_common (bsc#1193629). - soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes). - soundwire: qcom: gracefully handle too many ports in DT (git-fixes). - spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes). - spi: qup: Request DMA before enabling clocks (git-fixes). - spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes). - spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - spi: tegra210-quad: Fix combined sequence (bsc#1212584) - spi: tegra210-quad: Fix iterator outside loop (git-fixes). - spi: tegra210-quad: Multi-cs support (bsc#1212584) - squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes). - staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes). - struct ci_hdrc: hide new member at end (git-fixes). - supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931) - supported.conf: mark mana_ib supported - swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes). - test_firmware: Use kstrtobool() instead of strtobool() (git-fixes). - test_firmware: fix the memory leak of the allocated firmware buffer (git-fixes). - test_firmware: prevent race conditions by a correct implementation of locking (git-fixes). - thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165). - thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165). - thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes). - tls: Skip tls_append_frag on zero copy size (git-fixes). - tools/virtio: compile with -pthread (git-fixes). - tools/virtio: fix the vringh test for virtio ring changes (git-fixes). - tools/virtio: fix virtio_test execution (git-fixes). - tools/virtio: initialize spinlocks in vring_test.c (git-fixes). - tools: bpftool: Remove invalid \' json escape (git-fixes). - tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes). - tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes). - tpm, tpm_tis: Request threaded interrupt handler (git-fixes). - tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes). - tracing/histograms: Allow variables to have some modifiers (git-fixes). - tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes). - tracing: Fix permissions for the buffer_percent file (git-fixes). - tracing: Have event format check not flag %p* on __get_dynamic_array() (git-fixes, bsc#1212350). - tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-fixes). - tracing: Update print fmt check to handle new __get_sockaddr() macro (git-fixes, bsc#1212350). - tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes). - usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes). - usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes). - usb: chipidea: core: fix possible concurrent when switch role (git-fixes). - usb: dwc3: Align DWC3_EP_* flag macros (git-fixes). - usb: dwc3: Fix a repeated word checkpatch warning (git-fixes). - usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes). - usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes). - usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes). - usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes). - usb: dwc3: gadget: Delay issuing End Transfer (git-fixes). - usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes). - usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes). - usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes). - usb: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes). - usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes). - usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes). - usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes). - usb: gadget: u_ether: Fix host MAC address case (git-fixes). - usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes). - usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes). - usb: typec: tcpm: fix multiple times discover svids error (git-fixes). - usb: typec: ucsi: Fix command cancellation (git-fixes). - usb: usbfs: Enforce page requirements for mmap (git-fixes). - usb: usbfs: Use consistent mmap functions (git-fixes). - usrmerge: Compatibility with earlier rpm (boo#1211796) - vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes). - vdpa: fix use-after-free on vp_vdpa_remove (git-fixes). - vhost/net: Clear the pending messages when the backend is removed (git-fixes). - virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes). - virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes). - virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes). - virtio_net: split free_unused_bufs() (git-fixes). - virtio_net: suppress cpu stall when free_unused_bufs (git-fixes). - watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes). - watchdog: menz069_wdt: fix watchdog initialisation (git-fixes). - watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes). - wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes). - wifi: ath: Silence memcpy run-time false positive warning (git-fixes). - wifi: b43: fix incorrect __packed annotation (git-fixes). - wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes). - wifi: cfg80211: fix locking in regulatory disconnect (git-fixes). - wifi: cfg80211: fix locking in sched scan stop work (git-fixes). - wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes). - wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes). - wifi: iwlwifi: fw: fix DBGI dump (git-fixes). - wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes). - wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes). - wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes). - wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes). - wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes). - wifi: mac80211: fix min center freq offset tracing (git-fixes). - wifi: mac80211: simplify chanctx allocation (git-fixes). - wifi: mt76: add flexible polling wait-interval support (git-fixes). - wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes). - wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes). - wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes). - wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes). - wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes). - wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git-fixes). - workqueue: Fix hung time report of worker pools (bsc#1211044). - workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044). - workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044). - workqueue: Warn when a new worker could not be created (bsc#1211044). - workqueue: Warn when a rescuer could not be created (bsc#1211044). - x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes). - x86/MCE/AMD: Use an u64 for bank_map (git-fixes). - x86/alternative: Make debug-alternative selective (bsc#1206578). - x86/alternative: Report missing return thunk details (git-fixes). - x86/alternative: Support relocations in alternatives (bsc#1206578). - x86/amd: Use IBPB for firmware calls (git-fixes). - x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes). - x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes). - x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes). - x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes). - x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes). - x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes). - x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes). - x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes). - x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205). - x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes). - x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes). - x86/fpu: Mark init functions __init (bsc#1212448). - x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448). - x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448). - x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes). - x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes). - x86/init: Initialize signal frame size late (bsc#1212448). - x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes). - x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578). - x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch - x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes). - x86/microcode/AMD: Fix mixed steppings support (git-fixes). - x86/microcode/AMD: Track patch allocation size explicitly (git-fixes). - x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes). - x86/microcode: Add explicit CPU vendor dependency (git-fixes). - x86/microcode: Adjust late loading result reporting message (git-fixes). - x86/microcode: Check CPU capabilities after late microcode update correctly (git-fixes). - x86/microcode: Rip out the OLD_INTERFACE (git-fixes). - x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes). - x86/mm: Use proper mask when setting PUD mapping (git-fixes). - x86/mm: fix poking_init() for Xen PV guests (git-fixes). - x86/nospec: Unwreck the RSB stuffing (git-fixes). - x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes). - x86/pat: Fix x86_has_pat_wp() (git-fixes). - x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes). - x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes). - x86/resctrl: Fix min_cbm_bits for AMD (git-fixes). - x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes). - x86/signal: Fix the value returned by strict_sas_size() (git-fixes). - x86/speculation/mmio: Print SMT warning (git-fixes). - x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes). - x86/static_call: Serialize __static_call_fixup() properly (git-fixes). - x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - x86/topology: Fix duplicated core ID within a package (git-fixes). - x86/topology: Fix multiple packages shown on a single-package system (git-fixes). - x86/tsx: Add a feature bit for TSX control MSR support (git-fixes). - x86: Fix return value of __setup handlers (git-fixes). - x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (git-fixes). - xen/netback: do not do grant copy across page boundary (git-fixes). - xen/netback: use same error messages for same errors (git-fixes). - xfs: fix rm_offset flag handling in rmap keys (git-fixes). - xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes). - xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes). - xhci: Fix incorrect tracking of free space on transfer rings (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2803-1 Released: Mon Jul 10 16:11:18 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1187829,1194869,1210335,1212051,1212265,1212603,1212605,1212606,1212619,1212701,1212741,1212835,1212838,1212842,1212861,1212869,1212892,CVE-2023-1829,CVE-2023-3090,CVE-2023-3111,CVE-2023-3212,CVE-2023-3357,CVE-2023-3358,CVE-2023-3389 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838). - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). - CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265). - CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). - CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605). The following non-security bugs were fixed: - Get module prefix from kmod (bsc#1212835). - Revert 'mtd: rawnand: arasan: Prevent an unsupported configuration' (git-fixes). - Revert 'net: phy: dp83867: perform soft reset and retain established link' (git-fixes). - alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes). - alsa: hda/realtek: Add 'Intel Reference board' and 'NUC 13' SSID in the ALC256 (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes). - alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes). - alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes). - amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes). - arm64: Add missing Set/Way CMO encodings (git-fixes). - arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes) - arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes) - arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes). - asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes). - asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes). - asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes). - asoc: mediatek: mt8173: Fix irq error path (git-fixes). - asoc: nau8824: Add quirk to active-high jack-detect (git-fixes). - asoc: simple-card: Add missing of_node_put() in case of error (git-fixes). - bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes). - bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes). - can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes). - can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes). - can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes). - can: length: fix bitstuffing count (git-fixes). - can: length: fix description of the RRS field (git-fixes). - can: length: make header self contained (git-fixes). - clk: Fix memory leak in devm_clk_notifier_register() (git-fixes). - clk: cdce925: check return value of kasprintf() (git-fixes). - clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes). - clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes). - clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes). - clk: keystone: sci-clk: check return value of kasprintf() (git-fixes). - clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes). - clk: si5341: check return value of {devm_}kasprintf() (git-fixes). - clk: si5341: free unused memory on probe failure (git-fixes). - clk: si5341: return error if one synth clock registration fails (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes). - clk: ti: clkctrl: check return value of kasprintf() (git-fixes). - clk: vc5: check memory returned by kasprintf() (git-fixes). - clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes). - crypto: marvell/cesa - Fix type mismatch warning (git-fixes). - crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes). - drivers: meson: secure-pwrc: always enable DMA domain (git-fixes). - drm/amd/display: Add logging for display MALL refresh setting (git-fixes). - drm/amd/display: Add minimal pipe split transition state (git-fixes). - drm/amd/display: Add wrapper to call planes and stream update (git-fixes). - drm/amd/display: Explicitly specify update type per plane info change (git-fixes). - drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes). - drm/amd/display: Use dc_update_planes_and_stream (git-fixes). - drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes). - drm/amd/display: fix the system hang while disable PSR (git-fixes). - drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes). - drm/bridge: tc358768: always enable HS video mode (git-fixes). - drm/bridge: tc358768: fix PLL parameters computation (git-fixes). - drm/bridge: tc358768: fix PLL target frequency (git-fixes). - drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes). - drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes). - drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes). - drm/exynos: vidi: fix a wrong error return (git-fixes). - drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes). - drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes). - drm/msm/dp: Free resources after unregistering them (git-fixes). - drm/msm/dpu: correct MERGE_3D length (git-fixes). - drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes). - drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes). - drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes). - drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes). - drm/radeon: fix possible division-by-zero errors (git-fixes). - drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes). - drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes). - drm/vram-helper: fix function names in vram helper doc (git-fixes). - drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-fixes). - elf: correct note name comment (git-fixes). - extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes). - extcon: Fix kernel doc of property fields to avoid warnings (git-fixes). - extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes). - extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes). - extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes). - extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes). - fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes). - firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes). - hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes). - hid: wacom: Add error check to wacom_parse_and_register() (git-fixes). - hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes). - hwrng: imx-rngc - fix the timeout for init and self check (git-fixes). - hwrng: st - keep clock enabled while hwrng is registered (git-fixes). - i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes). - i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes). - ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes) - ib/isert: Fix dead lock in ib_isert (git-fixes) - ib/isert: Fix incorrect release of isert connection (git-fixes) - ib/isert: Fix possible list corruption in CMA handler (git-fixes) - ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes) - ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604). - ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes). - ice: Do not double unplug aux on peer initiated reset (git-fixes). - ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes). - ice: Fix DSCP PFC TLV creation (git-fixes). - ice: Fix XDP memory leak when NIC is brought up and down (git-fixes). - ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes). - ice: Fix memory corruption in VF driver (git-fixes). - ice: Ignore EEXIST when setting promisc mode (git-fixes). - ice: Prevent set_channel from changing queues while RDMA active (git-fixes). - ice: Reset FDIR counter in FDIR init stage (git-fixes). - ice: add profile conflict check for AVF FDIR (git-fixes). - ice: block LAN in case of VF to VF offload (git-fixes). - ice: config netdev tc before setting queues number (git-fixes). - ice: copy last block omitted in ice_get_module_eeprom() (git-fixes). - ice: ethtool: Prohibit improper channel config for DCB (git-fixes). - ice: ethtool: advertise 1000M speeds properly (git-fixes). - ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes). - ice: fix wrong fallback logic for FDIR (git-fixes). - ice: handle E822 generic device ID in PLDM header (git-fixes). - ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes). - ice: use bitmap_free instead of devm_kfree (git-fixes). - ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes). - ieee802154: hwsim: Fix possible memory leaks (git-fixes). - ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253). - iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes). - iio: accel: fxls8962af: fixup buffer scan element type (git-fixes). - iio: adc: ad7192: Fix internal/external clock selection (git-fixes). - iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes). - input: adxl34x - do not hardcode interrupt trigger type (git-fixes). - input: drv260x - fix typo in register value define (git-fixes). - input: drv260x - remove unused .reg_defaults (git-fixes). - input: drv260x - sleep between polling GO bit (git-fixes). - input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes). - integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes). - irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes). - irqchip/ftintc010: Mark all function static (git-fixes). - irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes). - kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741). - mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes). - media: cec: core: do not set last_initiator if tx in progress (git-fixes). - memory: brcmstb_dpfe: fix testing array offset after use (git-fixes). - meson saradc: fix clock divider mask length (git-fixes). - mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes). - mfd: pm8008: Fix module autoloading (git-fixes). - mfd: rt5033: Drop rt5033-battery sub-device (git-fixes). - mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes). - mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes). - mfd: stmpe: Only disable the regulators if they are enabled (git-fixes). - misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes). - misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes). - misc: pci_endpoint_test: Re-init completion for every test (git-fixes). - mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253). - mmc: bcm2835: fix deferred probing (git-fixes). - mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes). - mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes). - mmc: mmci: stm32: fix max busy timeout calculation (git-fixes). - mmc: mtk-sd: fix deferred probing (git-fixes). - mmc: mvsdio: fix deferred probing (git-fixes). - mmc: omap: fix deferred probing (git-fixes). - mmc: omap_hsmmc: fix deferred probing (git-fixes). - mmc: owl: fix deferred probing (git-fixes). - mmc: sdhci-acpi: fix deferred probing (git-fixes). - mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes). - mmc: sdhci-spear: fix deferred probing (git-fixes). - mmc: sh_mmcif: fix deferred probing (git-fixes). - mmc: sunxi: fix deferred probing (git-fixes). - mmc: usdhi60rol0: fix deferred probing (git-fixes). - mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes). - net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253). - net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253). - net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253). - net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253). - net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253). - net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253). - net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253). - net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253). - net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253). - net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253). - net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253). - net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253). - net/mlx5: Do not use already freed action pointer (jsc#SLE-19253). - net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253). - net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253). - net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253). - net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253). - net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253). - net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253). - net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253). - net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253). - net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253). - net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253). - net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253). - net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253). - net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253). - net/mlx5: Fix steering rules cleanup (jsc#SLE-19253). - net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253). - net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253). - net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253). - net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253). - net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253). - net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253). - net/mlx5: SF, Drain health before removing device (jsc#SLE-19253). - net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253). - net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253). - net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253). - net/mlx5: add IFC bits for bypassing port select flow table (git-fixes) - net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253). - net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253). - net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253). - net/mlx5: fs, fail conflicting actions (jsc#SLE-19253). - net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253). - net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253). - net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253). - net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253). - net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253). - net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253). - net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253). - net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253). - net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253). - net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253). - net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253). - net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253). - net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253). - net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253). - net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253). - net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253). - net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253). - net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253). - net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253). - net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253). - net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253). - net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253). - net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253). - net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253). - net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253). - net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253). - net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253). - net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253). - net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253). - nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes). - nilfs2: fix buffer corruption due to concurrent device reads (git-fixes). - nvme-core: fix dev_pm_qos memleak (git-fixes). - nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes). - nvme-core: fix memory leak in dhchap_secret_store (git-fixes). - nvme-pci: add quirk for missing secondary temperature thresholds (git-fixes). - nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes). - ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes). - ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes). - ocfs2: fix non-auto defrag path not working issue (git-fixes). - pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes). - pci: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes). - pci: Release resource invalidated by coalescing (git-fixes). - pci: cadence: Fix Gen2 Link Retraining process (git-fixes). - pci: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes). - pci: ftpci100: Release the clock resources (git-fixes). - pci: pciehp: Cancel bringup sequence if card is not present (git-fixes). - pci: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes). - pci: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes). - pci: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes). - pci: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes). - pci: rockchip: Set address alignment for endpoint mode (git-fixes). - pci: rockchip: Use u32 variable to access 32-bit registers (git-fixes). - pci: rockchip: Write PCI Device ID to correct register (git-fixes). - pci: vmd: Reset VMD config register between soft reboots (git-fixes). - pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes). - pinctrl: cherryview: Return correct value if pin in push-pull mode (git-fixes). - pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-fixes). - platform/x86: think-lmi: Correct NVME password handling (git-fixes). - platform/x86: think-lmi: Correct System password interface (git-fixes). - platform/x86: think-lmi: mutex protection around multiple WMI calls (git-fixes). - platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes). - pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes). - powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869). - powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701). - powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869). - pstore/ram: Add check for kstrdup (git-fixes). - radeon: avoid double free in ci_dpm_init() (git-fixes). - rdma/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes) - rdma/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes) - rdma/bnxt_re: Fix to remove an unnecessary log (git-fixes) - rdma/bnxt_re: Fix to remove unnecessary return labels (git-fixes) - rdma/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes) - rdma/bnxt_re: Remove unnecessary checks (git-fixes) - rdma/bnxt_re: Return directly without goto jumps (git-fixes) - rdma/bnxt_re: Use unique names while registering interrupts (git-fixes) - rdma/bnxt_re: wraparound mbox producer index (git-fixes) - rdma/cma: Always set static rate to 0 for RoCE (git-fixes) - rdma/hns: Fix hns_roce_table_get return value (git-fixes) - rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes) - rdma/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes) - rdma/mlx5: Fix affinity assignment (git-fixes) - rdma/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes) - rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253). - rdma/rtrs: Fix rxe_dealloc_pd warning (git-fixes) - rdma/rtrs: Fix the last iu->buf leak in err path (git-fixes) - rdma/rxe: Fix packet length checks (git-fixes) - rdma/rxe: Fix ref count error in check_rkey() (git-fixes) - rdma/rxe: Fix rxe_cq_post (git-fixes) - rdma/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes) - rdma/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes) - rdma/rxe: Remove the unused variable obj (git-fixes) - rdma/rxe: Removed unused name from rxe_task struct (git-fixes) - rdma/uverbs: Restrict usage of privileged QKEYs (git-fixes) - rdma/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes) - regulator: core: Fix more error checking for debugfs_create_dir() (git-fixes). - regulator: core: Streamline debugfs operations (git-fixes). - regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes). - rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE. - rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git-fixes). - s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892). - s390/pkey: zeroize key blobs (git-fixes bsc#1212619). - serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes). - serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes). - serial: 8250: omap: Fix freeing of resources on failed register (git-fixes). - serial: 8250_omap: Use force_suspend and resume for system suspend (git-fixes). - serial: atmel: do not enable IRQs prematurely (git-fixes). - signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861). - soc/fsl/qe: fix usb.c build errors (git-fixes). - soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes). - soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes). - spi: dw: Round of n_bytes to power of 2 (git-fixes). - spi: lpspi: disable lpspi module irq in DMA mode (git-fixes). - spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes). - test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes). - thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes). - tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git-fixes). - tty: serial: imx: fix rs485 rx after tx (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes). - usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes). - usb: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes). - usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes). - usb: dwc3: qcom: Fix potential memory leak (git-fixes). - usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes). - usb: gadget: udc: fix NULL dereference in remove() (git-fixes). - usb: hide unused usbfs_notify_suspend/resume functions (git-fixes). - usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes). - usb: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes). - usrmerge: Adjust module path in the kernel sources (bsc#1212835). - vdpa/mlx5: Directly assign memory key (jsc#SLE-19253). - vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253). - vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253). - vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253). - vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253). - w1: fix loop in w1_fini() (git-fixes). - w1: w1_therm: fix locking behavior in convert_t (git-fixes). - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes). - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: convert msecs to jiffies where needed (git-fixes). - wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes). - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes). - wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes). - wifi: cfg80211: rewrite merging of inherited elements (git-fixes). - wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes). - wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes). - wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes). - wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes). - wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes). - wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git-fixes). - wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git-fixes). - wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes). - wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes). - writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes). - x86/build: Avoid relocation information in final vmlinux (bsc#1187829). - x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes). - x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes). - x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes). - x86/sgx: Fix race between reclaimer and page fault handler (git-fixes). - x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes). - x86/xen: fix secondary processor fpu initialization (bsc#1212869). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2868-1 Released: Tue Jul 18 11:35:52 2023 Summary: Security update for cni Type: security Severity: important References: 1206346 This update of cni fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2869-1 Released: Tue Jul 18 11:39:26 2023 Summary: Security update for cni-plugins Type: security Severity: important References: 1206346 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2989-1 Released: Wed Jul 26 16:33:56 2023 Summary: Security update for conmon Type: security Severity: important References: 1208737,1209307 This update for conmon fixes the following issues: conmon was updated to version 2.1.7: - Bumped go version to 1.19 (bsc#1209307). Bugfixes: - Fixed leaking symbolic links in the opt_socket_path directory. - Fixed cgroup oom issues (bsc#1208737). - Fixed OOM watcher for cgroupv2 `oom_kill` events. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3217-1 Released: Mon Aug 7 16:51:10 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3318-1 Released: Tue Aug 15 10:34:18 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1150305,1193629,1194869,1206418,1207129,1207894,1208788,1210565,1210584,1210627,1210780,1210853,1211131,1211243,1211738,1211811,1211867,1212301,1212502,1212604,1212846,1212901,1212905,1213010,1213011,1213012,1213013,1213014,1213015,1213016,1213017,1213018,1213019,1213020,1213021,1213024,1213025,1213032,1213034,1213035,1213036,1213037,1213038,1213039,1213040,1213041,1213059,1213061,1213087,1213088,1213089,1213090,1213092,1213093,1213094,1213095,1213096,1213098,1213099,1213100,1213102,1213103,1213104,1213105,1213106,1213107,1213108,1213109,1213110,1213111,1213112,1213113,1213114,1213134,1213167,1213245,1213247,1213252,1213258,1213259,1213263,1213264,1213272,1213286,1213287,1213304,1213523,1213524,1213543,1213585,1213586,1213588,1213620,1213653,1213705,1213713,1213715,1213747,1213756,1213759,1213777,1213810,1213812,1213856,1213857,1213863,1213867,1213870,1213871,CVE-2022-40982,CVE-2023-0459,CVE-2023-20569,CVE-2023-20593,CVE-2023-21400,CVE-2023-2156,CVE-2023-2166,CVE-2023-29 85,CVE-2023-31083,CVE-2023-3117,CVE-2023-31248,CVE-2023-3268,CVE-2023-3390,CVE-2023-35001,CVE-2023-3567,CVE-2023-3609,CVE-2023-3611,CVE-2023-3776,CVE-2023-3812,CVE-2023-4004 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418). - CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). - CVE-2023-20569: Fixed side channel attack ???Inception??? or ???RAS Poisoning??? (bsc#1213287). - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). - CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627). - CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). - CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). - CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). - CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). - CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502). - CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). - CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). - CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). - CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). - CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588). - CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). - CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). The following non-security bugs were fixed: - acpi: utils: fix acpi_evaluate_dsm_typed() redefinition error (git-fixes). - add module_firmware() for firmware_tg357766 (git-fixes). - afs: adjust ack interpretation to try and cope with nat (git-fixes). - afs: fix access after dec in put functions (git-fixes). - afs: fix afs_getattr() to refetch file status if callback break occurred (git-fixes). - afs: fix dynamic root getattr (git-fixes). - afs: fix fileserver probe rtt handling (git-fixes). - afs: fix infinite loop found by xfstest generic/676 (git-fixes). - afs: fix lost servers_outstanding count (git-fixes). - afs: fix server->active leak in afs_put_server (git-fixes). - afs: fix setting of mtime when creating a file/dir/symlink (git-fixes). - afs: fix updating of i_size with dv jump from server (git-fixes). - afs: fix vlserver probe rtt handling (git-fixes). - afs: return -eagain, not -eremoteio, when a file already locked (git-fixes). - afs: use refcount_t rather than atomic_t (git-fixes). - afs: use the operation issue time instead of the reply time for callbacks (git-fixes). - alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes). - alsa: fireface: make read-only const array for model names static (git-fixes). - alsa: hda/realtek - remove 3k pull low procedure (git-fixes). - alsa: hda/realtek: add quirk for asus rog g614jx (git-fixes). - alsa: hda/realtek: add quirk for asus rog ga402x (git-fixes). - alsa: hda/realtek: add quirk for asus rog gx650p (git-fixes). - alsa: hda/realtek: add quirk for asus rog gz301v (git-fixes). - alsa: hda/realtek: add quirk for clevo npx0snx (git-fixes). - alsa: hda/realtek: add quirk for clevo ns70au (git-fixes). - alsa: hda/realtek: add quirks for unis h3c desktop b760 & q760 (git-fixes). - alsa: hda/realtek: add support for dell oasis 13/14/16 laptops (git-fixes). - alsa: hda/realtek: amend g634 quirk to enable rear speakers (git-fixes). - alsa: hda/realtek: enable mute led on hp laptop 15s-eq2xxx (git-fixes). - alsa: hda/realtek: fix generic fixup definition for cs35l41 amp (git-fixes). - alsa: hda/realtek: support asus g713pv laptop (git-fixes). - alsa: hda/realtek: whitespace fix (git-fixes). - alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes). - alsa: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes). - alsa: oxfw: make read-only const array models static (git-fixes). - alsa: pcm: fix potential data race at pcm memory allocation helpers (git-fixes). - alsa: usb-audio: add quirk for microsoft modern wireless headset (bsc#1207129). - alsa: usb-audio: update for native dsd support quirks (git-fixes). - apparmor: fix missing error check for rhashtable_insert_fast (git-fixes). - arm64/mm: mark private vm_fault_x defines as vm_fault_t (git-fixes) - arm64: dts: microchip: sparx5: do not use psci on reference boards (git-fixes) - arm64: vdso: pass (void *) to virt_to_page() (git-fixes) - arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes) - asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes). - asoc: codecs: es8316: fix dmic config (git-fixes). - asoc: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes). - asoc: codecs: wcd934x: fix resource leaks on component remove (git-fixes). - asoc: codecs: wcd938x: fix codec initialisation race (git-fixes). - asoc: codecs: wcd938x: fix db range for hphl and hphr (git-fixes). - asoc: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes). - asoc: codecs: wcd938x: fix soundwire initialisation race (git-fixes). - asoc: da7219: check for failure reading aad irq events (git-fixes). - asoc: da7219: flush pending aad irq when suspending (git-fixes). - asoc: fsl_sai: disable bit clock with transmitter (git-fixes). - asoc: fsl_spdif: silence output on stop (git-fixes). - asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: tegra: fix adx byte map (git-fixes). - asoc: tegra: fix amx byte map (git-fixes). - asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes). - ata: pata_ns87415: mark ns87560_tf_read static (git-fixes). - block, bfq: fix division by zero error on zero wsum (bsc#1213653). - block: fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes). - can: bcm: fix uaf in bcm_proc_show() (git-fixes). - can: gs_usb: gs_can_close(): add missing set of can state to can_state_stopped (git-fixes). - ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856). - cifs: add a warning when the in-flight count goes negative (bsc#1193629). - cifs: address unused variable warning (bsc#1193629). - cifs: do all necessary checks for credits within or before locking (bsc#1193629). - cifs: fix lease break oops in xfstest generic/098 (bsc#1193629). - cifs: fix max_credits implementation (bsc#1193629). - cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629). - cifs: fix session state check in smb2_find_smb_ses (bsc#1193629). - cifs: fix session state transition to avoid use-after-free issue (bsc#1193629). - cifs: fix sockaddr comparison in iface_cmp (bsc#1193629). - cifs: fix status checks in cifs_tree_connect (bsc#1193629). - cifs: log session id when a matching ses is not found (bsc#1193629). - cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629). - cifs: prevent use-after-free by freeing the cfile later (bsc#1193629). - cifs: print all credit counters in debugdata (bsc#1193629). - cifs: print client_guid in debugdata (bsc#1193629). - cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629). - cifs: print nosharesock value while dumping mount options (bsc#1193629). - clk: qcom: camcc-sc7180: add parent dependency to all camera gdscs (git-fixes). - clk: qcom: gcc-ipq6018: use floor ops for sdcc clocks (git-fixes). - coda: avoid partial allocation of sig_inputargs (git-fixes). - codel: fix kernel-doc notation warnings (git-fixes). - crypto: kpp - add helper to set reqsize (git-fixes). - crypto: qat - use helper to set reqsize (git-fixes). - delete suse/memcg-drop-kmem-limit_in_bytes. drop the patch in order to fix bsc#1213705. - devlink: fix kernel-doc notation warnings (git-fixes). - dlm: fix missing lkb refcount handling (git-fixes). - dlm: fix plock invalid read (git-fixes). - docs: networking: update codeaurora references for rmnet (git-fixes). - documentation: abi: sysfs-class-net-qmi: pass_through contact update (git-fixes). - documentation: bonding: fix the doc of peer_notif_delay (git-fixes). - documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-fixes). - documentation: timers: hrtimers: make hybrid union historical (git-fixes). - drm/amd/display: correct `dmub_fw_version` macro (git-fixes). - drm/amd/display: disable mpc split by default on special asic (git-fixes). - drm/amd/display: keep phy active for dp displays on dcn31 (git-fixes). - drm/amdgpu: avoid restore process run into dead loop (git-fixes). - drm/amdgpu: fix clearing mappings for bos that are always valid in vm (git-fixes). - drm/amdgpu: set vmbo destroy after pt bo is created (git-fixes). - drm/amdgpu: validate vm ioctl flags (git-fixes). - drm/atomic: allow vblank-enabled + self-refresh 'disable' (git-fixes). - drm/atomic: fix potential use-after-free in nonblocking commits (git-fixes). - drm/bridge: tc358768: add atomic_get_input_bus_fmts() implementation (git-fixes). - drm/bridge: tc358768: fix tclk_trailcnt computation (git-fixes). - drm/bridge: tc358768: fix ths_trailcnt computation (git-fixes). - drm/bridge: tc358768: fix ths_zerocnt computation (git-fixes). - drm/client: fix memory leak in drm_client_modeset_probe (git-fixes). - drm/client: fix memory leak in drm_client_target_cloned (git-fixes). - drm/i915/psr: use hw.adjusted mode when calculating io/fast wake times (git-fixes). - drm/i915: fix one wrong caching mode enum usage (git-fixes). - drm/msm/adreno: fix snapshot bindless_data size (git-fixes). - drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes). - drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes). - drm/msm/dpu: set dpu_data_hctl_en for in intf_sc7180_mask (git-fixes). - drm/msm: fix is_err_or_null() vs null check in a5xx_submit_in_rb() (git-fixes). - drm/panel: simple: add connector_type for innolux_at043tn24 (git-fixes). - drm/panel: simple: add powertip ph800480t013 drm_display_mode flags (git-fixes). - drm/radeon: fix integer overflow in radeon_cs_parser_init (git-fixes). - drm/ttm: do not leak a resource on swapout move error (git-fixes). - drop amdgpu patches for fixing regression (bsc#1213304,bsc#1213777) - dt-bindings: phy: brcm,brcmstb-usb-phy: fix error in 'compatible' conditional schema (git-fixes). - enable nxp snvs rtc driver for i.mx 8mq/8mp (jsc#PED-4758) - ext4: add ea_inode checking to ext4_iget() (bsc#1213106). - ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088). - ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109). - ext4: add strict range checks while freeing blocks (bsc#1213089). - ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016). - ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018). - ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090). - ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103). - ext4: disallow ea_inodes with extended attributes (bsc#1213108). - ext4: fail ext4_iget if special inode unallocated (bsc#1213010). - ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111). - ext4: fix data races when using cached status extents (bsc#1213102). - ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105). - ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015). - ext4: fix lockdep warning when enabling mmp (bsc#1213100). - ext4: fix reusing stale buffer heads from last failed mounting (bsc#1213020). - ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096). - ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021). - ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098). - ext4: fix warning in ext4_update_inline_data (bsc#1213012). - ext4: fix warning in mb_find_extent (bsc#1213099). - ext4: improve error handling from ext4_dirhash() (bsc#1213104). - ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017). - ext4: move where set the may_inline_data flag is set (bsc#1213011). - ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019). - ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087). - ext4: refuse to create ea block when umounted (bsc#1213093). - ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107). - ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110). - ext4: update s_journal_inum if it changes after journal replay (bsc#1213094). - ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092). - ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013). - fbdev: au1200fb: fix missing irq check in au1200fb_drv_probe (git-fixes). - fbdev: imxfb: warn about invalid left/right margin (git-fixes). - file: always lock position for fmode_atomic_pos (bsc#1213759). - fix documentation of panic_on_warn (git-fixes). - fs: dlm: add midcomms init/start functions (git-fixes). - fs: dlm: do not set stop rx flag after node reset (git-fixes). - fs: dlm: filter user dlm messages for kernel locks (git-fixes). - fs: dlm: fix log of lowcomms vs midcomms (git-fixes). - fs: dlm: fix race between test_bit() and queue_work() (git-fixes). - fs: dlm: fix race in lowcomms (git-fixes). - fs: dlm: handle -ebusy first in lock arg validation (git-fixes). - fs: dlm: move sending fin message into state change handling (git-fixes). - fs: dlm: retry accept() until -eagain or error returns (git-fixes). - fs: dlm: return positive pid value for f_getlk (git-fixes). - fs: dlm: start midcomms before scand (git-fixes). - fs: hfsplus: remove warn_on() from hfsplus_cat_{read,write}_inode() (git-fixes). - fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes). - fs: jfs: fix null-ptr-deref read in txbegin (git-fixes). - fs: jfs: fix ubsan: array-index-out-of-bounds in dballocdmaplev (git-fixes). - fuse: ioctl: translate enosys in outarg (bsc#1213524). - fuse: revalidate: do not invalidate if interrupted (bsc#1213523). - gve: set default duplex configuration to full (git-fixes). - gve: unify driver name usage (git-fixes). - hvcs: fix hvcs port reference counting (bsc#1213134 ltc#202861). - hvcs: get reference to tty in remove (bsc#1213134 ltc#202861). - hvcs: synchronize hotplug remove with port free (bsc#1213134 ltc#202861). - hvcs: use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861). - hvcs: use driver groups to manage driver attributes (bsc#1213134 ltc#202861). - hvcs: use vhangup in hotplug remove (bsc#1213134 ltc#202861). - hwmon: (adm1275) allow setting sample averaging (git-fixes). - hwmon: (k10temp) enable amd3255 proc to show negative temperature (git-fixes). - hwmon: (nct7802) fix for temp6 (peci1) processed even if peci1 disabled (git-fixes). - hwmon: (pmbus/adm1275) fix problems with temperature monitoring on adm1272 (git-fixes). - i2c: xiic: defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes). - i2c: xiic: do not try to handle more interrupt events after error (git-fixes). - iavf: fix out-of-bounds when setting channels on remove (git-fixes). - iavf: fix use-after-free in free_netdev (git-fixes). - iavf: use internal state to free traffic irqs (git-fixes). - ib/hfi1: use bitmap_zalloc() when applicable (git-fixes) - igc: check if hardware tx timestamping is enabled earlier (git-fixes). - igc: enable and fix rx hash usage by netstack (git-fixes). - igc: fix inserting of empty frame for launchtime (git-fixes). - igc: fix kernel panic during ndo_tx_timeout callback (git-fixes). - igc: fix launchtime before start of cycle (git-fixes). - igc: fix race condition in ptp tx code (git-fixes). - igc: handle pps start time programming for past time values (git-fixes). - igc: prevent garbled tx queue with xdp zerocopy (git-fixes). - igc: remove delay during tx ring configuration (git-fixes). - igc: set tp bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes). - igc: work around hw bug causing missing timestamps (git-fixes). - inotify: avoid reporting event with invalid wd (bsc#1213025). - input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes). - input: iqs269a - do not poll during ati (git-fixes). - input: iqs269a - do not poll during suspend or resume (git-fixes). - jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095). - jdb2: do not refuse invalidation of already invalidated buffers (bsc#1213014). - jffs2: fix memory leak in jffs2_do_fill_super (git-fixes). - jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes). - jffs2: fix memory leak in jffs2_scan_medium (git-fixes). - jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes). - jffs2: gc deadlock reading a page that is used in jffs2_write_begin() (git-fixes). - jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes). - jfs: jfs_dmap: validate db_l2nbperpage while mounting (git-fixes). - kabi/severities: add vas symbols changed due to recent fix vas accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers - kabi: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243). - kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps') - kselftest: vdso: fix accumulation of uninitialized ret when clock_realtime is undefined (git-fixes). - kvm: arm64: do not read a hw interrupt pending state in user context (git-fixes) - kvm: arm64: warn if accessing timer pending state outside of vcpu (bsc#1213620) - kvm: do not null dereference ops->destroy (git-fixes) - kvm: downgrade two bug_ons to warn_on_once (git-fixes) - kvm: initialize debugfs_dentry when a vm is created to avoid null (git-fixes) - kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867). - kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git-fixes). - kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git-fixes). - kvm: vmx: restore vmx_vmexit alignment (git-fixes). - kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes). - leds: trigger: netdev: recheck netdev_led_mode_linkup on dev rename (git-fixes). - libceph: harden msgr2.1 frame segment length checks (bsc#1213857). - media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes). - media: cec: i2c: ch7322: also select regmap (git-fixes). - media: i2c: correct format propagation for st-mipid02 (git-fixes). - media: staging: atomisp: select v4l2_fwnode (git-fixes). - media: usb: check az6007_read() return value (git-fixes). - media: usb: siano: fix warning due to null work_func_t function pointer (git-fixes). - media: venus: helpers: fix align() of non power of two (git-fixes). - media: videodev2.h: fix struct v4l2_input tuner index comment (git-fixes). - memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905). - mmc: core: disable trim on kingston emmc04g-m627 (git-fixes). - mmc: sdhci: fix dma configure compatibility issue when 64bit dma mode is used (git-fixes). - net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). - net/sched: sch_qfq: reintroduce lmax bound check for mtu (bsc#1213585). - net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes). - net: mana: add support for vlan tagging (bsc#1212301). - net: mana: batch ringing rx queue doorbell on receiving packets (bsc#1212901). - net: mana: use the correct wqe count for ringing rq doorbell (bsc#1212901). - net: phy: marvell10g: fix 88x3310 power up (git-fixes). - net: phy: prevent stale pointer dereference in phy_init() (git-fixes). - nfsd: add encoding of op_recall flag for write delegation (git-fixes). - nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes). - nfsd: fix sparse warning (git-fixes). - nfsd: remove open coding of string copy (git-fixes). - nfsv4.1: always send a reclaim_complete after establishing lease (git-fixes). - nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git-fixes). - ntb: amd: fix error handling in amd_ntb_pci_driver_init() (git-fixes). - ntb: idt: fix error handling in idt_pci_driver_init() (git-fixes). - ntb: intel: fix error handling in intel_ntb_pci_driver_init() (git-fixes). - ntb: ntb_tool: add check for devm_kcalloc (git-fixes). - ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes). - nvme-multipath: support io stats on the mpath device (bsc#1210565). - nvme-pci: fix dma direction of unmapping integrity data (git-fixes). - nvme-pci: remove nvme_queue from nvme_iod (git-fixes). - nvme: introduce nvme_start_request (bsc#1210565). - ocfs2: check new file size on fallocate call (git-fixes). - ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes). - ocfs2: switch to security_inode_init_security() (git-fixes). - octeontx-af: fix hardware timestamp configuration (git-fixes). - octeontx2-af: move validation of ptp pointer before its usage (git-fixes). - octeontx2-pf: add additional check for mcam rules (git-fixes). - opp: fix use-after-free in lazy_opp_tables after probe deferral (git-fixes). - pci/pm: avoid putting elopos e2/s2/h2 pcie ports in d3cold (git-fixes). - pci: add function 1 dma alias quirk for marvell 88se9235 (git-fixes). - phy: hisilicon: fix an out of bounds check in hisi_inno_phy_probe() (git-fixes). - phy: revert 'phy: remove soc_exynos4212 dep. from phy_exynos4x12_usb' (git-fixes). - phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes). - phy: tegra: xusb: clear the driver reference in usb-phy dev (git-fixes). - pie: fix kernel-doc notation warning (git-fixes). - pinctrl: amd: detect internal gpio0 debounce handling (git-fixes). - pinctrl: amd: do not show `invalid config param` errors (git-fixes). - pinctrl: amd: fix mistake in handling clearing pins at startup (git-fixes). - pinctrl: amd: only use special debounce behavior for gpio 0 (git-fixes). - pinctrl: amd: use amd_pinconf_set() for all config options (git-fixes). - platform/x86: msi-laptop: fix rfkill out-of-sync on msi wind u100 (git-fixes). - powerpc/64: only warn if __pa()/__va() called with bad addresses (bsc#1194869). - powerpc/64s: fix vas mm use after free (bsc#1194869). - powerpc/book3s64/mm: fix directmap stats in /proc/meminfo (bsc#1194869). - powerpc/bpf: fix use of user_pt_regs in uapi (bsc#1194869). - powerpc/ftrace: remove ftrace init tramp once kernel init is complete (bsc#1194869). - powerpc/interrupt: do not read msr from interrupt_exit_kernel_prepare() (bsc#1194869). - powerpc/mm/dax: fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes). - powerpc/mm: switch obsolete dssall to .long (bsc#1194869). - powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869). - powerpc/powernv/vas: assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869). - powerpc/prom_init: fix kernel config grep (bsc#1194869). - powerpc/secvar: fix refcount leak in format_show() (bsc#1194869). - powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869). - powerpc: clean vdso32 and vdso64 directories (bsc#1194869). - powerpc: define get_cycles macro for arch-override (bsc#1194869). - powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869). - pwm: ab8500: fix error code in probe() (git-fixes). - pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes). - pwm: sysfs: do not apply state to already disabled pwms (git-fixes). - rdma/bnxt_re: fix hang during driver unload (git-fixes) - rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes) - rdma/core: update cma destination address on rdma_resolve_addr (git-fixes) - rdma/irdma: add missing read barriers (git-fixes) - rdma/irdma: fix data race on cqp completion stats (git-fixes) - rdma/irdma: fix data race on cqp request done (git-fixes) - rdma/irdma: fix op_type reporting in cqes (git-fixes) - rdma/irdma: report correct wc error (git-fixes) - rdma/mlx4: make check for invalid flags stricter (git-fixes) - rdma/mthca: fix crash when polling cq for shared qps (git-fixes) - rdma/rxe: fix access checks in rxe_check_bind_mw (git-fixes) - regmap: account for register length in smbus i/o limits (git-fixes). - regmap: drop initial version of maximum transfer length fixes (git-fixes). - revert 'arm64: dts: zynqmp: add address-cells property to interrupt (git-fixes) - revert 'debugfs, coccinelle: check for obsolete define_simple_attribute() usage' (git-fixes). - revert 'drm/amd/display: edp do not add non-edid timings' (git-fixes). - revert 'nfsv4: retry lock on old_stateid during delegation return' (git-fixes). - revert 'usb: dwc3: core: enable autoretry feature in the controller' (git-fixes). - revert 'usb: gadget: tegra-xudc: fix error check in tegra_xudc_powerdomain_init()' (git-fixes). - revert 'usb: xhci: tegra: fix error check' (git-fixes). - revert 'xhci: add quirk for host controllers that do not update endpoint dcs' (git-fixes). - rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*. - rpm: update dependency to match current kmod. - rsi: remove kernel-doc comment marker (git-fixes). - rxrpc, afs: fix selection of abort codes (git-fixes). - s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259). - s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258). - s390/bpf: add expoline to tail calls (git-fixes bsc#1213870). - s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810). - s390/debug: add _asm_s390_ prefix to header guard (git-fixes bsc#1213263). - s390/decompressor: specify __decompress() buf len to avoid overflow (git-fixes bsc#1213863). - s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871). - s390/percpu: add read_once() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252). - s390/qeth: fix vipa deletion (git-fixes bsc#1213713). - s390/vmem: fix empty page tables cleanup under kasan (git-fixes bsc#1213715). - s390: define runtime_discard_exit to fix link error with gnu ld < 2.36 (git-fixes bsc#1213264). - s390: discard .interp section (git-fixes bsc#1213247). - s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870). - scftorture: count reschedule ipis (git-fixes). - sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes) - sched: fix debug && !schedstats warn (git-fixes) - scsi: lpfc: abort outstanding els cmds when mailbox timeout error is detected (bsc#1213756). - scsi: lpfc: avoid -wstringop-overflow warning (bsc#1213756). - scsi: lpfc: clean up sli-4 sysfs resource reporting (bsc#1213756). - scsi: lpfc: copyright updates for 14.2.0.14 patches (bsc#1213756). - scsi: lpfc: fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756). - scsi: lpfc: fix incorrect big endian type assignment in bsg loopback path (bsc#1213756). - scsi: lpfc: fix incorrect big endian type assignments in fdmi and vmid paths (bsc#1213756). - scsi: lpfc: fix lpfc_name struct packing (bsc#1213756). - scsi: lpfc: make fabric zone discovery more robust when handling unsolicited logo (bsc#1213756). - scsi: lpfc: pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756). - scsi: lpfc: qualify ndlp discovery state when processing rscn (bsc#1213756). - scsi: lpfc: refactor cpu affinity assignment paths (bsc#1213756). - scsi: lpfc: remove extra ndlp kref decrement in flogi cmpl for loop topology (bsc#1213756). - scsi: lpfc: replace all non-returning strlcpy() with strscpy() (bsc#1213756). - scsi: lpfc: replace one-element array with flexible-array member (bsc#1213756). - scsi: lpfc: revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756). - scsi: lpfc: set establish image pair service parameter only for target functions (bsc#1213756). - scsi: lpfc: simplify fcp_abort transport callback log message (bsc#1213756). - scsi: lpfc: update lpfc version to 14.2.0.14 (bsc#1213756). - scsi: lpfc: use struct_size() helper (bsc#1213756). - scsi: qla2xxx: adjust iocb resource on qpair create (bsc#1213747). - scsi: qla2xxx: array index may go out of bound (bsc#1213747). - scsi: qla2xxx: avoid fcport pointer dereference (bsc#1213747). - scsi: qla2xxx: check valid rport returned by fc_bsg_to_rport() (bsc#1213747). - scsi: qla2xxx: correct the index of array (bsc#1213747). - scsi: qla2xxx: drop useless list_head (bsc#1213747). - scsi: qla2xxx: fix buffer overrun (bsc#1213747). - scsi: qla2xxx: fix command flush during tmf (bsc#1213747). - scsi: qla2xxx: fix deletion race condition (bsc#1213747). - scsi: qla2xxx: fix end of loop test (bsc#1213747). - scsi: qla2xxx: fix erroneous link up failure (bsc#1213747). - scsi: qla2xxx: fix error code in qla2x00_start_sp() (bsc#1213747). - scsi: qla2xxx: fix inconsistent tmf timeout (bsc#1213747). - scsi: qla2xxx: fix null pointer dereference in target mode (bsc#1213747). - scsi: qla2xxx: fix potential null pointer dereference (bsc#1213747). - scsi: qla2xxx: fix session hang in gnl (bsc#1213747). - scsi: qla2xxx: fix tmf leak through (bsc#1213747). - scsi: qla2xxx: limit tmf to 8 per function (bsc#1213747). - scsi: qla2xxx: pointer may be dereferenced (bsc#1213747). - scsi: qla2xxx: remove unused nvme_ls_waitq wait queue (bsc#1213747). - scsi: qla2xxx: replace one-element array with declare_flex_array() helper (bsc#1213747). - scsi: qla2xxx: silence a static checker warning (bsc#1213747). - scsi: qla2xxx: turn off noisy message log (bsc#1213747). - scsi: qla2xxx: update version to 10.02.08.400-k (bsc#1213747). - scsi: qla2xxx: update version to 10.02.08.500-k (bsc#1213747). - scsi: qla2xxx: use vmalloc_array() and vcalloc() (bsc#1213747). - security: keys: modify mismatched function name (git-fixes). - selftests: mptcp: depend on syn_cookies (git-fixes). - selftests: mptcp: sockopt: return error if wrong mark (git-fixes). - selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes). - selftests: tc: add 'ct' action kconfig dep (git-fixes). - selftests: tc: add conntrack procfs kconfig (git-fixes). - selftests: tc: set timeout to 15 minutes (git-fixes). - serial: qcom-geni: drop bogus runtime pm state update (git-fixes). - serial: sifive: fix sifive_serial_console_setup() section (git-fixes). - signal/powerpc: on swapcontext failure force sigsegv (bsc#1194869). - signal: replace force_sigsegv(sigsegv) with force_fatal_sig(sigsegv) (bsc#1194869). - smb3: do not reserve too many oplock credits (bsc#1193629). - smb3: missing null check in smb2_change_notify (bsc#1193629). - smb: client: fix broken file attrs with nodfs mounts (bsc#1193629). - smb: client: fix missed ses refcounting (git-fixes). - smb: client: fix parsing of source mount option (bsc#1193629). - smb: client: fix shared dfs root mounts with different prefixes (bsc#1193629). - smb: client: fix warning in cifs_match_super() (bsc#1193629). - smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629). - smb: client: fix warning in cifsfindfirst() (bsc#1193629). - smb: client: fix warning in cifsfindnext() (bsc#1193629). - smb: client: fix warning in generic_ip_connect() (bsc#1193629). - smb: client: improve dfs mount check (bsc#1193629). - smb: client: remove redundant pointer 'server' (bsc#1193629). - smb: delete an unnecessary statement (bsc#1193629). - smb: move client and server files to common directory fs/smb (bsc#1193629). - smb: remove obsolete comment (bsc#1193629). - soundwire: qcom: fix storing port config out-of-bounds (git-fixes). - soundwire: qcom: update status correctly with mask (git-fixes). - spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-fixes). - spi: bcm63xx: fix max prepend length (git-fixes). - staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-fixes). - staging: r8712: fix memory leak in _r8712_init_xmit_priv() (git-fixes). - sunrpc: always free ctxt when freeing deferred request (git-fixes). - sunrpc: double free xprt_ctxt while still in use (git-fixes). - sunrpc: fix trace_svc_register() call site (git-fixes). - sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes). - sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes). - sunrpc: remove the maximum number of retries in call_bind_status (git-fixes). - svcrdma: prevent page release when nothing was received (git-fixes). - tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes). - tpm_tis: explicitly check for error code (git-fixes). - tty: n_gsm: fix uaf in gsm_cleanup_mux (git-fixes). - tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes). - ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584). - ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). - ubifs: add missing iput if do_tmpfile() failed in rename whiteout (git-fixes). - ubifs: do_rename: fix wrong space budget when target inode's nlink > 1 (git-fixes). - ubifs: error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes). - ubifs: fix 'ui->dirty' race between do_tmpfile() and writeback work (git-fixes). - ubifs: fix aa deadlock when setting xattr for encrypted file (git-fixes). - ubifs: fix build errors as symbol undefined (git-fixes). - ubifs: fix deadlock in concurrent rename whiteout and inode writeback (git-fixes). - ubifs: fix memory leak in alloc_wbufs() (git-fixes). - ubifs: fix memory leak in do_rename (git-fixes). - ubifs: fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes). - ubifs: fix to add refcount once page is set private (git-fixes). - ubifs: fix wrong dirty space budget for dirty inode (git-fixes). - ubifs: free memory for tmpfile name (git-fixes). - ubifs: rectify space amount budget for mkdir/tmpfile operations (git-fixes). - ubifs: rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes). - ubifs: rectify space budget for ubifs_xrename() (git-fixes). - ubifs: rename whiteout atomically (git-fixes). - ubifs: rename_whiteout: correct old_dir size computing (git-fixes). - ubifs: rename_whiteout: fix double free for whiteout_ui->data (git-fixes). - ubifs: reserve one leb for each journal head while doing budget (git-fixes). - ubifs: setflags: make dirtied_ino_d 8 bytes aligned (git-fixes). - ubifs: ubifs_writepage: mark page dirty after writing inode failed (git-fixes). - udf: avoid double brelse() in udf_rename() (bsc#1213032). - udf: define efscorrupted error code (bsc#1213038). - udf: detect system inodes linked into directory hierarchy (bsc#1213114). - udf: discard preallocation before extending file with a hole (bsc#1213036). - udf: do not bother looking for prealloc extents if i_lenextents matches i_size (bsc#1213035). - udf: do not bother merging very long extents (bsc#1213040). - udf: do not update file length for failed writes to inline files (bsc#1213041). - udf: fix error handling in udf_new_inode() (bsc#1213112). - udf: fix extending file within last block (bsc#1213037). - udf: fix preallocation discarding at indirect extent boundary (bsc#1213034). - udf: preserve link count of system files (bsc#1213113). - udf: truncate added extents on failed expansion (bsc#1213039). - update config and supported.conf files due to renaming. - update suse/rdma-mthca-fix-crash-when-polling-cq-for-shared-qps. (git-fixes bsc#1212604). added bug reference. - usb: dwc2: fix some error handling paths (git-fixes). - usb: dwc2: platform: improve error reporting for problems during .remove() (git-fixes). - usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes). - usb: dwc3: pci: skip byt gpio lookup table for hardwired phy (git-fixes). - usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). - usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes). - usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes). - usb: serial: option: add lara-r6 01b pids (git-fixes). - usb: xhci-mtk: set the dma max_seg_size (git-fixes). - vhost: support packed when setting-getting vring_base (git-fixes). - vhost_net: revert upend_idx only on retriable error (git-fixes). - virtio-net: maintain reverse cleanup order (git-fixes). - virtio_net: fix error unwinding of xdp initialization (git-fixes). - wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes). - wifi: ray_cs: drop useless status variable in parse_addr() (git-fixes). - wifi: ray_cs: utilize strnlen() in parse_addr() (git-fixes). - wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes). - wl3501_cs: use eth_hw_addr_set() (git-fixes). - writeback: fix call of incorrect macro (bsc#1213024). - x86/pvh: obtain vga console info in dom0 (git-fixes). - x86: fix .brk attribute in linker script (git-fixes). - xen/blkfront: only check req_fua for writes (git-fixes). - xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-fixes). - xfs: ail needs asynchronous cil forcing (bsc#1211811). - xfs: async cil flushes need pending pushes to be made stable (bsc#1211811). - xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811). - xfs: cil work is serialised, not pipelined (bsc#1211811). - xfs: clean up the rtbitmap fsmap backend (git-fixes). - xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes). - xfs: do not reverse order of items in bulk ail insertion (git-fixes). - xfs: do not run shutdown callbacks on active iclogs (bsc#1211811). - xfs: drop async cache flushes from cil commits (bsc#1211811). - xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811). - xfs: fix getfsmap reporting past the last rt extent (git-fixes). - xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes). - xfs: fix interval filtering in multi-step fsmap queries (git-fixes). - xfs: fix logdev fsmap query result filtering (git-fixes). - xfs: fix off-by-one error when the last rt extent is in use (git-fixes). - xfs: fix uninitialized variable access (git-fixes). - xfs: make fsmap backend function key parameters const (git-fixes). - xfs: make the record pointer passed to query_range functions const (git-fixes). - xfs: move the cil workqueue to the cil (bsc#1211811). - xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811). - xfs: order cil checkpoint start records (bsc#1211811). - xfs: pass a cil context to xlog_write() (bsc#1211811). - xfs: pass explicit mount pointer to rtalloc query functions (git-fixes). - xfs: rework xlog_state_do_callback() (bsc#1211811). - xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811). - xfs: separate out log shutdown callback processing (bsc#1211811). - xfs: wait iclog complete before tearing down ail (bsc#1211811). - xfs: xlog_state_ioerror must die (bsc#1211811). - xhci: fix resume issue of some zhaoxin hosts (git-fixes). - xhci: fix trb prefetch issue of zhaoxin hosts (git-fixes). - xhci: show zhaoxin xhci root hub speed correctly (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) The following package changes have been done: - libsemanage-conf-3.4-150400.1.8 added - libsepol2-3.4-150400.1.11 added - libsemanage2-3.4-150400.1.8 added - kernel-firmware-amdgpu-20220509-150400.4.19.1 updated - kernel-firmware-ath10k-20220509-150400.4.19.1 updated - conmon-2.1.7-150400.3.11.1 updated - libqrtr-glib0-1.2.2-150400.1.3 updated - kernel-firmware-ath11k-20220509-150400.4.19.1 updated - kernel-firmware-atheros-20220509-150400.4.19.1 updated - kernel-firmware-bluetooth-20220509-150400.4.19.1 updated - kernel-firmware-brcm-20220509-150400.4.19.1 updated - kernel-firmware-dpaa2-20220509-150400.4.19.1 updated - kernel-firmware-media-20220509-150400.4.19.1 updated - kernel-firmware-mwifiex-20220509-150400.4.19.1 updated - kernel-firmware-nfp-20220509-150400.4.19.1 updated - kernel-firmware-nvidia-20220509-150400.4.19.1 updated - kernel-firmware-prestera-20220509-150400.4.19.1 updated - kernel-firmware-qcom-20220509-150400.4.19.1 updated - kernel-firmware-radeon-20220509-150400.4.19.1 updated - kernel-firmware-serial-20220509-150400.4.19.1 updated - kernel-firmware-sound-20220509-150400.4.19.1 updated - kernel-firmware-ti-20220509-150400.4.19.1 updated - kernel-firmware-ueagle-20220509-150400.4.19.1 updated - kernel-firmware-all-20220509-150400.4.19.1 updated - libcontainers-common-20230214-150400.3.8.1 updated - libmbim-glib4-1.26.4-150400.1.2 updated - libmm-glib0-1.18.10-150400.1.2 updated - libslirp0-4.7.0+44-150300.15.2 added - runc-1.1.7-150000.46.1 updated - cni-0.7.1-150100.3.12.1 updated - cni-plugins-0.8.6-150100.3.15.1 updated - cryptsetup-2.4.3-150400.3.3.1 updated - libqmi-glib5-1.30.8-150400.1.2 updated - slirp4netns-1.2.0-150300.8.5.2 updated - podman-4.4.4-150400.4.16.1 updated - ModemManager-1.18.10-150400.1.2 updated - NetworkManager-wwan-1.38.2-150400.3.3.1 updated - kernel-rt-5.14.21-150400.15.46.1 updated From sle-updates at lists.suse.com Thu Sep 14 07:03:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Sep 2023 09:03:01 +0200 (CEST) Subject: SUSE-CU-2023:2962-1: Security update of rancher/elemental-teal/5.4 Message-ID: <20230914070301.BEA0FFCA4@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-teal/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2962-1 Container Tags : rancher/elemental-teal/5.4:1.2.2 , rancher/elemental-teal/5.4:1.2.2-2.6 , rancher/elemental-teal/5.4:latest Container Release : 2.6 Severity : important Type : security References : 1168481 1187364 1187364 1187365 1187366 1187366 1187367 1187367 1197093 1198773 1198773 1200441 1200441 1200441 1200441 1201519 1201551 1201551 1204844 1206346 1206346 1207004 1208074 1208364 1208510 1208737 1208962 1209307 1209495 1209884 1209888 1210004 1210298 1211079 1211124 1211418 1211419 1211578 CVE-2021-3592 CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3594 CVE-2021-3595 CVE-2021-3595 CVE-2023-0778 CVE-2023-25809 CVE-2023-2602 CVE-2023-2603 CVE-2023-27561 CVE-2023-28642 ----------------------------------------------------------------- The container rancher/elemental-teal/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1465-1 Released: Fri Apr 29 11:36:02 2022 Summary: Security update for libslirp Type: security Severity: important References: 1187364,1187366,1187367,1198773,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595 This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366). - Fix a dhcp regression [bsc#1198773] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1730-1 Released: Wed May 18 16:56:21 2022 Summary: Security update for libslirp Type: security Severity: important References: 1187364,1187366,1187367,1198773,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595 This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366). - Fix a dhcp regression [bsc#1198773] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2941-1 Released: Tue Aug 30 10:51:09 2022 Summary: Security update for libslirp Type: security Severity: moderate References: 1187365,1201551,CVE-2021-3593 This update for libslirp fixes the following issues: - CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365). Non-security fixes: - Fix the version header (bsc#1201551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1814-1 Released: Tue Apr 11 14:40:34 2023 Summary: Security update for podman Type: security Severity: important References: 1197093,1208364,1208510,1209495,CVE-2023-0778 This update for podman fixes the following issues: Update to version 4.4.4: * libpod: always use direct mapping * macos pkginstaller: do not fail when podman-mac-helper fails * podman-mac-helper: install: do not error if already installed - podman.spec: Bump required version for libcontainers-common (bsc#1209495) Update to version 4.4.3: * compat: /auth: parse server address correctly * vendor github.com/containers/common at v0.51.1 * pkginstaller: bump Qemu to version 7.2.0 * podman machine: Adjust Chrony makestep config * [v4.4] fix --health-on-failure=restart in transient unit * podman logs passthrough driver support --cgroups=split * journald logs: simplify entry parsing * podman logs: read journald with passthrough * journald: remove initializeJournal() * netavark: only use aardvark ip as nameserver * compat API: network create return 409 for duplicate * fix 'podman logs --since --follow' flake * system service --log-level=trace: support hijack * podman-mac-helper: exit 1 on error * bump golang.org/x/net to v0.8.0 * Fix package restore * Quadlet - use the default runtime Update to version 4.4.2: * Revert 'CI: Temporarily disable all AWS EC2-based tasks' * kube play: only enforce passthrough in Quadlet * Emergency fix for man pages: check for broken includes * CI: Temporarily disable all AWS EC2-based tasks * quadlet system tests: add useful defaults, logging * volume,container: chroot to source before exporting content * install sigproxy before start/attach * Update to c/image 5.24.1 * events + container inspect test: RHEL fixes - podman.spec: add `crun` requirement for quadlet - podman.spec: set PREFIX at build stage (bsc#1208510) - CVE-2023-0778: Fixed symlink exchange attack in podman export volume (bsc#1208364) Update to version 4.4.1: * kube play: do not teardown unconditionally on error * Resolve symlink path for qemu directory if possible * events: document journald identifiers * Quadlet: exit 0 when there are no files to process * Cleanup podman-systemd.unit file * Install podman-systemd.unit man page, make quadlet discoverable * Add missing return after errors * oci: bind mount /sys with --userns=(auto|pod:) * docs: specify order preference for FROM * Cirrus: Fix & remove GraphQL API tests * test: adapt test to work on cgroupv1 * make hack/markdown-preprocess parallel-safe * Fix default handling of pids-limit * system tests: fix volume exec/noexec test Update to version 4.4.0: * Emergency fix for RHEL8 gating tests * Do not mount /dev/tty into rootless containers * Fixes port collision issue on use of --publish-all * Fix usage of absolute windows paths with --image-path * fix #17244: use /etc/timezone where `timedatectl` is missing on Linux * podman-events: document verbose create events * Making gvproxy.exe optional for building Windows installer * Add gvproxy to Windows packages * Match VT device paths to be blocked from mounting exactly * Clean up more language for inclusiveness * Set runAsNonRoot=true in gen kube * quadlet: Add device support for .volume files * fix: running check error when podman is default in wsl * fix: don't output 'ago' when container is currently up and running * journald: podman logs only show logs for current user * journald: podman events only show events for current user * Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml) * DB: make loading container states optional * ps: do not sync container * Allow --device-cgroup-rule to be passed in by docker API * Create release notes for v4.4.0 * Cirrus: Update operating branch * fix APIv2 python attach test flake * ps: query health check in batch mode * make example volume import, not import volume * Correct output when inspecting containers created with --ipc * Vendor containers/(storage, image, common, buildah) * Get correct username in pod when using --userns=keep-id * ps: get network data in batch mode * build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0 * add hack/perf for comparing two container engines * systems: retrofit dns options test to honor other search domains * ps: do not create copy of container config * libpod: set search domain independently of nameservers * libpod,netavark: correctly populate /etc/resolv.conf with custom dns server * podman: relay custom DNS servers to network stack * (fix) mount_program is in storage.options.overlay * Change example target to default in doc * network create: do not allow `default` as name * kube-play: add support for HostPID in podSpec * build(deps): bump github.com/docker/docker * Let's see if #14653 is fixed or not * Add support for podman build --group-add * vendor in latests containers/(storage, common, build, image) * unskip network update test * do not install swagger by default * pasta: skip 'Local forwarder, IPv4' test * add testbindings Makefile target * update CI images to include pasta * [CI:DOCS] Add CNI deprecation notices to documentation * Cirrus: preserve podman-server logs * waitPidStop: reduce sleep time to 10ms * StopContainer: return if cleanup process changed state * StopSignal: add a comment * StopContainer: small refactor * waitPidStop: simplify code * e2e tests: reenable long-skipped build test * Add openssh-clients to podmanimage * Reworks Windows smoke test to tunnel through interactive session. * fix bud-multiple-platform-with-base-as-default-arg flake * Remove ReservedAnnotations from kube generate specification * e2e: update test/README.md * e2e: use isRootless() instead of rootless.IsRootless() * Cleanup documentation on --userns=auto * Vendor in latest c/common * sig-proxy system test: bump timeout * build(deps): bump github.com/containernetworking/plugins * rootless: rename auth-scripts to preexec-hooks * Docs: version-check updates * commit: use libimage code to parse changes * [CI:DOCS] Remove experimental mac tutorial * man: Document the interaction between --systemd and --privileged * Make rootless privileged containers share the same tty devices as rootfull ones * container kill: handle stopped/exited container * Vendor in latest containers/(image,ocicrypt) * add a comment to container removal * Vendor in latest containers/storage * Cirrus: Run machine tests on PR merge * fix flake in kube system test * kube play: complete container spec * E2E Tests: Use inspect instead of actual data to avoid UDP flake * Use containers/storage/pkg/regexp in place of regexp * Vendor in latest containers/storage * Cirrus: Support using updated/latest NV/AV in PRs * Limit replica count to 1 when deploying from kubernetes YAML * Set StoppedByUser earlier in the process of stopping * podman-play system test: refactor * network: add support for podman network update and --network-dns-server * service container: less verbose error logs * Quadlet Kube - add support for PublishPort key * e2e: fix systemd_activate_test * Compile regex on demand not in init * [docker compat] Don't overwrite the NetworkMode if containers.conf overrides netns. * E2E Test: Play Kube set deadline to connection to avoid hangs * Only prevent VTs to be mounted inside privileged systemd containers * e2e: fix play_kube_test * Updated error message for supported VolumeSource types * Introduce pkg retry logic in win installer task * logformatter: include base SHA, with history link * Network tests: ping redhat.com, not podman.io * cobra: move engine shutdown to Execute * Updated options for QEMU on Windows hosts * Update Mac installer to use gvproxy v0.5.0 * podman: podman rm -f doesn't leave processes * oci: check for valid PID before kill(pid, 0) * linux: add /sys/fs/cgroup if /sys is a bind mount * Quadlet: Add support for ConfigMap key in Kube section * remove service container _after_ pods * Kube Play - allow setting and overriding published host ports * oci: terminate all container processes on cleanup * Update win-sshproxy to 0.5.0 gvisor tag * Vendor in latest containers/common * Fix a potential defer logic error around locking * logformatter: nicer formatting for bats failures * logformatter: refactor verbose line-print * e2e tests: stop using UBI images * k8s-file: podman logs --until --follow exit after time * journald: podman logs --until --follow exit after time * journald: seek to time when --since is used * podman logs: journald fix --since and --follow * Preprocess files in UTF-8 mode * Vendor in latest containers/(common, image, storage) * Switch to C based msi hooks for win installer * hack/bats: improve usage message * hack/bats: add --remote option * hack/bats: fix root/rootless logic * Describe copy volume options * Support sig-proxy for podman-remote attach and start * libpod: fix race condition rm'ing stopping containers * e2e: fix run_volume_test * Add support for Windows ARM64 * Add shared --compress to man pages * Add container error message to ContainerState * Man page checker: require canonical name in SEE ALSO * system df: improve json output code * kube play: fix the error logic with --quiet * System tests: quadlet network test * Fix: List container with volume filter * adding -dryrun flag * Quadlet Container: Add support for EnvironmentFile and EnvironmentHost * Kube Play: use passthrough as the default log-driver if service-container is set * System tests: add missing cleanup * System tests: fix unquoted question marks * Build and use a newer systemd image * Quadlet Network - Fix the name of the required network service * System Test Quadlet - Volume dependency test did not test the dependency * fix `podman system connection - tcp` flake * vendor: bump c/storage to a747b27 * Fix instructions about setting storage driver on command-line * Test README - point users to hack/bats * System test: quadlet kube basic test * Fixed `podman update --pids-limit` * podman-remote,bindings: trim context path correctly when its emptydir * Quadlet Doc: Add section for .kube files * e2e: fix containers_conf_test * Allow '/' to prefix container names to match Docker * Remove references to qcow2 * Fix typos in man page regarding transient storage mode. * make: Use PYTHON var for .install.pre-commit * Add containers.conf read-only flag support * Explain that relabeling/chowning of volumes can take along time * events: support 'die' filter * infra/abi: refactor ContainerRm * When in transient store mode, use rundir for bundlepath * quadlet: Support Type=oneshot container files * hacks/bats: keep QUADLET env var in test env * New system tests for conflicting options * Vendor in latest containers/(buildah, image, common) * Output Size and Reclaimable in human form for json output * podman service: close duplicated /dev/null fd * ginkgo tests: apply ginkgolinter fixes * Add support for hostPath and configMap subpath usage * export: use io.Writer instead of file * rootless: always create userns with euid != 0 * rootless: inhibit copy mapping for euid != 0 * pkg/domain/infra/abi: introduce `type containerWrapper` * vendor: bump to buildah ca578b290144 and use new cache API * quadlet: Handle booleans that have defaults better * quadlet: Rename parser.LookupBoolean to LookupBooleanWithDefault * Add podman-clean-transient.service service * Stop recording annotations set to false * Unify --noheading and -n to be consistent on all commands * pkg/domain/infra/abi: add `getContainers` * Update vendor of containters/(common, image) * specfile: Drop user-add depedency from quadlet subpackage. * quadlet: Default BINDIR to /usr/bin if tag not specified * Quadlet: add network support * Add comment for jsonMarshal command * Always allow pushing from containers-storage * libpod: move NetNS into state db instead of extra bucket * Add initial system tests for quadlets * quadlet: Add --user option * libpod: remove CNI word were no longer applicable * libpod: fix header length in http attach with logs * podman-kube@ template: use `podman kube` * build(deps): bump github.com/docker/docker * wait: add --ignore option * qudlet: Respect $PODMAN env var for podman binary * e2e: Add assert-key-is-regex check to quadlet e2e testsuite * e2e: Add some assert to quadlet test to make sure testcases are sane * remove unmapped ports from inspect port bindings * update podman-network-create for clarity * Vendor in latest containers/common with default capabilities * pkg/rootless: Change error text ... * rootless: add cli validator * rootless: define LIBEXECPODMAN * doc: fix documentation for idmapped mounts * bump golangci-lint to v1.50.1 * build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.24.2 * [CI:DOCS] podman-mount: s/umount/unmount/ * create/pull --help: list pull policies * Network Create: Add --ignore flag to support idempotent script * Make qemu security model none * libpod: use OCI idmappings for mounts * stop reporting errors removing containers that don't exist * test: added test from wait endpoint with to long label * quadlet: Default VolatileTmp to off * build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.11 * docs/options/ipc: fix list syntax * Docs: Add dedicated DOWNLOAD doc w/ links to bins * Make a consistently-named windows installer * checkpoint restore: fix --ignore-static-ip/mac * add support for subpath in play kube for named volumes * build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0 * golangci-lint: remove three deprecated linters * parse-localbenchmarks: separate standard deviation * build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0 * podman play kube support container startup probe * Add podman buildx version support * Cirrus: Collect benchmarks on machine instances * Cirrus: Remove escape codes from log files * [CI:DOCS] Clarify secret target behavior * Fix typo on network docs * podman-remote build add --volume support * remote: allow --http-proxy for remote clients * Cleanup kube play workloads if error happens * health check: ignore dependencies of transient systemd units/timers * fix: event read from syslog * Fixes secret (un)marshaling for kube play. * Remove 'you' from man pages * build(deps): bump golang.org/x/tools from 0.3.0 to 0.4.0 in /test/tools * [CI:DOCS] test/README.md: run tests with podman-remote * e2e: keeps the http_proxy value * Makefile: Add podman-mac-helper to darwin client zip * test/e2e: enable 'podman run with ipam none driver' for nv * [skip-ci] GHA/Cirrus-cron: Fix execution order * kube sdnotify: run proxies for the lifespan of the service * Update containers common package * podman manpage: Use man-page links instead of file names * e2e: fix e2e tests in proxy environment * Fix test * disable healthchecks automatically on non systemd systems * Quadlet Kube: Add support for userns flag * [CI:DOCS] Add warning about --opts,o with mount's -o * Add podman system prune --external * Add some tests for transient store * runtime: In transient_store mode, move bolt_state.db to rundir * runtime: Handle the transient store options * libpod: Move the creation of TmpDir to an earlier time * network create: support '-o parent=XXX' for ipvlan * compat API: allow MacAddress on container config * Quadlet Kube: Add support for relative path for YAML file * notify k8s system test: move sending message into exec * runtime: do not chown idmapped volumes * quadlet: Drop ExecStartPre=rm %t/%N.cid * Quadlet Kube: Set SyslogIdentifier if was not set * Add a FreeBSD cross build to the cirrus alt build task * Add completion for --init-ctr * Fix handling of readonly containers when defined in kube.yaml * Build cross-compilation fixes * libpod: Track healthcheck API changes in healthcheck_unsupported.go * quadlet: Use same default capability set as podman run * quadlet: Drop --pull=never * quadlet: Change default of ReadOnly to no * quadlet: Change RunInit default to no * quadlet: Change NoNewPrivileges default to false * test: podman run with checkpoint image * Enable 'podman run' for checkpoint images * test: Add tests for checkpoint images * CI setup: simplify environment passthrough code * Init containers should not be restarted * Update c/storage after https://github.com/containers/storage/pull/1436 * Set the latest release explicitly * add friendly comment * fix an overriding logic and load config problem * Update the issue templates * Update vendor of containers/(image, buildah) * [CI:DOCS] Skip windows-smoke when not useful * [CI:DOCS] Remove broken gate-container docs * OWNERS: add Jason T. Greene * hack/podmansnoop: print arguments * Improve atomicity of VM state persistence on Windows * [CI:BUILD] copr: enable podman-restart.service on rpm installation * macos: pkg: Use -arm64 suffix instead of -aarch64 * linux: Add -linux suffix to podman-remote-static binaries * linux: Build amd64 and arm64 podman-remote-static binaries * container create: add inspect data to event * Allow manual override of install location * Run codespell on code * Add missing parameters for checkpoint/restore endpoint * Add support for startup healthchecks * Add information on metrics to the `network create` docs * Introduce podman machine os commands * Document that ignoreRootFS depends on export/import * Document ignoreVolumes in checkpoint/restore endpoint * Remove leaveRunning from swagger restore endpoint * libpod: Add checks to avoid nil pointer dereference if network setup fails * Address golangci-lint issues * Documenting Hyper-V QEMU acceleration settings * Kube Play: fix the handling of the optional field of SecretVolumeSource * Update Vendor of containers/(common, image, buildah) * Fix swapped NetInput/-Output stats * libpod: Use O_CLOEXEC for descriptors returned by (*Container).openDirectory * chore: Fix MD for Troubleshooting Guide link in GitHub Issue Template * test/tools: rebuild when files are changed * ginkgo tests: apply ginkgolinter fixes * ginkgo: restructure install work flow * Fix manpage emphasis * specgen: support CDI devices from containers.conf * vendor: update containers/common * pkg/trust: Take the default policy path from c/common/pkg/config * Add validate-in-container target * Adding encryption decryption feature * container restart: clean up healthcheck state * Add support for podman-remote manifest annotate * Quadlet: Add support for .kube files * Update vendor of containers/(buildah, common, storage, image) * specgen: honor user namespace value * [CI:DOCS] Migrate OSX Cross to M1 * quadlet: Rework uid/gid remapping * GHA: Fix cirrus re-run workflow for other repos. * ssh system test: skip until it becomes a test * shell completion: fix hard coded network drivers * libpod: Report network setup errors properly on FreeBSD * E2E Tests: change the registry for the search test to avoid authentication * pkginstaller: install podman-mac-helper by default * Fix language. Mostly spelling a -> an * podman machine: Propagate SSL_CERT_FILE and SSL_CERT_DIR to systemd environment. * [CI:DOCS] Fix spelling and typos * Modify man page of '--pids-limit' option to correct a default value. * Update docs/source/markdown/podman-remote.1.md * Update pkg/bindings/connection.go * Add more documentation on UID/GID Mappings with --userns=keep-id * support podman-remote to connect tcpURL with proxy * Removing the RawInput from the API output * fix port issues for CONTAINER_HOST * CI: Package versions: run in the 'main' step * build(deps): bump github.com/rootless-containers/rootlesskit * pkg/domain: Make checkExecPreserveFDs platform-specific * e2e tests: fix restart race * Fix podman --noout to suppress all output * remove pod if creation has failed * pkg/rootless: Implement rootless.IsFdInherited on FreeBSD * Fix more podman-logs flakes * healthcheck system tests: try to fix flake * libpod: treat ESRCH from /proc/PID/cgroup as ENOENT * GHA: Configure workflows for reuse * compat,build: handle docker's preconfigured cacheTo,cacheFrom * docs: deprecate pasta network name * utils: Enable cgroup utils for FreeBSD * pkg/specgen: Disable kube play tests on FreeBSD * libpod/lock: Fix build and tests for SHM locks on FreeBSD * podman cp: fix copying with '.' suffix * pkginstaller: bump Qemu to version 7.1.0 * specgen,wasm: switch to crun-wasm wherever applicable * vendor: bump c/common to v0.50.2-0.20221111184705-791b83e1cdf1 * libpod: Make unit test for statToPercent Linux only * Update vendor of containers/storage * fix connection usage with containers.conf * Add --quiet and --no-info flags to podman machine start * Add hidden podman manifest inspect -v option * Add podman volume create -d short option for driver * Vendor in latest containers/(common,image,storage) * Add podman system events alias to podman events * Fix search_test to return correct version of alpine * GHA: Fix undefined secret env. var. * Release notes for 4.3.1 * GHA: Fix make_email-body script reference * Add release keys to README * GHA: Fix typo setting output parameter * GHA: Fix typo. * New tool, docs/version-check * Formalize our compare-against-docker mechanism * Add restart-sec for container service files * test/tools: bump module to go 1.17 * contrib/cirrus/check_go_changes.sh: ignore test/tools/vendor * build(deps): bump golang.org/x/tools from 0.1.12 to 0.2.0 in /test/tools * libpod: Add FreeBSD support in packageVersion * Allow podman manigest push --purge|-p as alias for --rm * [CI:DOCS] Add performance tutorial * [CI:DOCS] Fix build targets in build_osx.md. * fix --format {{json .}} output to match docker * remote: fix manifest add --annotation * Skip test if `--events-backend` is necessary with podman-remote * kube play: update the handling of PersistentVolumeClaim * system tests: fix a system test in proxy environment * Use single unqualified search registry on Windows * test/system: Add, use tcp_port_probe() to check for listeners rather than binds * test/system: Add tests for pasta(1) connectivity * test/system: Move network-related helpers to helpers.network.bash * test/system: Use procfs to find bound ports, with optional address and protocol * test/system: Use port_is_free() from wait_for_port() * libpod: Add pasta networking mode * More log-flake work * Fix test flakes caused by improper podman-logs * fix incorrect systemd booted check * Cirrus: Add tests for GHA scripts * GHA: Update scripts to pass shellcheck * Cirrus: Shellcheck github-action scripts * Cirrus: shellcheck support for github-action scripts * GHA: Fix cirrus-cron scripts * Makefile: don't install to tmpfiles.d on FreeBSD * Make sure we can build and read each line of docker py's api client * Docker compat build api - make sure only one line appears per flush * Run codespell on code * Update vendor of containers/(image, storage, common) * Allow namespace path network option for pods. * Cirrus: Never skip running Windows Cross task * GHA: Auto. re-run failed cirrus-cron builds once * GHA: Migrate inline script to file * GHA: Simplify script reference * test/e2e: do not use apk in builds * remove container/pod id file along with container/pod * Cirrus: Synchronize windows image * Add --insecure,--tls-verify,--verbose flags to podman manifest inspect * runtime: add check for valid pod systemd cgroup * CI: set and verify DESIRED_NETWORK (netavark, cni) * [CI:DOCS] troubleshooting: document keep-id options * Man pages: refactor common options: --security-opt * Cirrus: Guarantee CNI testing w/o nv/av present * Cirrus: temp. disable all Ubuntu testing * Cirrus: Update to F37beta * buildah bud tests: better handling of remote * quadlet: Warn in generator if using short names * Add Windows Smoke Testing * Add podman kube apply command * docs: offer advice on installing test dependencies * Fix documentation on read-only-tmpfs * version bump to 4.4.0-dev * deps: bump go-criu to v6 * Makefile: Add cross build targets for freebsd * pkg/machine: Make this build on FreeBSD/arm64 * pkg/rctl: Remove unused cgo dependency * man pages: assorted underscore fixes * Upgrade GitHub actions packages from v2 to v3 * vendor github.com/godbus/dbus/v5 at 4b691ce * [CI:DOCS] fix --tmpdir typos * Do not report that /usr/share/containers/storage.conf has been edited. * Eval symlinks on XDG_RUNTIME_DIR * hack/podmansnoop * rootless: support keep-id with one mapping * rootless: add argument to GetConfiguredMappings * Update vendor containers/(common,storage,buildah,image) * Fix deadlock between 'podman ps' and 'container inspect' commands * Add information about where the libpod/boltdb database lives * Consolidate the dependencies for the IsTerminal() API * Ensure that StartAndAttach locks while sending signals * ginkgo testing: fix podman usernamespace join * Test runners: nuke podman from $PATH before tests * volumes: Fix idmap not working for volumes * FIXME: Temporary workaround for ubi8 CI breakage * System tests: teardown: clean up volumes * update api versions on docs.podman.io * system tests: runlabel: use podman-under-test * system tests: podman network create: use random port * sig-proxy test: bump timeout * play kube: Allow the user to import the contents of a tar file into a volume * Clarify the docs on DropCapability * quadlet tests: Disable kmsg logging while testing * quadlet: Support multiple Network= * quadlet: Add support for Network=... * Fix manpage for podman run --network option * quadlet: Add support for AddDevice= * quadlet: Add support for setting seccomp profile * quadlet: Allow multiple elements on each Add/DropCaps line * quadlet: Embed the correct binary name in the generated comment * quadlet: Drop the SocketActivated key * quadlet: Switch log-driver to passthrough * quadlet: Change ReadOnly to default to enabled * quadlet tests: Run the tests even for (exected) failed tests * quadlet tests: Fix handling of stderr checks * Remove unused script file * notifyproxy: fix container watcher * container/pod id file: truncate instead of throwing an error * quadlet: Use the new podman create volume --ignore * Add podman volume create --ignore * logcollector: include aardvark-dns * build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 * build(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1 * docs: generate systemd: point to kube template * docs: kube play: mention restart policy * Fixes: 15858 (podman system reset --force destroy machine) * fix search flake * use cached containers.conf * adding regex support to the ancestor ps filter function * Fix `system df` issues with `-f` and `-v` * markdown-preprocess: cross-reference where opts are used * Default qemu flags for Windows amd64 * build(deps): bump golang.org/x/text from 0.3.8 to 0.4.0 * Update main to reflect v4.3.0 release * build(deps): bump github.com/docker/docker * move quadlet packages into pkg/systemd * system df: fix image-size calculations * Add man page for quadlet * Fix small typo * testimage: add iproute2 & socat, for pasta networking * Set up minikube for k8s testing * Makefile: don't install systemd generator binaries on FreeBSD * [CI:BUILD] copr: podman rpm should depend on containers-common-extra * Podman image: Set default_sysctls to empty for rootless containers * Don't use github.com/docker/distribution * libpod: Add support for 'podman top' on FreeBSD * libpod: Factor out jail name construction from stats_freebsd.go * pkg/util: Add pid information descriptors for FreeBSD * Initial quadlet version integrated in golang * bump golangci-lint to v1.49.0 * Update vendor containers/(common,image,storage) * Allow volume mount dups, iff source and dest dirs * rootless: fix return value handling * Change to correct break statements * vendor containers/psgo at v1.8.0 * Clarify that MacOSX docs are client specific * libpod: Factor out the call to PidFdOpen from (*Container).WaitForExit * Add swagger install + allow version updates in CI * Cirrus: Fix windows clone race * build(deps): bump github.com/docker/docker * kill: wait for the container * generate systemd: set --stop-timeout for stopping containers * hack/tree_status.sh: print diff at the end * Fix markdown header typo * markdown-preprocess: add generic include mechanism * markdown-preprocess: almost complete OO rewrite * Update tests for changed error messages * Update c/image after https://github.com/containers/image/pull/1299 * Man pages: refactor common options (misc) * Man pages: Refactor common options: --detach-keys * vendor containers/storage at main * Man pages: refactor common options: --attach * build(deps): bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0 * KillContainer: improve error message * docs: add missing options * Man pages: refactor common options: --annotation (manifest) * build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 * system tests: health-on-failure: fix broken logic * build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8 * build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1 * ContainerEngine.SetupRootless(): Avoid calling container.Config() * Container filters: Avoid use of ctr.Config() * Avoid unnecessary calls to Container.Spec() * Add and use Container.LinuxResource() helper * play kube: notifyproxy: listen before starting the pod * play kube: add support for configmap binaryData * Add and use libpod/Container.Terminal() helper * Revert 'Add checkpoint image tests' * Revert 'cmd/podman: add support for checkpoint images' * healthcheck: fix --on-failure=stop * Man pages: Add mention of behavior due to XDG_CONFIG_HOME * build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6 * Avoid unnecessary timeout of 250msec when waiting on container shutdown * health checks: make on-failure action retry aware * libpod: Remove 100msec delay during shutdown * libpod: Add support for 'podman pod' on FreeBSD * libpod: Factor out cgroup validation from (*Runtime).NewPod * libpod: Move runtime_pod_linux.go to runtime_pod_common.go * specgen/generate: Avoid a nil dereference in MakePod * libpod: Factor out cgroups handling from (*Pod).refresh * Adds a link to OSX docs in CONTRIBUTING.md * Man pages: refactor common options: --os-version * Create full path to a directory when DirectoryOrCreate is used with play kube * Return error in podman system service if URI scheme is not unix/tcp * Man pages: refactor common options: --time * man pages: document some --format options: images * Clean up when stopping pods * Update vendor of containers/buildah v1.28.0 * Proof of concept: nightly dependency treadmill - Make the priority for picking the storage driver configurable (bsc#1197093) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1913-1 Released: Wed Apr 19 14:23:14 2023 Summary: Recommended update for libslirp, slirp4netns Type: recommended Severity: moderate References: 1201551 This update for libslirp and slirp4netns fixes the following issues: libslirp was updated to version 4.7.0+44 (current git master): * Fix vmstate regression * Align outgoing packets * Bump incoming packet alignment to 8 bytes * vmstate: only enable when building under GNU C * ncsitest: Fix build with msvc * Separate out SLIRP_PACKED to SLIRP_PACKED_BEGIN/END * ncsi: Add Mellanox Get Mac Address handler * slirp: Add out-of-band ethernet address * ncsi: Add OEM command handler * ncsi: Add basic test for Get Version ID response * ncsi: Use response header for payload length * ncsi: Pass command header to response handlers * ncsi: Add Get Version ID command * ncsi: Pass Slirp structure to response handlers * slirp: Add manufacturer's ID Release v4.7.0 * slirp: invoke client callback before creating timers * pingtest: port to timer_new_opaque * introduce timer_new_opaque callback * introduce slirp_timer_new wrapper * icmp6: make ndp_send_ra static * socket: Handle ECONNABORTED from recv * bootp: fix g_str_has_prefix warning/critical * slirp: Don't duplicate packet in tcp_reass * Rename insque/remque -> slirp_[ins|rem]que * mbuf: Use SLIRP_DEBUG to enable mbuf debugging instead of DEBUG * Replace inet_ntoa() with safer inet_ntop() * Add VMS_END marker * bootp: add support for UEFI HTTP boot * IPv6 DNS proxying support * Add missing scope_id in caching * socket: Move closesocket(so->s_aux) to sofree * socket: Check so_type instead of so_tcpcb for Unix-to-inet translation * socket: Add s_aux field to struct socket for storing auxilliary socket * socket: Initialize so_type in socreate * socket: Allocate Unix-to-TCP hostfwd port from OS by binding to port 0 * Allow to disable internal DHCP server * slirp_pollfds_fill: Explain why dividing so_snd.sb_datalen by two * CI: run integration tests with slirp4netns * socket: Check address family for Unix-to-inet accept translation * socket: Add debug args for tcpx_listen (inet and Unix sockets) * socket: Restore original definition of fhost * socket: Move include to socket.h * Support Unix sockets in hostfwd * resolv: fix IPv6 resolution on Darwin * Use the exact sockaddr size in getnameinfo call * Initialize sin6_scope_id to zero * slirp_socketpair_with_oob: Connect pair through 127.0.0.1 * resolv: fix memory leak when using libresolv * pingtest: Add a trivial ping test * icmp: Support falling back on trying a SOCK_RAW socket Update to version 4.6.1+7: * Haiku: proper path to resolv.conf for DNS server * Fix for Haiku * dhcp: Always send DHCP_OPT_LEN bytes in options Update to version 4.6.1: * Fix 'DHCP broken in libslirp v4.6.0' Update to version 4.6.0: * udp: check upd_input buffer size * tftp: introduce a header structure * tftp: check tftp_input buffer size * upd6: check udp6_input buffer size * bootp: check bootp_input buffer size * bootp: limit vendor-specific area to input packet memory buffer Update to version 4.4.0: * socket: consume empty packets * slirp: check pkt_len before reading protocol header * Add DNS resolving for iOS * sosendoob: better document what urgc is used for * TCPIPHDR_DELTA: Fix potential negative value * udp, udp6, icmp, icmp6: Enable forwarding errors on Linux * icmp, icmp6: Add icmp_forward_error and icmp6_forward_error * udp, udp6, icmp: handle TTL value * ip_stripoptions use memmove slirp4netns was updated to 1.2.0: * Add slirp4netns --target-type=bess /path/to/bess.sock for supporting UML (#281) * Explicitly support DHCP (#270) * Update parson to v1.1.3 (#273) kgabis/parson at 70dc239...2d7b3dd Update to version 1.1.11: * Add --macaddress option to specify the MAC address of the tap interface. * Updated the man page. Update to version 1.1.8: Update to 1.0.0: * --enable-sandbox is now out of experimental ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2003-1 Released: Tue Apr 25 18:05:42 2023 Summary: Security update for runc Type: security Severity: important References: 1168481,1208962,1209884,1209888,CVE-2023-25809,CVE-2023-27561,CVE-2023-28642 This update for runc fixes the following issues: Update to runc v1.1.5: Security fixes: - CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884). - CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962). - CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888). Other fixes: - Fix the inability to use `/dev/null` when inside a container. - Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481). - Fix rare runc exec/enter unshare error on older kernels. - nsexec: Check for errors in `write_log()`. - Drop version-specific Go requirement. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2157-1 Released: Wed May 10 13:21:20 2023 Summary: Security update for conmon Type: security Severity: important References: 1200441 This update of conmon fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2256-1 Released: Fri May 19 15:26:43 2023 Summary: Security update for runc Type: security Severity: important References: 1200441 This update of runc fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2324-1 Released: Tue May 30 15:52:17 2023 Summary: Security update for cni-plugins Type: security Severity: important References: 1200441 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2325-1 Released: Tue May 30 15:57:30 2023 Summary: Security update for cni Type: security Severity: important References: 1200441 This update of cni fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2527-1 Released: Fri Jun 16 19:04:57 2023 Summary: Recommended update for NetworkManager Type: recommended Severity: moderate References: This update for NetworkManager fixes the following issues: - Create /etc/NetworkManager/conf.d by default, allowing easy override for NetworkManager.conf file with drop-in - Move default config file to /usr/lib/NetworkManager/NetworkManager.conf, as part of main package - Ensure /usr/lib/NetworkManager/conf.d is part of the package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2657-1 Released: Tue Jun 27 14:43:57 2023 Summary: Recommended update for libcontainers-common Type: recommended Severity: moderate References: 1211124 This update for libcontainers-common fixes the following issues: - New subpackage libcontainers-sles-mounts which adds SLE-specific mounts on SLE systems (bsc#1211124) - Own /etc/containers/systemd and /usr/share/containers/systemd for podman quadlet - Remove container-storage-driver.sh to default to the overlay driver instead of btrfs ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2658-1 Released: Tue Jun 27 14:46:15 2023 Summary: Recommended update for containerd, docker, runc Type: recommended Severity: moderate References: 1207004,1208074,1210298,1211578 This update for containerd, docker, runc fixes the following issues: - Update to containerd v1.6.21 (bsc#1211578) - Update to Docker 23.0.6-ce (bsc#1211578) - Update to runc v1.1.7 - Require a minimum Go version explicitly (bsc#1210298) - Re-unify packaging for SLE-12 and SLE-15 - Fix build on SLE-12 by switching back to libbtrfs-devel headers - Allow man pages to be built without internet access in OBS - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux - Fix syntax of boolean dependency - Allow to install container-selinux instead of apparmor-parser - Change to using systemd-sysusers - Update runc.keyring to upstream version - Fix the inability to use `/dev/null` when inside a container (bsc#1207004) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2868-1 Released: Tue Jul 18 11:35:52 2023 Summary: Security update for cni Type: security Severity: important References: 1206346 This update of cni fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2869-1 Released: Tue Jul 18 11:39:26 2023 Summary: Security update for cni-plugins Type: security Severity: important References: 1206346 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2989-1 Released: Wed Jul 26 16:33:56 2023 Summary: Security update for conmon Type: security Severity: important References: 1208737,1209307 This update for conmon fixes the following issues: conmon was updated to version 2.1.7: - Bumped go version to 1.19 (bsc#1209307). Bugfixes: - Fixed leaking symbolic links in the opt_socket_path directory. - Fixed cgroup oom issues (bsc#1208737). - Fixed OOM watcher for cgroupv2 `oom_kill` events. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3217-1 Released: Mon Aug 7 16:51:10 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) The following package changes have been done: - libsemanage-conf-3.4-150400.1.8 added - libsepol2-3.4-150400.1.11 added - libsemanage2-3.4-150400.1.8 added - conmon-2.1.7-150400.3.11.1 updated - kernel-firmware-ath10k-20220509-150400.4.19.1 updated - libqrtr-glib0-1.2.2-150400.1.3 updated - kernel-firmware-amdgpu-20220509-150400.4.19.1 updated - kernel-firmware-ath11k-20220509-150400.4.19.1 updated - kernel-firmware-atheros-20220509-150400.4.19.1 updated - kernel-firmware-bluetooth-20220509-150400.4.19.1 updated - kernel-firmware-brcm-20220509-150400.4.19.1 updated - kernel-firmware-dpaa2-20220509-150400.4.19.1 updated - kernel-firmware-media-20220509-150400.4.19.1 updated - kernel-firmware-mwifiex-20220509-150400.4.19.1 updated - kernel-firmware-nfp-20220509-150400.4.19.1 updated - kernel-firmware-nvidia-20220509-150400.4.19.1 updated - kernel-firmware-prestera-20220509-150400.4.19.1 updated - kernel-firmware-qcom-20220509-150400.4.19.1 updated - kernel-firmware-radeon-20220509-150400.4.19.1 updated - kernel-firmware-serial-20220509-150400.4.19.1 updated - kernel-firmware-sound-20220509-150400.4.19.1 updated - kernel-firmware-ti-20220509-150400.4.19.1 updated - kernel-firmware-ueagle-20220509-150400.4.19.1 updated - libcontainers-common-20230214-150400.3.8.1 updated - libmbim-glib4-1.26.4-150400.1.2 updated - libmm-glib0-1.18.10-150400.1.2 updated - libslirp0-4.7.0+44-150300.15.2 added - runc-1.1.7-150000.46.1 updated - cni-0.7.1-150100.3.12.1 updated - cni-plugins-0.8.6-150100.3.15.1 updated - kernel-firmware-all-20220509-150400.4.19.1 updated - cryptsetup-2.4.3-150400.3.3.1 updated - libqmi-glib5-1.30.8-150400.1.2 updated - slirp4netns-1.2.0-150300.8.5.2 updated - podman-4.4.4-150400.4.16.1 updated - ModemManager-1.18.10-150400.1.2 updated - NetworkManager-wwan-1.38.2-150400.3.3.1 updated From sle-updates at lists.suse.com Thu Sep 14 07:03:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Sep 2023 09:03:03 +0200 (CEST) Subject: SUSE-CU-2023:2964-1: Security update of rancher/elemental-operator Message-ID: <20230914070303.C01BFFCA4@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2964-1 Container Tags : rancher/elemental-operator:1.3.4 , rancher/elemental-operator:1.3.4-2.5 , rancher/elemental-operator:latest Container Release : 2.5 Severity : moderate Type : security References : 1201519 1204844 1210004 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container rancher/elemental-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.1.7 updated - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed From sle-updates at lists.suse.com Thu Sep 14 07:03:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Sep 2023 09:03:05 +0200 (CEST) Subject: SUSE-CU-2023:2966-1: Security update of rancher/seedimage-builder Message-ID: <20230914070305.88814FCA4@maintenance.suse.de> SUSE Container Update Advisory: rancher/seedimage-builder ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2966-1 Container Tags : rancher/seedimage-builder:1.3.4 , rancher/seedimage-builder:1.3.4-2.5 , rancher/seedimage-builder:latest Container Release : 2.5 Severity : moderate Type : security References : 1201519 1204844 1210004 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container rancher/seedimage-builder was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.1.7 updated - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed From sle-updates at lists.suse.com Thu Sep 14 07:04:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Sep 2023 09:04:40 +0200 (CEST) Subject: SUSE-CU-2023:2968-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230914070440.16538FCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2968-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.104 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.104 Severity : low Type : security References : 1214806 CVE-2023-4641 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3591-1 Released: Wed Sep 13 08:33:55 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). From sle-updates at lists.suse.com Thu Sep 14 12:30:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Sep 2023 12:30:52 -0000 Subject: SUSE-SU-2023:3600-1: important: Security update for the Linux Kernel Message-ID: <169469465219.18093.16871094658382243891@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3600-1 Rating: important References: * #1023051 * #1120059 * #1177719 * #1188885 * #1193629 * #1194869 * #1205462 * #1208902 * #1208949 * #1209284 * #1209799 * #1210048 * #1210448 * #1212091 * #1212142 * #1212526 * #1212857 * #1212873 * #1213026 * #1213123 * #1213546 * #1213580 * #1213601 * #1213666 * #1213757 * #1213759 * #1213916 * #1213921 * #1213927 * #1213946 * #1213968 * #1213970 * #1213971 * #1214000 * #1214019 * #1214120 * #1214149 * #1214180 * #1214238 * #1214285 * #1214297 * #1214299 * #1214350 * #1214368 * #1214370 * #1214371 * #1214372 * #1214380 * #1214386 * #1214392 * #1214393 * #1214397 * #1214428 * #1214451 * #1214659 * #1214661 * #1214729 * #1214742 * #1214743 * #1214756 * PED-4579 * PED-4759 * PED-4927 * PED-4929 * PED-5738 * PED-6003 * PED-6004 Cross-References: * CVE-2023-2007 * CVE-2023-20588 * CVE-2023-34319 * CVE-2023-3610 * CVE-2023-37453 * CVE-2023-3772 * CVE-2023-3863 * CVE-2023-4128 * CVE-2023-4133 * CVE-2023-4134 * CVE-2023-4147 * CVE-2023-4194 * CVE-2023-4273 * CVE-2023-4387 * CVE-2023-4459 * CVE-2023-4569 CVSS scores: * CVE-2023-2007 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2007 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20588 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34319 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-37453 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37453 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4133 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4134 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-4194 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4273 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4273 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-4387 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4387 ( NVD ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4459 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4569 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-4569 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Real Time Module 15-SP4 An update that solves 16 vulnerabilities, contains seven features and has 44 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). * CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). * CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). * CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). * CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). * CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). * CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). * CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). * CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). * CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). * CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). * CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). * CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). * CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). * CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). The following non-security bugs were fixed: * acpi: processor: perflib: avoid updating frequency qos unnecessarily (git- fixes). * acpi: processor: perflib: use the "no limit" frequency qos (git-fixes). * acpi: x86: s2idle: fix a logic error parsing amd constraints table (git- fixes). * alsa: ac97: fix possible error value of *rac97 (git-fixes). * alsa: hda/cs8409: support new dell dolphin variants (git-fixes). * alsa: hda/realtek - remodified 3k pull low procedure (git-fixes). * alsa: hda/realtek: add quirk for hp victus 16-d1xxx to enable mute led (git- fixes). * alsa: hda/realtek: add quirk for mute leds on hp envy x360 15-eu0xxx (git- fixes). * alsa: hda/realtek: add quirks for hp g11 laptops (git-fixes). * alsa: hda/realtek: switch dell oasis models to use spi (git-fixes). * alsa: pcm: fix missing fixup call in compat hw_refine ioctl (git-fixes). * alsa: usb-audio: add support for mythware xa001au capture and playback interfaces (git-fixes). * alsa: usb-audio: fix init call orders for uac1 (git-fixes). * alsa: ymfpci: fix the missing snd_card_free() call at probe error (git- fixes). * amba: bus: fix refcount leak (git-fixes). * arm64: dts: imx8mn-var-som: add missing pull-up for onboard phy reset pinmux (git-fixes). * arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). * arm64: dts: rockchip: disable hs400 for emmc on rock pi 4 (git-fixes). * arm: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix usb related warnings (git-fixes). * arm: dts: imx6sll: fixup of operating points (git-fixes). * arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970). * asoc: lower "no backend dais enabled for ... port" log severity (git-fixes). * asoc: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). * asoc: rt5665: add missed regulator_bulk_disable (git-fixes). * asoc: sof: intel: fix soundwire/hdaudio mutual exclusion (git-fixes). * asoc: stac9766: fix build errors with regmap_ac97 (git-fixes). * asoc: tegra: fix sfc conversion for few rates (git-fixes). * audit: fix possible soft lockup in __audit_inode_child() (git-fixes). * backlight/bd6107: compare against struct fb_info.device (git-fixes). * backlight/gpio_backlight: compare against struct fb_info.device (git-fixes). * backlight/lv5207lp: compare against struct fb_info.device (git-fixes). * batman-adv: do not get eth header before batadv_check_management_packet (git-fixes). * batman-adv: do not increase mtu when set by user (git-fixes). * batman-adv: fix batadv_v_ogm_aggr_send memory leak (git-fixes). * batman-adv: fix tt global entry leak when client roamed back (git-fixes). * batman-adv: hold rtnl lock during mtu update via netlink (git-fixes). * batman-adv: trigger events for auto adjusted mtu (git-fixes). * bluetooth: btusb: add mt7922 bluetooth id for the asus ally (git-fixes). * bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git- fixes). * bluetooth: fix potential use-after-free when clear keys (git-fixes). * bluetooth: l2cap: fix use-after-free (git-fixes). * bluetooth: l2cap: fix use-after-free in l2cap_sock_ready_cb (git-fixes). * bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git- fixes). * bluetooth: remove unused declaration amp_read_loc_info() (git-fixes). * bnx2x: fix page fault following eeh recovery (bsc#1214299). * bpf: disable preemption in bpf_event_output (git-fixes). * bus: ti-sysc: fix build warning for 64-bit build (git-fixes). * bus: ti-sysc: fix cast to enum warning (git-fixes). * bus: ti-sysc: flush posted write on enable before reset (git-fixes). * can: gs_usb: gs_usb_receive_bulk_callback(): count rx overflow errors also in case of oom (git-fixes). * ceph: defer stopping mdsc delayed_work (bsc#1214392). * ceph: do not check for quotas on mds stray dirs (bsc#1214238). * ceph: never send metrics if disable_send_metrics is set (bsc#1214180). * check-for-config-changes: ignore builtin_return_address_strips_pac (bsc#1214380). gcc7 on sle 15 does not support this while later gcc does. * cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). * cifs: allow dumping keys for directories too (bsc#1193629). * cifs: fix mid leak during reconnection after timeout threshold (git-fixes). * cifs: if deferred close is disabled then close files immediately (git- fixes). * cifs: is_network_name_deleted should return a bool (bsc#1193629). * cifs: update internal module version number for cifs.ko (bsc#1193629). * clk: fix slab-out-of-bounds error in devm_clk_release() (git-fixes). * clk: fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). * clk: imx8mp: fix sai4 clock (git-fixes). * clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). * clk: imx: pll14xx: dynamically configure pll for 393216000/361267200hz (git- fixes). * clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). * clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). * clk: qcom: gcc-sc7180: fix up gcc_sdcc2_apps_clk_src (git-fixes). * clk: qcom: gcc-sm8250: fix gcc_sdcc2_apps_clk_src (git-fixes). * clk: sunxi-ng: modify mismatched function name (git-fixes). * clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970). * clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970). * config_nvme_verbose_errors=y gone with a82baa8083b * config_printk_safe_log_buf_shift=13 gone with 7e152d55123 * cpu/smt: allow enabling partial smt states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: move smt prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpufreq: fix the race condition while updating the transition_task of policy (git-fixes). * cpufreq: intel_pstate: adjust balance_performance epp for sapphire rapids (bsc#1214659). * cpufreq: intel_pstate: enable hwp io boost for all servers (bsc#1208949 jsc#ped-6003 jsc#ped-6004). * cpufreq: intel_pstate: fix scaling for hybrid-capable systems with disabled e-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * cpufreq: intel_pstate: hybrid: rework hwp calibration (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * cpufreq: intel_pstate: hybrid: use known scaling factor for p-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * cpufreq: intel_pstate: read all msrs on the target cpu (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * created new preempt kernel flavor configs are cloned from the respective $arch/default configs. all changed configs appart from config_preempt->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. tree_rcu has been also changed to preempt_rcu which is the default implementation for preempt kernel. * crypto: caam - fix unchecked return value error (git-fixes). * crypto: stm32 - properly handle pm_runtime_get failing (git-fixes). * dma-buf/sw_sync: avoid recursive lock during fence signal (git-fixes). * dma-buf/sync_file: fix docs syntax (git-fixes). * dmaengine: idxd: modify the dependence of attribute pasid_enabled (git- fixes). * dmaengine: mcf-edma: fix a potential un-allocated memory access (git-fixes). * dmaengine: pl330: return dma_paused when transaction is paused (git-fixes). * dmaengine: ste_dma40: add missing irq check in d40_probe (git-fixes). * docs/process/howto: replace c89 with c11 (bsc#1214756). * docs: kernel-parameters: refer to the correct bitmap function (git-fixes). * docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). * docs: printk-formats: fix hex printing of signed values (git-fixes). * documentation: devices.txt: fix minors for ttycpm* (git-fixes). * documentation: devices.txt: remove ttyioc* (git-fixes). * documentation: devices.txt: remove ttysioc* (git-fixes). * driver core: test_async: fix an error code (git-fixes). * drivers: clk: keystone: fix parameter judgment in _of_pll_clk_init() (git- fixes). * drivers: usb: smsusb: fix error handling code in smsusb_init_device (git- fixes). * drm/amd/display: check attr flag before set cursor degamma on dcn3+ (git- fixes). * drm/amd/display: check tg is non-null before checking if enabled (git- fixes). * drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). * drm/amd/display: fix access hdcp_workqueue assert (git-fixes). * drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). * drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). * drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). * drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). * drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). * drm/amdgpu: fix potential fence use-after-free v2 (git-fixes). * drm/amdgpu: install stub fence into potential unused fence pointers (git- fixes). * drm/amdgpu: use rmw accessors for changing lnkctl (git-fixes). * drm/armada: fix off-by-one error in armada_overlay_get_property() (git- fixes). * drm/ast: fix dram init on ast2200 (git-fixes). * drm/atomic-helper: update reference to drm_crtc_force_disable_all() (git- fixes). * drm/bridge: anx7625: drop device lock before drm_helper_hpd_irq_event() (git-fixes). * drm/bridge: fix -wunused-const-variable= warning (git-fixes). * drm/bridge: tc358764: fix debug print parameter order (git-fixes). * drm/etnaviv: fix dumping of active mmu context (git-fixes). * drm/mediatek: fix dereference before null check (git-fixes). * drm/mediatek: fix potential memory leak if vmap() fail (git-fixes). * drm/msm/a2xx: call adreno_gpu_init() earlier (git-fixes). * drm/msm/mdp5: do not leak some plane state (git-fixes). * drm/msm: update dev core dump to not print backwards (git-fixes). * drm/nouveau/disp: revert a null check inside nouveau_connector_get_modes (git-fixes). * drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). * drm/panel: simple: add missing connector type and pixel format for auo t215hvn01 (git-fixes). * drm/panel: simple: fix auo g121ean01 panel timings according to the docs (git-fixes). * drm/qxl: fix uaf on handle creation (git-fixes). * drm/radeon: use rmw accessors for changing lnkctl (git-fixes). * drm/rockchip: do not spam logs in atomic check (git-fixes). * drm/shmem-helper: reset vma->vm_ops before calling dma_buf_mmap() (git- fixes). * drm/tegra: dpaux: fix incorrect return value of platform_get_irq (git- fixes). * drm/ttm: check null pointer before accessing when swapping (git-fixes). * drm/ttm: never consider pinned bos for eviction&swap (git-fixes). * drm/vmwgfx: fix shader stage validation (git-fixes). * drm: adv7511: fix low refresh rate register for adv7533/5 (git-fixes). * drm: xlnx: zynqmp_dpsub: add missing check for dma_set_mask (git-fixes). * drop cfg80211 lock fix patches that caused a regression (bsc#1213757) * drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) * dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). * dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). * dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). * e1000: fix typos in comments (jsc#ped-5738). * e1000: remove unnecessary use of kmap_atomic() (jsc#ped-5738). * e1000: switch to napi_build_skb() (jsc#ped-5738). * e1000: switch to napi_consume_skb() (jsc#ped-5738). * enable analog devices industrial ethernet phy driver (jsc#ped-4759) * exfat: fix unexpected eof while reading dir (bsc#1214000). * exfat: release s_lock before calling dir_emit() (bsc#1214000). * exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). * fbdev/ep93xx-fb: do not assign to struct fb_info.dev (git-fixes). * fbdev: fix potential oob read in fast_imageblit() (git-fixes). * fbdev: fix sys_imageblit() for arbitrary image widths (git-fixes). * fbdev: improve performance of sys_imageblit() (git-fixes). * fbdev: mmp: fix value check in mmphw_probe() (git-fixes). * file: reinstate f_pos locking optimization for regular files (bsc#1213759). * firmware: arm_scmi: drop of node reference in the transport channel setup (git-fixes). * firmware: cs_dsp: fix new control name check (git-fixes). * firmware: meson_sm: fix to avoid potential null pointer dereference (git- fixes). * firmware: stratix10-svc: fix an null vs is_err() bug in probe (git-fixes). * fs/sysv: null check to prevent null-ptr-deref bug (git-fixes). * ftrace: fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). * gpio: mvebu: fix irq domain leak (git-fixes). * gpio: mvebu: make use of devm_pwmchip_add (git-fixes). * gpio: tps68470: make tps68470_gpio_output() always set the initial value (git-fixes). * hid: add quirk for 03f0:464a hp elite presenter mouse (git-fixes). * hid: logitech-dj: fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). * hid: logitech-hidpp: add usb and bluetooth ids for the logitech g915 tkl keyboard (git-fixes). * hid: multitouch: correct devm device reference for hidinput input_dev name (git-fixes). * hid: wacom: remove the battery when the ekr is off (git-fixes). * hwmon: (pmbus/bel-pfe) enable pmbus_skip_status_check for pfe1100 (git- fixes). * hwmon: (tmp513) fix the channel number in tmp51x_is_visible() (git-fixes). * hwpoison: offline support: fix spelling in documentation/abi/ (git-fixes). * hwrng: iproc-rng200 - implement suspend and resume calls (git-fixes). * hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). * hwrng: pic32 - use devm_clk_get_enabled (git-fixes). * i2c: bcm-iproc: fix bcm_iproc_i2c_isr deadlock issue (git-fixes). * i2c: delete error messages for failed memory allocations (git-fixes). * i2c: designware: correct length byte validation logic (git-fixes). * i2c: designware: handle invalid smbus block data response length value (git- fixes). * i2c: hisi: only handle the interrupt of the driver's transfer (git-fixes). * i2c: improve size determinations (git-fixes). * i2c: nomadik: remove a useless call in the remove function (git-fixes). * i2c: nomadik: remove unnecessary goto label (git-fixes). * i2c: nomadik: use devm_clk_get_enabled() (git-fixes). * i40e: fix an null vs is_err() bug for debugfs_create_dir() (git-fixes). * iavf: fix potential races for fdir filters (git-fixes). * ib/hfi1: fix possible panic during hotplug remove (git-fixes) * ib/uverbs: fix an potential error pointer dereference (git-fixes) * ice: fix crash by keep old cfg when update tcs more than queues (git-fixes). * ice: fix max_rate check while configuring tx rate limits (git-fixes). * ice: fix memory management in ice_ethtool_fdir.c (git-fixes). * ice: fix rdma vsi removal during queue rebuild (git-fixes). * iio: adc: ina2xx: avoid null pointer dereference on of device match (git- fixes). * iio: adc: stx104: implement and utilize register structures (git-fixes). * iio: adc: stx104: utilize iomap interface (git-fixes). * iio: cros_ec: fix the allocation size for cros_ec_command (git-fixes). * input: exc3000 - properly stop timer on shutdown (git-fixes). * intel/e1000:fix repeated words in comments (jsc#ped-5738). * intel: remove unused macros (jsc#ped-5738). * iommu/amd: add pci segment support for ivrs_ commands (git-fixes). * iommu/amd: fix compile warning in init code (git-fixes). * iommu/amd: fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). * iommu/amd: fix ivrs_acpihid cmdline parsing code (git-fixes). * iommu/amd: fix pci device refcount leak in ppr_notifier() (git-fixes). * iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). * iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). * iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). * iommu/arm-smmu-v3: make default domain type of hisilicon ptt device to identity (git-fixes). * iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git- fixes). * iommu/dart: initialize dart_streams_enable (git-fixes). * iommu/dma: fix incorrect error return on iommu deferred attach (git-fixes). * iommu/dma: fix iova map result check bug (git-fixes). * iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). * iommu/fsl_pamu: fix resource leak in fsl_pamu_probe() (git-fixes). * iommu/io-pgtable-arm-v7s: add a quirk to allow pgtable pa up to 35bit (git- fixes). * iommu/iova: fix module config properly (git-fixes). * iommu/omap: fix buffer overflow in debugfs (git-fixes). * iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). * iommu/sun50i: consider all fault sources for reset (git-fixes). * iommu/sun50i: fix flush size (git-fixes). * iommu/sun50i: fix r/w permission check (git-fixes). * iommu/sun50i: fix reset release (git-fixes). * iommu/sun50i: implement .iotlb_sync_map (git-fixes). * iommu/sun50i: remove iommu_domain_identity (git-fixes). * iommu/vt-d: add rpls to quirk list to skip te disabling (git-fixes). * iommu/vt-d: check correct capability for sagaw determination (git-fixes). * iommu/vt-d: clean up si_domain in the init_dmars() error path (git-fixes). * iommu/vt-d: correctly calculate sagaw value of iommu (git-fixes). * iommu/vt-d: fix kdump kernels boot failure with scalable mode (git-fixes). * iommu/vt-d: fix pci device refcount leak in dmar_dev_scope_init() (git- fixes). * iommu/vt-d: fix pci device refcount leak in has_external_pci() (git-fixes). * iommu/vt-d: preset access bit for iova in fl non-leaf paging entries (git- fixes). * iommu/vt-d: set sre bit only when hardware has srs cap (git-fixes). * ipmi:ssif: add check for kstrdup (git-fixes). * ipmi:ssif: fix a memory leak when scanning for an adapter (git-fixes). * ipmi_si: fix a memleak in try_smi_init() (git-fixes). * jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). * kabi/severities: ignore newly added srso mitigation functions * kabi: allow extra bugsints (bsc#1213927). * kbuild: add -wno-shift-negative-value where -wextra is used (bsc#1214756). * kbuild: move to -std=gnu11 (bsc#1214756). * kernel-binary: common dependencies cleanup common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. * kernel-binary: drop code for kerntypes support kerntypes was a suse-specific feature dropped before sle 12. * kunit: make kunit_test_timeout compatible with comment (git-fixes). * kvm: s390: fix sthyi error handling (git-fixes bsc#1214370). * leds: fix bug_on check for led_color_id_multi that is always false (git- fixes). * leds: multicolor: use rounded division when calculating color components (git-fixes). * leds: pwm: fix error code in led_pwm_create_fwnode() (git-fixes). * leds: trigger: tty: do not use led_on/off constants, use led_blink_set_oneshot instead (git-fixes). * leds: turris-omnia: drop unnecessary mutex locking (git-fixes). * lib/test_meminit: allocate pages up to order max_order (git-fixes). * lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). * libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). * md/raid0: factor out helper for mapping and submitting a bio (bsc#1213916). * md/raid0: fix performance regression for large sequential writes (bsc#1213916). * media: ad5820: drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). * media: cx24120: add retval check for cx24120_message_send() (git-fixes). * media: dib7000p: fix potential division by zero (git-fixes). * media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git- fixes). * media: go7007: remove redundant if statement (git-fixes). * media: i2c: ccs: check rules is non-null (git-fixes). * media: i2c: rdacm21: fix uninitialized value (git-fixes). * media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). * media: ov2680: add ov2680_fill_format() helper function (git-fixes). * media: ov2680: do not take the lock for try_fmt calls (git-fixes). * media: ov2680: fix ov2680_bayer_order() (git-fixes). * media: ov2680: fix ov2680_set_fmt() which == v4l2_subdev_format_try not working (git-fixes). * media: ov2680: fix regulators being left enabled on ov2680_power_on() errors (git-fixes). * media: ov2680: fix vflip / hflip set functions (git-fixes). * media: ov2680: remove video_v4l2_subdev_api ifdef-s (git-fixes). * media: ov5640: enable mipi interface in ov5640_set_power_mipi() (git-fixes). * media: rkvdec: increase max supported height for h.264 (git-fixes). * media: v4l2-core: fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). * media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). * media: venus: hfi_venus: only consider sys_idle_indicator on v1 (git-fixes). * media: venus: hfi_venus: write to vidc_ctrl_init after unmasking interrupts (git-fixes). * misc: rtsx: judge aspm mode to set petxcfg reg (git-fixes). * mkspec: allow unsupported kmps (bsc#1214386) * mlxsw: pci: add shutdown method in pci driver (git-fixes). * mmc: block: fix in_flight[issue_type] value error (git-fixes). * mmc: moxart: read scr register without changing byte order (git-fixes). * mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). * module: avoid allocation if module is already present and ready (bsc#1213921). * module: extract patient module check into helper (bsc#1213921). * module: move check_modinfo() early to early_mod_check() (bsc#1213921). * module: move early sanity checks into a helper (bsc#1213921). * move upstreamed powerpc patches into sorted section * mtd: rawnand: brcmnand: fix crash during the panic_write (git-fixes). * mtd: rawnand: brcmnand: fix mtd oobsize (git-fixes). * mtd: rawnand: brcmnand: fix potential false time out warning (git-fixes). * mtd: rawnand: brcmnand: fix potential out-of-bounds access in oob write (git-fixes). * mtd: rawnand: fsl_upm: fix an off-by one test in fun_exec_op() (git-fixes). * mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git- fixes). * mtd: rawnand: omap_elm: fix incorrect type in assignment (git-fixes). * mtd: rawnand: rockchip: align hwecc vs. raw page helper layouts (git-fixes). * mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). * mtd: spi-nor: check bus width while setting qe bit (git-fixes). * mtd: spinand: toshiba: fix ecc_get_status (git-fixes). * n_tty: rename tail to old_tail in n_tty_read() (git-fixes). * net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). * net: ieee802154: at86rf230: stop leaking skb's (git-fixes). * net: mana: fix mana vf unload when hardware is unresponsive (git-fixes). * net: phy: at803x: remove set/get wol callbacks for ar8032 (git-fixes). * net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). * net: phy: fix irq-based wake-on-lan over hibernate / power off (git-fixes). * net: usb: lan78xx: reorder cleanup operations to avoid uaf bugs (git-fixes). * net: usbnet: fix warning in usbnet_start_xmit/usb_submit_urb (git-fixes). * netfs: fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). * netfs: fix missing xas_retry() calls in xarray iteration (bsc#1213946). * netfs: fix parameter of cleanup() (bsc#1214743). * nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes). * nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git- fixes). * nilfs2: fix warning in mark_buffer_dirty due to discarded buffer reuse (git- fixes). * nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). * nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). * objtool/x86: fix srso mess (git-fixes). * objtool/x86: fixup frame-pointer vs rethunk (git-fixes). * objtool: union instruction::{call_dest,jump_table} (git-fixes). * old-flavors: drop 2.6 kernels. 2.6 based kernels are eol, upgrading from them is no longer suported. * pci/aspm: avoid link retraining race (git-fixes). * pci/aspm: factor out pcie_wait_for_retrain() (git-fixes). * pci/aspm: return 0 or -etimedout from pcie_retrain_link() (git-fixes). * pci: acpiphp: reassign resources on bridge if necessary (git-fixes). * pci: acpiphp: use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). * pci: mark nvidia t4 gpus to avoid bus reset (git-fixes). * pci: meson: remove cast between incompatible function type (git-fixes). * pci: microchip: correct the ded and sec interrupt bit offsets (git-fixes). * pci: microchip: remove cast between incompatible function type (git-fixes). * pci: pciehp: use rmw accessors for changing lnkctl (git-fixes). * pci: rockchip: remove writes to unused registers (git-fixes). * pci: s390: fix use-after-free of pci resources with per-function hotplug (git-fixes). * pci: tegra194: fix possible array out of bounds access (git-fixes). * pcmcia: rsrc_nonstatic: fix memory leak in nonstatic_release_resource_db() (git-fixes). * phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git- fixes). * phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git- fixes). * phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). * phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). * phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). * phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). * phy: qcom-snps: use dev_err_probe() to simplify code (git-fixes). * pinctrl: cherryview: fix address_space_handler() argument (git-fixes). * pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). * pinctrl: renesas: rza2: add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). * platform/x86: dell-sysman: fix reference leak (git-fixes). * pm / devfreq: fix leak in devfreq_dev_release() (git-fixes). * powerpc/64e: fix kexec build error (bsc#1212091 ltc#199106). * powerpc/iommu: do not set failed sg dma_address to dma_mapping_error (bsc#1212091 ltc#199106). * powerpc/iommu: fix iommu_table_in_use for a small default dma window case (bsc#1212091 ltc#199106). * powerpc/iommu: incorrect ddw table is referenced for sr-iov device (bsc#1212091 ltc#199106). * powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). * powerpc/iommu: tces are incorrectly manipulated with dlpar add/remove of memory (bsc#1212091 ltc#199106). * powerpc/kernel/iommu: add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). * powerpc/kexec: fix build failure from uninitialised variable (bsc#1212091 ltc#199106). * powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes). * powerpc/pseries/ddw: do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). * powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: add of_node_put() before break (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: allow ddw windows starting at 0x00 (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: check if the default window in use before removing it (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: create huge dma window if no mmio32 is present (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: find existing ddw with given property name (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: make use of ddw for indirect mapping (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: rename "direct window" to "dma window" (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: replace hard-coded page shift (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: use correct vfree for it_map (bsc#1212091 ltc#199106). * powerpc/pseries: add __init attribute to eligible functions (bsc#1212091 ltc#199106). * powerpc/pseries: honour current smt state when dlpar onlining cpus (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc/pseries: initialise cpu hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc/rtas: block error injection when locked down (bsc#1023051). * powerpc/rtas: enture rtas_call is called with mmu enabled (bsc#1023051). * powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). * powerpc/security: fix speculation_store_bypass reporting on power10 (bsc#1188885 ltc#193722 git-fixes). * powerpc: add hotplug_smt support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). update config files. * powerpc: fix typos in comments (bsc#1212091 ltc#199106). * powerpc: move dma64_propname define to a header (bsc#1214297 ltc#197503). * pseries/iommu/ddw: fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). * pstore/ram: check start of empty przs during init (git-fixes). * pwm: add a stub for devm_pwmchip_add() (git-fixes). * pwm: meson: fix handling of period/duty if greater than uint_max (git- fixes). * pwm: meson: simplify duplicated per-channel tracking (git-fixes). * qed: fix scheduling in a tasklet while getting stats (git-fixes). * rdma/bnxt_re: fix error handling in probe failure path (git-fixes) * rdma/bnxt_re: fix max_qp count for virtual functions (git-fixes) * rdma/efa: fix wrong resources deallocation order (git-fixes) * rdma/hns: fix cq and qp cache affinity (git-fixes) * rdma/hns: fix incorrect post-send with direct wqe of wr-list (git-fixes) * rdma/hns: fix port active speed (git-fixes) * rdma/irdma: prevent zero-length stag registration (git-fixes) * rdma/irdma: replace one-element array with flexible-array member (git-fixes) * rdma/mlx5: return the firmware result upon destroying qp/rq (git-fixes) * rdma/qedr: remove a duplicate assignment in irdma_query_ah() (git-fixes) * rdma/siw: balance the reference of cep->kref in the error path (git-fixes) * rdma/siw: correct wrong debug message (git-fixes) * rdma/umem: set iova in odp flow (git-fixes) * readme.branch: add miroslav franc as a sle15-sp4 co-maintainer. * regmap: rbtree: use alloc_flags for memory allocations (git-fixes). * revert "ib/isert: fix incorrect release of isert connection" (git-fixes) * revert "tracing: add "(fault)" name injection to kernel probes" (git-fixes). * ring-buffer: do not swap cpu_buffer during resize process (git-fixes). * ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes). * ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes). * rpmsg: glink: add check for kstrdup (git-fixes). * s390/purgatory: disable branch profiling (git-fixes bsc#1214372). * sched/fair: fix inaccurate tally of ttwu_move_affine (git fixes). * sched/fair: use recent_used_cpu to test p->cpus_ptr (git fixes). * sched/psi: use kernfs polling functions for psi trigger polling (bsc#1209799). * scsi: bsg: increase number of devices (bsc#1210048). * scsi: core: do not wait for quiesce in scsi_device_block() (bsc#1209284). * scsi: core: do not wait for quiesce in scsi_stop_queue() (bsc#1209284). * scsi: core: improve warning message in scsi_device_block() (bsc#1209284). * scsi: core: merge scsi_internal_device_block() and device_block() (bsc#1209284). * scsi: rdma/srp: fix residual handling (git-fixes) * scsi: sg: increase number of devices (bsc#1210048). * scsi: storvsc: always set no_report_opcodes (git-fixes). * scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes). * scsi: storvsc: handle srb status value 0x30 (git-fixes). * scsi: storvsc: limit max_sectors for virtual fibre channel devices (git- fixes). * scsi: zfcp: defer fc_rport blocking until after adisc response (git-fixes bsc#1214371). * selftests/futex: order calls to futex_lock_pi (git-fixes). * selftests/harness: actually report skip for signal tests (git-fixes). * selftests/resctrl: close perf value read fd on errors (git-fixes). * selftests/resctrl: do not leak buffer in fill_cache() (git-fixes). * selftests/resctrl: unmount resctrl fs if child fails to run benchmark (git- fixes). * selftests/rseq: check if libc rseq support is registered (git-fixes). * selftests: forwarding: add a helper to skip test when using veth pairs (git- fixes). * selftests: forwarding: ethtool: skip when using veth pairs (git-fixes). * selftests: forwarding: ethtool_extended_state: skip when using veth pairs (git-fixes). * selftests: forwarding: skip test when no interfaces are specified (git- fixes). * selftests: forwarding: switch off timeout (git-fixes). * selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). * selftests: forwarding: tc_actions: use ncat instead of nc (git-fixes). * selftests: forwarding: tc_flower: relax success criterion (git-fixes). * selftests: mirror_gre_changes: tighten up the ttl test match (git-fixes). * serial: sc16is7xx: fix broken port 0 uart init (git-fixes). * serial: sc16is7xx: fix bug when first setting gpio direction (git-fixes). * serial: sprd: assign sprd_port after initialized to avoid wrong access (git- fixes). * serial: sprd: fix dma buffer leak issue (git-fixes). * serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). * sfc: fix crash when reading stats while nic is resetting (git-fixes). * smb3: do not send lease break acknowledgment if all file handles have been closed (git-fixes). * smb3: do not set ntlmssp_version flag for negotiate not auth request (bsc#1193629). * smb: client: fix -wstringop-overflow issues (bsc#1193629). * smb: client: fix dfs link mount against w2k8 (bsc#1212142). * smb: client: fix null auth (git-fixes). * soc: aspeed: socinfo: add kfree for kstrdup (git-fixes). * soundwire: bus: pm_runtime_request_resume on peripheral attachment (git- fixes). * soundwire: fix enumeration completion (git-fixes). * spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). * supported.conf: fix typos for -!optional markers * target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). * target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). * target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). * target_core_rbd: remove snapshot existence validation code (bsc#1212857). * thunderbolt: read retimer nvm authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). * timers: add shutdown mechanism to the internal functions (bsc#1213970). * timers: provide timer_shutdown_sync (bsc#1213970). * timers: rename del_timer() to timer_delete() (bsc#1213970). * timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970). * timers: replace bug_on()s (bsc#1213970). * timers: silently ignore timers with a null function (bsc#1213970). * timers: split [try_to_]del_timer_sync to prepare for shutdown mode (bsc#1213970). * timers: update kernel-doc for various functions (bsc#1213970). * timers: use del_timer_sync() even on up (bsc#1213970). * tracing/histograms: add histograms to hist_vars if they have referenced variables (git-fixes). * tracing/histograms: return an error if we fail to add histogram to hist_vars list (git-fixes). * tracing/probes: fix not to count error code to total length (git-fixes). * tracing/probes: fix to avoid double count of the string length on the array (git-fixes). * tracing/probes: fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). * tracing/probes: fix to update dynamic data counter if fetcharg uses it (git- fixes). * tracing: fix cpu buffers unavailable due to 'record_disabled' missed (git- fixes). * tracing: fix memleak due to race between current_tracer and trace (git- fixes). * tracing: fix memory leak of iter->temp when reading trace_pipe (git-fixes). * tracing: fix null pointer dereference in tracing_err_log_open() (git-fixes). * tracing: fix warning in trace_buffered_event_disable() (git-fixes). * tty: fix hang on tty device with no_room set (git-fixes). * tty: n_gsm: fix the uaf caused by race condition in gsm_cleanup_mux (git- fixes). * tty: serial: fsl_lpuart: add i.mxrt1050 support (git-fixes). * tty: serial: fsl_lpuart: clear the error flags by writing 1 for lpuart32 platforms (git-fixes). * tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). * tty: serial: fsl_lpuart: reduce rx watermark to 0 on ls1028a (git-fixes). * ubifs: fix memleak when insert_old_idx() failed (git-fixes). * update patches.suse/cpufreq-intel_pstate-fix-cpu-pstate.turbo_freq-initi (git-fixes bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes). * usb: chipidea: imx: add missing usb phy dpdm wakeup setting (git-fixes). * usb: chipidea: imx: do not request qos for imx8ulp (git-fixes). * usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git- fixes). * usb: common: usb-conn-gpio: prevent bailing out if initial role is none (git-fixes). * usb: dwc3: fix typos in gadget.c (git-fixes). * usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git- fixes). * usb: dwc3: properly handle processing of pending events (git-fixes). * usb: gadget: f_mass_storage: fix unused variable warning (git-fixes). * usb: gadget: fix the memory leak in raw_gadget driver (git-fixes). * usb: gadget: u_serial: avoid spinlock recursion in __gs_console_push (git- fixes). * usb: ohci-at91: fix the unhandle interrupt when resume (git-fixes). * usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git- fixes). * usb: quirks: add quirk for focusrite scarlett (git-fixes). * usb: serial: option: add quectel ec200a module support (git-fixes). * usb: serial: option: support quectel em060k_128 (git-fixes). * usb: serial: simple: add kaufmann rks+can vcp (git-fixes). * usb: serial: simple: sort driver entries (git-fixes). * usb: typec: altmodes/displayport: signal hpd when configuring pin assignment (git-fixes). * usb: typec: tcpm: fix response to vsafe0v event (git-fixes). * usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). * usb: zaurus: add id for a-300/b-500/c-700 (git-fixes). * watchdog: sp5100_tco: support hygon fch/sch (server controller hub) (git- fixes). * wifi: ath10k: use rmw accessors for changing lnkctl (git-fixes). * wifi: ath11k: use rmw accessors for changing lnkctl (git-fixes). * wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git- fixes). * wifi: ath9k: protect wmi command response buffer replacement with a lock (git-fixes). * wifi: ath9k: use is_err() with debugfs_create_dir() (git-fixes). * wifi: cfg80211: fix return value in scan logic (git-fixes). * wifi: cfg80211: fix sband iftype data lookup for ap_vlan (git-fixes). * wifi: mt76: mt7615: do not advertise 5 ghz on first phy of mt7615d (dbdc) (git-fixes). * wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). * wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). * wifi: mt76: testmode: add nla_policy for mt76_tm_attr_tx_length (git-fixes). * wifi: mwifiex: avoid possible null skb pointer dereference (git-fixes). * wifi: mwifiex: fix error recovery in pcie buffer descriptor management (git- fixes). * wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). * wifi: mwifiex: fix missed return in oob checks failed path (git-fixes). * wifi: mwifiex: fix oob and integer underflow when rx packets (git-fixes). * wifi: nl80211/cfg80211: add forgotten nla_policy for bss color attribute (git-fixes). * wifi: radiotap: fix kernel-doc notation warnings (git-fixes). * wifi: rtw89: debug: fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). * x86/alternative: make custom return thunk unconditional (git-fixes). * x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes). * x86/cpu/kvm: provide untrain_ret_vm (git-fixes). * x86/cpu: clean up srso return thunk mess (git-fixes). * x86/cpu: cleanup the untrain mess (git-fixes). * x86/cpu: fix __x86_return_thunk symbol type (git-fixes). * x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). * x86/cpu: rename original retbleed methods (git-fixes). * x86/cpu: rename srso_(.*) _alias to srso_alias_ \1 (git-fixes). * x86/mce: make sure logged mces are processed after sysfs update (git-fixes). * x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes). * x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes). * x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes). * x86/speculation: add cpu_show_gds() prototype (git-fixes). * x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes). * x86/srso: correct the mitigation status when smt is disabled (git-fixes). * x86/srso: disable the mitigation on unaffected configurations (git-fixes). * x86/srso: explain the untraining sequences a bit more (git-fixes). * x86/srso: fix build breakage with the llvm linker (git-fixes). * x86/srso: fix return thunks in generated code (git-fixes). * x86/static_call: fix __static_call_fixup() (git-fixes). * xfs: fix sb write verify for lazysbcount (bsc#1214661). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3600=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3600=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3600=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3600=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3600=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3600=1 * SUSE Real Time Module 15-SP4 zypper in -t patch SUSE-SLE-Module-RT-15-SP4-2023-3600=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * dlm-kmp-rt-debuginfo-5.14.21-150400.15.49.1 * kernel-rt_debug-debuginfo-5.14.21-150400.15.49.1 * kernel-rt-debugsource-5.14.21-150400.15.49.1 * kernel-rt-devel-debuginfo-5.14.21-150400.15.49.1 * kernel-syms-rt-5.14.21-150400.15.49.1 * kernel-rt-devel-5.14.21-150400.15.49.1 * kernel-rt-debuginfo-5.14.21-150400.15.49.1 * cluster-md-kmp-rt-5.14.21-150400.15.49.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.49.1 * kernel-rt_debug-debugsource-5.14.21-150400.15.49.1 * kernel-rt_debug-devel-5.14.21-150400.15.49.1 * gfs2-kmp-rt-debuginfo-5.14.21-150400.15.49.1 * ocfs2-kmp-rt-5.14.21-150400.15.49.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.49.1 * dlm-kmp-rt-5.14.21-150400.15.49.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.49.1 * gfs2-kmp-rt-5.14.21-150400.15.49.1 * openSUSE Leap 15.4 (noarch) * kernel-devel-rt-5.14.21-150400.15.49.1 * kernel-source-rt-5.14.21-150400.15.49.1 * openSUSE Leap 15.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.49.1 * kernel-rt_debug-5.14.21-150400.15.49.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.49.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.49.1 * kernel-rt-debuginfo-5.14.21-150400.15.49.1 * SUSE Linux Enterprise Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.49.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.49.1 * kernel-rt-debuginfo-5.14.21-150400.15.49.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.49.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.49.1 * kernel-rt-debuginfo-5.14.21-150400.15.49.1 * SUSE Linux Enterprise Micro 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.49.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.49.1 * kernel-rt-debuginfo-5.14.21-150400.15.49.1 * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-5_14_21-150400_15_49-rt-debuginfo-1-150400.1.3.1 * kernel-livepatch-SLE15-SP4-RT_Update_12-debugsource-1-150400.1.3.1 * kernel-livepatch-5_14_21-150400_15_49-rt-1-150400.1.3.1 * SUSE Real Time Module 15-SP4 (x86_64) * dlm-kmp-rt-debuginfo-5.14.21-150400.15.49.1 * kernel-rt_debug-debuginfo-5.14.21-150400.15.49.1 * kernel-rt-debugsource-5.14.21-150400.15.49.1 * kernel-rt-devel-debuginfo-5.14.21-150400.15.49.1 * kernel-syms-rt-5.14.21-150400.15.49.1 * kernel-rt-devel-5.14.21-150400.15.49.1 * kernel-rt-debuginfo-5.14.21-150400.15.49.1 * cluster-md-kmp-rt-5.14.21-150400.15.49.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.49.1 * kernel-rt_debug-debugsource-5.14.21-150400.15.49.1 * kernel-rt_debug-devel-5.14.21-150400.15.49.1 * gfs2-kmp-rt-debuginfo-5.14.21-150400.15.49.1 * ocfs2-kmp-rt-5.14.21-150400.15.49.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.49.1 * dlm-kmp-rt-5.14.21-150400.15.49.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.49.1 * gfs2-kmp-rt-5.14.21-150400.15.49.1 * SUSE Real Time Module 15-SP4 (noarch) * kernel-devel-rt-5.14.21-150400.15.49.1 * kernel-source-rt-5.14.21-150400.15.49.1 * SUSE Real Time Module 15-SP4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.49.1 * kernel-rt_debug-5.14.21-150400.15.49.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2007.html * https://www.suse.com/security/cve/CVE-2023-20588.html * https://www.suse.com/security/cve/CVE-2023-34319.html * https://www.suse.com/security/cve/CVE-2023-3610.html * https://www.suse.com/security/cve/CVE-2023-37453.html * https://www.suse.com/security/cve/CVE-2023-3772.html * https://www.suse.com/security/cve/CVE-2023-3863.html * https://www.suse.com/security/cve/CVE-2023-4128.html * https://www.suse.com/security/cve/CVE-2023-4133.html * https://www.suse.com/security/cve/CVE-2023-4134.html * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4194.html * https://www.suse.com/security/cve/CVE-2023-4273.html * https://www.suse.com/security/cve/CVE-2023-4387.html * https://www.suse.com/security/cve/CVE-2023-4459.html * https://www.suse.com/security/cve/CVE-2023-4569.html * https://bugzilla.suse.com/show_bug.cgi?id=1023051 * https://bugzilla.suse.com/show_bug.cgi?id=1120059 * https://bugzilla.suse.com/show_bug.cgi?id=1177719 * https://bugzilla.suse.com/show_bug.cgi?id=1188885 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1205462 * https://bugzilla.suse.com/show_bug.cgi?id=1208902 * https://bugzilla.suse.com/show_bug.cgi?id=1208949 * https://bugzilla.suse.com/show_bug.cgi?id=1209284 * https://bugzilla.suse.com/show_bug.cgi?id=1209799 * https://bugzilla.suse.com/show_bug.cgi?id=1210048 * https://bugzilla.suse.com/show_bug.cgi?id=1210448 * https://bugzilla.suse.com/show_bug.cgi?id=1212091 * https://bugzilla.suse.com/show_bug.cgi?id=1212142 * https://bugzilla.suse.com/show_bug.cgi?id=1212526 * https://bugzilla.suse.com/show_bug.cgi?id=1212857 * https://bugzilla.suse.com/show_bug.cgi?id=1212873 * https://bugzilla.suse.com/show_bug.cgi?id=1213026 * https://bugzilla.suse.com/show_bug.cgi?id=1213123 * https://bugzilla.suse.com/show_bug.cgi?id=1213546 * https://bugzilla.suse.com/show_bug.cgi?id=1213580 * https://bugzilla.suse.com/show_bug.cgi?id=1213601 * https://bugzilla.suse.com/show_bug.cgi?id=1213666 * https://bugzilla.suse.com/show_bug.cgi?id=1213757 * https://bugzilla.suse.com/show_bug.cgi?id=1213759 * https://bugzilla.suse.com/show_bug.cgi?id=1213916 * https://bugzilla.suse.com/show_bug.cgi?id=1213921 * https://bugzilla.suse.com/show_bug.cgi?id=1213927 * https://bugzilla.suse.com/show_bug.cgi?id=1213946 * https://bugzilla.suse.com/show_bug.cgi?id=1213968 * https://bugzilla.suse.com/show_bug.cgi?id=1213970 * https://bugzilla.suse.com/show_bug.cgi?id=1213971 * https://bugzilla.suse.com/show_bug.cgi?id=1214000 * https://bugzilla.suse.com/show_bug.cgi?id=1214019 * https://bugzilla.suse.com/show_bug.cgi?id=1214120 * https://bugzilla.suse.com/show_bug.cgi?id=1214149 * https://bugzilla.suse.com/show_bug.cgi?id=1214180 * https://bugzilla.suse.com/show_bug.cgi?id=1214238 * https://bugzilla.suse.com/show_bug.cgi?id=1214285 * https://bugzilla.suse.com/show_bug.cgi?id=1214297 * https://bugzilla.suse.com/show_bug.cgi?id=1214299 * https://bugzilla.suse.com/show_bug.cgi?id=1214350 * https://bugzilla.suse.com/show_bug.cgi?id=1214368 * https://bugzilla.suse.com/show_bug.cgi?id=1214370 * https://bugzilla.suse.com/show_bug.cgi?id=1214371 * https://bugzilla.suse.com/show_bug.cgi?id=1214372 * https://bugzilla.suse.com/show_bug.cgi?id=1214380 * https://bugzilla.suse.com/show_bug.cgi?id=1214386 * https://bugzilla.suse.com/show_bug.cgi?id=1214392 * https://bugzilla.suse.com/show_bug.cgi?id=1214393 * https://bugzilla.suse.com/show_bug.cgi?id=1214397 * https://bugzilla.suse.com/show_bug.cgi?id=1214428 * https://bugzilla.suse.com/show_bug.cgi?id=1214451 * https://bugzilla.suse.com/show_bug.cgi?id=1214659 * https://bugzilla.suse.com/show_bug.cgi?id=1214661 * https://bugzilla.suse.com/show_bug.cgi?id=1214729 * https://bugzilla.suse.com/show_bug.cgi?id=1214742 * https://bugzilla.suse.com/show_bug.cgi?id=1214743 * https://bugzilla.suse.com/show_bug.cgi?id=1214756 * https://jira.suse.com/browse/PED-4579 * https://jira.suse.com/browse/PED-4759 * https://jira.suse.com/browse/PED-4927 * https://jira.suse.com/browse/PED-4929 * https://jira.suse.com/browse/PED-5738 * https://jira.suse.com/browse/PED-6003 * https://jira.suse.com/browse/PED-6004 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Sep 14 12:31:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Sep 2023 12:31:18 -0000 Subject: SUSE-SU-2023:3599-1: important: Security update for the Linux Kernel Message-ID: <169469467832.18093.10059792393729225472@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3599-1 Rating: important References: * #1023051 * #1120059 * #1177719 * #1188885 * #1193629 * #1194869 * #1203329 * #1203330 * #1205462 * #1206453 * #1208902 * #1208949 * #1209284 * #1209799 * #1210048 * #1210448 * #1211220 * #1212091 * #1212142 * #1212423 * #1212526 * #1212857 * #1212873 * #1213026 * #1213123 * #1213546 * #1213580 * #1213601 * #1213666 * #1213733 * #1213757 * #1213759 * #1213916 * #1213921 * #1213927 * #1213946 * #1213949 * #1213968 * #1213970 * #1213971 * #1214000 * #1214019 * #1214073 * #1214120 * #1214149 * #1214180 * #1214233 * #1214238 * #1214285 * #1214297 * #1214299 * #1214305 * #1214350 * #1214368 * #1214370 * #1214371 * #1214372 * #1214380 * #1214386 * #1214392 * #1214393 * #1214397 * #1214404 * #1214428 * #1214451 * #1214659 * #1214661 * #1214727 * #1214729 * #1214742 * #1214743 * #1214756 * #1214976 * PED-3924 * PED-4579 * PED-4759 * PED-4927 * PED-4929 * PED-5738 * PED-6003 * PED-6004 Cross-References: * CVE-2022-38457 * CVE-2022-40133 * CVE-2023-2007 * CVE-2023-20588 * CVE-2023-34319 * CVE-2023-3610 * CVE-2023-37453 * CVE-2023-3772 * CVE-2023-3863 * CVE-2023-40283 * CVE-2023-4128 * CVE-2023-4133 * CVE-2023-4134 * CVE-2023-4147 * CVE-2023-4194 * CVE-2023-4273 * CVE-2023-4387 * CVE-2023-4459 * CVE-2023-4563 * CVE-2023-4569 CVSS scores: * CVE-2022-38457 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38457 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H * CVE-2022-40133 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-40133 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H * CVE-2023-2007 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2007 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20588 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34319 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-37453 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37453 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-40283 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-40283 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4133 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4134 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-4194 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4273 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4273 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-4387 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4387 ( NVD ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4459 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4569 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-4569 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Real Time Module 15-SP5 An update that solves 20 vulnerabilities, contains eight features and has 53 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-38457: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203330). * CVE-2022-40133: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203329). * CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). * CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). * CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). * CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). * CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). * CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). * CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). * CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). * CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). * CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). * CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). * CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). * CVE-2023-4563: Fixed use-after-free in nft_verdict_dump due to a race between set GC and transaction (bsc#1214727). * CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). * CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). * CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). * CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). The following non-security bugs were fixed: * ACPI/IORT: Update SMMUv3 DeviceID support (bsc#1214305). * ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily (git- fixes). * ACPI: processor: perflib: Use the "no limit" frequency QoS (git-fixes). * ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table (git- fixes). * ALSA: ac97: Fix possible error value of *rac97 (git-fixes). * ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes). * ALSA: hda/realtek - Remodified 3k pull low procedure (git-fixes). * ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED (git- fixes). * ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx (git- fixes). * ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes). * ALSA: hda/realtek: Switch Dell Oasis models to use SPI (git-fixes). * ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (git-fixes). * ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces (git-fixes). * ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes). * ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (git- fixes). * ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings (git-fixes). * ARM: dts: imx6sll: fixup of operating points (git-fixes). * ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970). * ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (git-fixes). * ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ (git-fixes). * ASoC: lower "no backend DAIs enabled for ... Port" log severity (git-fixes). * ASoC: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). * ASoC: rt5665: add missed regulator_bulk_disable (git-fixes). * ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes). * ASoC: tegra: Fix SFC conversion for few rates (git-fixes). * Bluetooth: Fix potential use-after-free when clear keys (git-fixes). * Bluetooth: L2CAP: Fix use-after-free (git-fixes). * Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (git-fixes). * Bluetooth: Remove unused declaration amp_read_loc_info() (git-fixes). * Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (git-fixes). * Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (git- fixes). * Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git- fixes). * CONFIG_NVME_VERBOSE_ERRORS=y gone with a82baa8083b * CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 gone with 7e152d55123 * Created new preempt kernel flavor Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel. * Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes). * Documentation: devices.txt: Remove ttyIOC* (git-fixes). * Documentation: devices.txt: Remove ttySIOC* (git-fixes). * Drivers: hv: Do not remap addresses that are above shared_gpa_boundary (bsc#1206453). * Drivers: hv: Enable vmbus driver for nested root partition (bsc#1206453). * Drivers: hv: Explicitly request decrypted in vmap_pfn() calls (bsc#1206453). * Drivers: hv: Setup synic registers in case of nested root partition (bsc#1206453). * Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (bsc#1206453). * Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages (bsc#1206453). * Drivers: hv: vmbus: Remove second way of mapping ring buffers (bsc#1206453). * Drivers: hv: vmbus: Remove the per-CPU post_msg_page (bsc#1206453). * Drop cfg80211 lock fix patches that caused a regression (bsc#1213757) * Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) * Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759) * HID: add quirk for 03f0:464a HP Elite Presenter Mouse (git-fixes). * HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). * HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard (git-fixes). * HID: multitouch: Correct devm device reference for hidinput input_dev name (git-fixes). * HID: wacom: remove the battery when the EKR is off (git-fixes). * HWPOISON: offline support: fix spelling in Documentation/ABI/ (git-fixes). * IB/hfi1: Fix possible panic during hotplug remove (git-fixes) * IB/uverbs: Fix an potential error pointer dereference (git-fixes) * Input: exc3000 - properly stop timer on shutdown (git-fixes). * KVM: s390: fix sthyi error handling (git-fixes bsc#1214370). * Kbuild: add -Wno-shift-negative-value where -Wextra is used (bsc#1214756). * Kbuild: move to -std=gnu11 (bsc#1214756). * PCI/ASPM: Avoid link retraining race (git-fixes). * PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes). * PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() (git-fixes). * PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes). * PCI: acpiphp: Reassign resources on bridge if necessary (git-fixes). * PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). * PCI: hv: Enable PCI pass-thru devices in Confidential VMs (bsc#1206453). * PCI: hv: Replace retarget_msi_interrupt_params with (bsc#1206453). * PCI: meson: Remove cast between incompatible function type (git-fixes). * PCI: microchip: Correct the DED and SEC interrupt bit offsets (git-fixes). * PCI: microchip: Remove cast between incompatible function type (git-fixes). * PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes). * PCI: rockchip: Remove writes to unused registers (git-fixes). * PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (git-fixes). * PCI: tegra194: Fix possible array out of bounds access (git-fixes). * PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes). * RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes) * RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes) * RDMA/efa: Fix wrong resources deallocation order (git-fixes) * RDMA/hns: Fix CQ and QP cache affinity (git-fixes) * RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes) * RDMA/hns: Fix port active speed (git-fixes) * RDMA/irdma: Prevent zero-length STAG registration (git-fixes) * RDMA/irdma: Replace one-element array with flexible-array member (git-fixes) * RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes) * RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes) * RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes) * RDMA/siw: Correct wrong debug message (git-fixes) * RDMA/umem: Set iova in ODP flow (git-fixes) * README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer. * Revert "IB/isert: Fix incorrect release of isert connection" (git-fixes) * Revert "tracing: Add "(fault)" name injection to kernel probes" (git-fixes). * Update patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq- initi.patch (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * amba: bus: fix refcount leak (git-fixes). * arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux (git-fixes). * arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). * arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 (git-fixes). * audit: fix possible soft lockup in __audit_inode_child() (git-fixes). * backlight/bd6107: Compare against struct fb_info.device (git-fixes). * backlight/gpio_backlight: Compare against struct fb_info.device (git-fixes). * backlight/lv5207lp: Compare against struct fb_info.device (git-fixes). * batman-adv: Do not get eth header before batadv_check_management_packet (git-fixes). * batman-adv: Do not increase MTU when set by user (git-fixes). * batman-adv: Fix TT global entry leak when client roamed back (git-fixes). * batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes). * batman-adv: Hold rtnl lock during MTU update via netlink (git-fixes). * batman-adv: Trigger events for auto adjusted MTU (git-fixes). * bnx2x: fix page fault following EEH recovery (bsc#1214299). * bpf: Disable preemption in bpf_event_output (git-fixes). * bpftool: Print newline before '}' for struct with padding only fields (bsc#1211220 jsc#PED-3924). * bus: mhi: host: Skip MHI reset if device is in RDDM (git-fixes). * bus: ti-sysc: Fix build warning for 64-bit build (git-fixes). * bus: ti-sysc: Fix cast to enum warning (git-fixes). * bus: ti-sysc: Flush posted write on enable before reset (git-fixes). * can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (git-fixes). * ceph: defer stopping mdsc delayed_work (bsc#1214392). * ceph: do not check for quotas on MDS stray dirs (bsc#1214238). * ceph: never send metrics if disable_send_metrics is set (bsc#1214180). * check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does. * cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). * cifs: allow dumping keys for directories too (bsc#1193629). * cifs: fix mid leak during reconnection after timeout threshold (git-fixes). * cifs: if deferred close is disabled then close files immediately (git- fixes). * cifs: is_network_name_deleted should return a bool (bsc#1193629). * cifs: update internal module version number for cifs.ko (bsc#1193629). * clk: Fix slab-out-of-bounds error in devm_clk_release() (git-fixes). * clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). * clk: imx8mp: fix sai4 clock (git-fixes). * clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). * clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz (git- fixes). * clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). * clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). * clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src (git-fixes). * clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes). * clk: sunxi-ng: Modify mismatched function name (git-fixes). * clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970). * clocksource/drivers/hyper-v: Rework clocksource and sched clock setup (bsc#1206453). * clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970). * clocksource: hyper-v: Add TSC page support for root partition (bsc#1206453). * clocksource: hyper-v: Introduce TSC PFN getter (bsc#1206453). * clocksource: hyper-v: Introduce a pointer to TSC page (bsc#1206453). * clocksource: hyper-v: Use TSC PFN getter to map vvar page (bsc#1206453). * clocksource: hyper-v: make sure Invariant-TSC is used if it is (bsc#1206453). * cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpufreq: Fix the race condition while updating the transition_task of policy (git-fixes). * cpufreq: intel_pstate: Adjust balance_performance EPP for Sapphire Rapids (bsc#1214659). * cpufreq: intel_pstate: Enable HWP IO boost for all servers (bsc#1208949 jsc#PED-6003 jsc#PED-6004). * cpufreq: intel_pstate: Fix scaling for hybrid-capable systems with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * cpufreq: intel_pstate: Read all MSRs on the target CPU (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * cpufreq: intel_pstate: hybrid: Rework HWP calibration (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * crypto: caam - fix unchecked return value error (git-fixes). * crypto: stm32 - Properly handle pm_runtime_get failing (git-fixes). * define more Hyper-V related constants (bsc#1206453). * dma-buf/sw_sync: Avoid recursive lock during fence signal (git-fixes). * dma-buf/sync_file: Fix docs syntax (git-fixes). * dmaengine: idxd: Modify the dependence of attribute pasid_enabled (git- fixes). * dmaengine: mcf-edma: Fix a potential un-allocated memory access (git-fixes). * dmaengine: pl330: Return DMA_PAUSED when transaction is paused (git-fixes). * dmaengine: ste_dma40: Add missing IRQ check in d40_probe (git-fixes). * docs/process/howto: Replace C89 with C11 (bsc#1214756). * docs: kernel-parameters: Refer to the correct bitmap function (git-fixes). * docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). * docs: printk-formats: Fix hex printing of signed values (git-fixes). * driver core: test_async: fix an error code (git-fixes). * drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (git- fixes). * drivers: usb: smsusb: fix error handling code in smsusb_init_device (git- fixes). * drm/amd/display: Apply 60us prefetch for DCFCLK <= 300Mhz (git-fixes). * drm/amd/display: Disable phantom OTG after enable for plane disable (git- fixes). * drm/amd/display: Do not set drr on pipe commit (git-fixes). * drm/amd/display: Enable dcn314 DPP RCO (git-fixes). * drm/amd/display: Ensure that planes are in the same order (git-fixes). * drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV register (git-fixes). * drm/amd/display: Retain phantom plane/stream if validation fails (git- fixes). * drm/amd/display: Skip DPP DTO update if root clock is gated (git-fixes). * drm/amd/display: Use update plane and stream routine for DCN32x (git-fixes). * drm/amd/display: check TG is non-null before checking if enabled (git- fixes). * drm/amd/display: check attr flag before set cursor degamma on DCN3+ (git- fixes). * drm/amd/display: disable RCO for DCN314 (git-fixes). * drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). * drm/amd/display: fix access hdcp_workqueue assert (git-fixes). * drm/amd/display: fix the build when DRM_AMD_DC_DCN is not set (git-fixes). * drm/amd/display: limit DPIA link rate to HBR3 (git-fixes). * drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). * drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). * drm/amd/display: trigger timing sync only if TG is running (git-fixes). * drm/amd/pm/smu7: move variables to where they are used (git-fixes). * drm/amd/pm: avoid unintentional shutdown due to temperature momentary fluctuation (git-fixes). * drm/amd/pm: expose swctf threshold setting for legacy powerplay (git-fixes). * drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). * drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock settings (git-fixes). * drm/amd/pm: fulfill swsmu peak profiling mode shader/memory clock settings (git-fixes). * drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 (git- fixes). * drm/amd: Disable S/G for APUs when 64GB or more host memory (git-fixes). * drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). * drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7 (git-fixes). * drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (git-fixes). * drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes). * drm/amdgpu: Remove unnecessary domain argument (git-fixes). * drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes). * drm/amdgpu: add S/G display parameter (git-fixes). * drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git- fixes). * drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). * drm/amdgpu: fix calltrace warning in amddrm_buddy_fini (git-fixes). * drm/amdgpu: fix memory leak in mes self test (git-fixes). * drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() (git-fixes). * drm/amdgpu: install stub fence into potential unused fence pointers (git- fixes). * drm/amdgpu: keep irq count in amdgpu_irq_disable_all (git-fixes). * drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix (git-fixes). * drm/armada: Fix off-by-one error in armada_overlay_get_property() (git- fixes). * drm/ast: Fix DRAM init on AST2200 (git-fixes). * drm/atomic-helper: Update reference to drm_crtc_force_disable_all() (git- fixes). * drm/bridge: anx7625: Drop device lock before drm_helper_hpd_irq_event() (git-fixes). * drm/bridge: anx7625: Use common macros for DP power sequencing commands (git-fixes). * drm/bridge: anx7625: Use common macros for HDCP capabilities (git-fixes). * drm/bridge: fix -Wunused-const-variable= warning (git-fixes). * drm/bridge: tc358764: Fix debug print parameter order (git-fixes). * drm/etnaviv: fix dumping of active MMU context (git-fixes). * drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers (git- fixes). * drm/i915/sdvo: fix panel_type initialization (git-fixes). * drm/i915: Fix premature release of request's reusable memory (git-fixes). * drm/mediatek: Fix dereference before null check (git-fixes). * drm/mediatek: Fix potential memory leak if vmap() fail (git-fixes). * drm/mediatek: Remove freeing not dynamic allocated memory (git-fixes). * drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes). * drm/msm/dpu: fix the irq index in dpu_encoder_phys_wb_wait_for_commit_done (git-fixes). * drm/msm/mdp5: Do not leak some plane state (git-fixes). * drm/msm: Update dev core dump to not print backwards (git-fixes). * drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable() (git-fixes). * drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (git-fixes). * drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create (bsc#1214073). * drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). * drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues (git-fixes). * drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 (git-fixes). * drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs (git-fixes). * drm/qxl: fix UAF on handle creation (git-fixes). * drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes). * drm/repaper: Reduce temporary buffer size in repaper_fb_dirty() (git-fixes). * drm/rockchip: Do not spam logs in atomic check (git-fixes). * drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap() (git- fixes). * drm/stm: ltdc: fix late dereference check (git-fixes). * drm/tegra: dpaux: Fix incorrect return value of platform_get_irq (git- fixes). * drm/ttm: check null pointer before accessing when swapping (git-fixes). * drm/ttm: never consider pinned BOs for eviction&swap (git-fixes). * drm/vmwgfx: Fix shader stage validation (git-fixes). * drm: adv7511: Fix low refresh rate register for ADV7533/5 (git-fixes). * drm: rcar-du: remove R-Car H3 ES1.* workarounds (git-fixes). * drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask (git-fixes). * dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). * dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). * dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). * e1000: Fix typos in comments (jsc#PED-5738). * e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738). * e1000: switch to napi_build_skb() (jsc#PED-5738). * e1000: switch to napi_consume_skb() (jsc#PED-5738). * exfat: fix unexpected EOF while reading dir (bsc#1214000). * exfat: release s_lock before calling dir_emit() (bsc#1214000). * exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). * fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (git-fixes). * fbdev: Fix sys_imageblit() for arbitrary image widths (git-fixes). * fbdev: Improve performance of sys_imageblit() (git-fixes). * fbdev: Update fbdev source file paths (git-fixes). * fbdev: fix potential OOB read in fast_imageblit() (git-fixes). * fbdev: mmp: fix value check in mmphw_probe() (git-fixes). * file: reinstate f_pos locking optimization for regular files (bsc#1213759). * firmware: arm_scmi: Drop OF node reference in the transport channel setup (git-fixes). * firmware: cs_dsp: Fix new control name check (git-fixes). * firmware: meson_sm: fix to avoid potential NULL pointer dereference (git- fixes). * firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). * fprobe: Release rethook after the ftrace_ops is unregistered (git-fixes). * fprobe: add unlock to match a succeeded ftrace_test_recursion_trylock (git- fixes). * fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes). * fsi: aspeed: Reset master errors after CFAM reset (git-fixes). * fsi: master-ast-cf: Add MODULE_FIRMWARE macro (git-fixes). * ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). * gpio: mvebu: Make use of devm_pwmchip_add (git-fixes). * gpio: mvebu: fix irq domain leak (git-fixes). * gpio: tps68470: Make tps68470_gpio_output() always set the initial value (git-fixes). * hv_netvsc: Remove second mapping of send and recv buffers (bsc#1206453). * hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100 (git- fixes). * hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() (git-fixes). * hwrng: iproc-rng200 - Implement suspend and resume calls (git-fixes). * hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). * hwrng: pic32 - use devm_clk_get_enabled (git-fixes). * i2c: Delete error messages for failed memory allocations (git-fixes). * i2c: Improve size determinations (git-fixes). * i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue (git-fixes). * i2c: designware: Correct length byte validation logic (git-fixes). * i2c: designware: Handle invalid SMBus block data response length value (git- fixes). * i2c: hisi: Only handle the interrupt of the driver's transfer (git-fixes). * i2c: nomadik: Remove a useless call in the remove function (git-fixes). * i2c: nomadik: Remove unnecessary goto label (git-fixes). * i2c: nomadik: Use devm_clk_get_enabled() (git-fixes). * i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). * iavf: fix potential races for FDIR filters (git-fixes). * ice: Fix RDMA VSI removal during queue rebuild (git-fixes). * ice: Fix crash by keep old cfg when update TCs more than queues (git-fixes). * ice: Fix max_rate check while configuring TX rate limits (git-fixes). * ice: Fix memory management in ice_ethtool_fdir.c (git-fixes). * iio: adc: ina2xx: avoid NULL pointer dereference on OF device match (git- fixes). * iio: adc: stx104: Implement and utilize register structures (git-fixes). * iio: adc: stx104: Utilize iomap interface (git-fixes). * iio: cros_ec: Fix the allocation size for cros_ec_command (git-fixes). * intel/e1000:fix repeated words in comments (jsc#PED-5738). * intel: remove unused macros (jsc#PED-5738). * iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd: Add PCI segment support for ivrs_ commands (git-fixes). * iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). * iommu/amd: Do not identity map v2 capable device when snp is enabled (git- fixes). * iommu/amd: Fix compile warning in init code (git-fixes). * iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). * iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes). * iommu/amd: Fix pci device refcount leak in ppr_notifier() (git-fixes). * iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). * iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (git-fixes). * iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). * iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). * iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git- fixes). * iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes). * iommu/dma: Fix incorrect error return on iommu deferred attach (git-fixes). * iommu/dma: Fix iova map result check bug (git-fixes). * iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). * iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (git-fixes). * iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit (git- fixes). * iommu/iova: Fix module config properly (git-fixes). * iommu/mediatek: Add error path for loop of mm_dts_parse (git-fixes). * iommu/mediatek: Add platform_device_put for recovering the device refcnt (git-fixes). * iommu/mediatek: Check return value after calling platform_get_resource() (git-fixes). * iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN (git-fixes). * iommu/mediatek: Use component_match_add (git-fixes). * iommu/mediatek: Validate number of phandles associated with "mediatek,larbs" (git-fixes). * iommu/omap: Fix buffer overflow in debugfs (git-fixes). * iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). * iommu/s390: Fix duplicate domain attachments (git-fixes). * iommu/sun50i: Consider all fault sources for reset (git-fixes). * iommu/sun50i: Fix R/W permission check (git-fixes). * iommu/sun50i: Fix flush size (git-fixes). * iommu/sun50i: Fix reset release (git-fixes). * iommu/sun50i: Implement .iotlb_sync_map (git-fixes). * iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes). * iommu/vt-d: Add RPLS to quirk list to skip TE disabling (git-fixes). * iommu/vt-d: Check correct capability for sagaw determination (git-fixes). * iommu/vt-d: Clean up si_domain in the init_dmars() error path (git-fixes). * iommu/vt-d: Correctly calculate sagaw value of IOMMU (git-fixes). * iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (git- fixes). * iommu/vt-d: Fix PCI device refcount leak in has_external_pci() (git-fixes). * iommu/vt-d: Fix kdump kernels boot failure with scalable mode (git-fixes). * iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (git- fixes). * iommu/vt-d: Set SRE bit only when hardware has SRS cap (git-fixes). * ipmi:ssif: Add check for kstrdup (git-fixes). * ipmi:ssif: Fix a memory leak when scanning for an adapter (git-fixes). * ipmi_si: fix a memleak in try_smi_init() (git-fixes). * jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). * kabi/severities: Ignore newly added SRSO mitigation functions * kabi: Allow extra bugsints (bsc#1213927). * kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. * kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12. * kunit: make kunit_test_timeout compatible with comment (git-fixes). * leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always false (git- fixes). * leds: multicolor: Use rounded division when calculating color components (git-fixes). * leds: pwm: Fix error code in led_pwm_create_fwnode() (git-fixes). * leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead (git-fixes). * leds: turris-omnia: Drop unnecessary mutex locking (git-fixes). * lib/test_meminit: allocate pages up to order MAX_ORDER (git-fixes). * lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). * libbpf: Fix BTF-to-C converter's padding logic (bsc#1211220 jsc#PED-3924). * libbpf: Fix btf_dump's packed struct determination (bsc#1211220 jsc#PED-3924). * libbpf: Fix single-line struct definition output in btf_dump (bsc#1211220 jsc#PED-3924). * libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). * md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916). * md/raid0: Fix performance regression for large sequential writes (bsc#1213916). * media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). * media: cx24120: Add retval check for cx24120_message_send() (git-fixes). * media: dib7000p: Fix potential division by zero (git-fixes). * media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (git- fixes). * media: go7007: Remove redundant if statement (git-fixes). * media: i2c: ccs: Check rules is non-NULL (git-fixes). * media: i2c: rdacm21: Fix uninitialized value (git-fixes). * media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). * media: ov2680: Add ov2680_fill_format() helper function (git-fixes). * media: ov2680: Do not take the lock for try_fmt calls (git-fixes). * media: ov2680: Fix ov2680_bayer_order() (git-fixes). * media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not working (git-fixes). * media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors (git-fixes). * media: ov2680: Fix vflip / hflip set functions (git-fixes). * media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes). * media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() (git-fixes). * media: rkvdec: increase max supported height for H.264 (git-fixes). * media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). * media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). * media: venus: hfi_venus: Only consider sys_idle_indicator on V1 (git-fixes). * media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts (git-fixes). * misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes). * mkspec: Allow unsupported KMPs (bsc#1214386) * mlxsw: pci: Add shutdown method in PCI driver (git-fixes). * mmc: block: Fix in_flight[issue_type] value error (git-fixes). * mmc: moxart: read scr register without changing byte order (git-fixes). * mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). * module: avoid allocation if module is already present and ready (bsc#1213921). * module: extract patient module check into helper (bsc#1213921). * module: move check_modinfo() early to early_mod_check() (bsc#1213921). * module: move early sanity checks into a helper (bsc#1213921). * mtd: rawnand: brcmnand: Fix crash during the panic_write (git-fixes). * mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes). * mtd: rawnand: brcmnand: Fix potential false time out warning (git-fixes). * mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write (git-fixes). * mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() (git-fixes). * mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git- fixes). * mtd: rawnand: omap_elm: Fix incorrect type in assignment (git-fixes). * mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts (git-fixes). * mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). * mtd: spi-nor: Check bus width while setting QE bit (git-fixes). * mtd: spinand: toshiba: Fix ecc_get_status (git-fixes). * n_tty: Rename tail to old_tail in n_tty_read() (git-fixes). * net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). * net: ieee802154: at86rf230: Stop leaking skb's (git-fixes). * net: mana: Fix MANA VF unload when hardware is unresponsive (git-fixes). * net: phy: at803x: remove set/get wol callbacks for AR8032 (git-fixes). * net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). * net: phy: fix IRQ-based wake-on-lan over hibernate / power off (git-fixes). * net: stmmac: tegra: Properly allocate clock bulk data (bsc#1213733) * net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (git-fixes). * net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (git-fixes). * netfs: Fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). * netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946 bsc#1214404). * netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946). * netfs: fix parameter of cleanup() (bsc#1214743). * nfsd: Remove incorrect check in nfsd4_validate_stateid (git-fixes). * nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (git- fixes). * nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git- fixes). * nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). * nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). * objtool/x86: Fix SRSO mess (git-fixes). * objtool/x86: Fixup frame-pointer vs rethunk (git-fixes). * objtool: Union instruction::{call_dest,jump_table} (git-fixes). * old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported. * pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() (git-fixes). * phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git- fixes). * phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git- fixes). * phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). * phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). * phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). * phy: qcom-snps: Use dev_err_probe() to simplify code (git-fixes). * phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). * pinctrl: amd: Mask wake bits on probe again (git-fixes). * pinctrl: amd: Revert "pinctrl: amd: disable and mask interrupts on probe" (git-fixes). * pinctrl: cherryview: fix address_space_handler() argument (git-fixes). * pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). * pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). * platform/x86: dell-sysman: Fix reference leak (git-fixes). * powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106). * powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case (bsc#1212091 ltc#199106). * powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device (bsc#1212091 ltc#199106). * powerpc/iommu: TCEs are incorrectly manipulated with DLPAR add/remove of memory (bsc#1212091 ltc#199106). * powerpc/iommu: do not set failed sg dma_address to DMA_MAPPING_ERROR (bsc#1212091 ltc#199106). * powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). * powerpc/kernel/iommu: Add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). * powerpc/kexec: Fix build failure from uninitialised variable (bsc#1212091 ltc#199106). * powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes). * powerpc/pseries/ddw: Do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). * powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Add of_node_put() before break (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Allow DDW windows starting at 0x00 (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Check if the default window in use before removing it (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is present (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Find existing DDW with given property name (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Make use of DDW for indirect mapping (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Rename "direct window" to "dma window" (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Replace hard-coded page shift (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091 ltc#199106). * powerpc/pseries: Add __init attribute to eligible functions (bsc#1212091 ltc#199106). * powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc/rtas: block error injection when locked down (bsc#1023051). * powerpc/rtas: enture rtas_call is called with MMU enabled (bsc#1023051). * powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). * powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). * powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 (bsc#1188885 ltc#193722 git-fixes). * powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files. * powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503). * powerpc: fix typos in comments (bsc#1212091 ltc#199106). * pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). * pstore/ram: Check start of empty przs during init (git-fixes). * pwm: Add a stub for devm_pwmchip_add() (git-fixes). * pwm: meson: Simplify duplicated per-channel tracking (git-fixes). * pwm: meson: fix handling of period/duty if greater than UINT_MAX (git- fixes). * qed: Fix scheduling in a tasklet while getting stats (git-fixes). * regmap: rbtree: Use alloc_flags for memory allocations (git-fixes). * ring-buffer: Do not swap cpu_buffer during resize process (git-fixes). * ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes). * ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes). * rpm/mkspec-dtb: support for nested subdirs. * rpmsg: glink: Add check for kstrdup (git-fixes). * rt: Add helper script to refresh RT configs based on the parent (SLE Realtime Extension). * s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976). * s390/purgatory: disable branch profiling (git-fixes bsc#1214372). * s390/zcrypt: fix reply buffer calculations for CCA replies (bsc#1213949). * sched/fair: Fix inaccurate tally of ttwu_move_affine (git fixes). * sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes). * sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799). * scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). * scsi: 53c700: Check that command slot is not NULL (git-fixes). * scsi: RDMA/srp: Fix residual handling (git-fixes) * scsi: bsg: Increase number of devices (bsc#1210048). * scsi: core: Do not wait for quiesce in scsi_device_block() (bsc#1209284). * scsi: core: Do not wait for quiesce in scsi_stop_queue() (bsc#1209284). * scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). * scsi: core: Fix possible memory leak if device_add() fails (git-fixes). * scsi: core: Improve warning message in scsi_device_block() (bsc#1209284). * scsi: core: Merge scsi_internal_device_block() and device_block() (bsc#1209284). * scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). * scsi: qedf: Fix NULL dereference in error handling (git-fixes). * scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). * scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). * scsi: scsi_debug: Remove dead code (git-fixes). * scsi: sg: Increase number of devices (bsc#1210048). * scsi: snic: Fix double free in snic_tgt_create() (git-fixes). * scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). * scsi: storvsc: Always set no_report_opcodes (git-fixes). * scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes). * scsi: storvsc: Handle SRB status value 0x30 (git-fixes). * scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (git- fixes). * scsi: zfcp: Defer fc_rport blocking until after ADISC response (git-fixes bsc#1214371). * selftests/bpf: Test btf dump for struct with padding only fields (bsc#1211220 jsc#PED-3924). * selftests/futex: Order calls to futex_lock_pi (git-fixes). * selftests/harness: Actually report SKIP for signal tests (git-fixes). * selftests/resctrl: Close perf value read fd on errors (git-fixes). * selftests/resctrl: Do not leak buffer in fill_cache() (git-fixes). * selftests/resctrl: Unmount resctrl FS if child fails to run benchmark (git- fixes). * selftests/rseq: check if libc rseq support is registered (git-fixes). * selftests: forwarding: Add a helper to skip test when using veth pairs (git- fixes). * selftests: forwarding: Skip test when no interfaces are specified (git- fixes). * selftests: forwarding: Switch off timeout (git-fixes). * selftests: forwarding: ethtool: Skip when using veth pairs (git-fixes). * selftests: forwarding: ethtool_extended_state: Skip when using veth pairs (git-fixes). * selftests: forwarding: tc_actions: Use ncat instead of nc (git-fixes). * selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). * selftests: forwarding: tc_flower: Relax success criterion (git-fixes). * selftests: mirror_gre_changes: Tighten up the TTL test match (git-fixes). * serial: sc16is7xx: fix broken port 0 uart init (git-fixes). * serial: sc16is7xx: fix bug when first setting GPIO direction (git-fixes). * serial: sprd: Assign sprd_port after initialized to avoid wrong access (git- fixes). * serial: sprd: Fix DMA buffer leak issue (git-fixes). * serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). * sfc: fix crash when reading stats while NIC is resetting (git-fixes). * smb3: Do not send lease break acknowledgment if all file handles have been closed (git-fixes). * smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request (bsc#1193629). * smb: client: Fix -Wstringop-overflow issues (bsc#1193629). * smb: client: fix dfs link mount against w2k8 (bsc#1212142). * smb: client: fix null auth (git-fixes). * soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes). * soundwire: bus: pm_runtime_request_resume on peripheral attachment (git- fixes). * soundwire: fix enumeration completion (git-fixes). * spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). * supported.conf: fix typos for -!optional markers * swiotlb: Remove bounce buffer remapping for Hyper-V (bsc#1206453). * target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). * target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). * target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). * target_core_rbd: remove snapshot existence validation code (bsc#1212857). * thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). * timers: Add shutdown mechanism to the internal functions (bsc#1213970). * timers: Provide timer_shutdown_sync (bsc#1213970). * timers: Rename del_timer() to timer_delete() (bsc#1213970). * timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970). * timers: Replace BUG_ON()s (bsc#1213970). * timers: Silently ignore timers with a NULL function (bsc#1213970). * timers: Split [try_to_]del_timer_sync to prepare for shutdown mode (bsc#1213970). * timers: Update kernel-doc for various functions (bsc#1213970). * timers: Use del_timer_sync() even on UP (bsc#1213970). * tracing/histograms: Add histograms to hist_vars if they have referenced variables (git-fixes). * tracing/histograms: Return an error if we fail to add histogram to hist_vars list (git-fixes). * tracing/probes: Fix not to count error code to total length (git-fixes). * tracing/probes: Fix to avoid double count of the string length on the array (git-fixes). * tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). * tracing/probes: Fix to update dynamic data counter if fetcharg uses it (git- fixes). * tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git- fixes). * tracing: Fix memleak due to race between current_tracer and trace (git- fixes). * tracing: Fix memory leak of iter->temp when reading trace_pipe (git-fixes). * tracing: Fix null pointer dereference in tracing_err_log_open() (git-fixes). * tracing: Fix warning in trace_buffered_event_disable() (git-fixes). * tty: fix hang on tty device with no_room set (git-fixes). * tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (git- fixes). * tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes). * tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms (git-fixes). * tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). * tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A (git-fixes). * ubifs: Fix memleak when insert_old_idx() failed (git-fixes). * usb-storage: alauda: Fix uninit-value in alauda_check_media() (git-fixes). * usb: chipidea: imx: add missing USB PHY DPDM wakeup setting (git-fixes). * usb: chipidea: imx: do not request QoS for imx8ulp (git-fixes). * usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git- fixes). * usb: common: usb-conn-gpio: Prevent bailing out if initial role is none (git-fixes). * usb: dwc3: Fix typos in gadget.c (git-fixes). * usb: dwc3: Properly handle processing of pending events (git-fixes). * usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git- fixes). * usb: gadget: Fix the memory leak in raw_gadget driver (git-fixes). * usb: gadget: f_mass_storage: Fix unused variable warning (git-fixes). * usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push (git- fixes). * usb: ohci-at91: Fix the unhandle interrupt when resume (git-fixes). * usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git- fixes). * usb: quirks: add quirk for Focusrite Scarlett (git-fixes). * usb: serial: option: add Quectel EC200A module support (git-fixes). * usb: serial: option: support Quectel EM060K_128 (git-fixes). * usb: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes). * usb: serial: simple: sort driver entries (git-fixes). * usb: typec: altmodes/displayport: Signal hpd when configuring pin assignment (git-fixes). * usb: typec: tcpm: Fix response to vsafe0V event (git-fixes). * usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). * usb: zaurus: Add ID for A-300/B-500/C-700 (git-fixes). * watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) (git- fixes). * wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes). * wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes). * wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git- fixes). * wifi: ath9k: protect WMI command response buffer replacement with a lock (git-fixes). * wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes). * wifi: cfg80211: Fix return value in scan logic (git-fixes). * wifi: cfg80211: fix sband iftype data lookup for AP_VLAN (git-fixes). * wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) (git-fixes). * wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). * wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). * wifi: mt76: mt7921: fix non-PSC channel scan fail (git-fixes). * wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH (git-fixes). * wifi: mwifiex: Fix OOB and integer underflow when rx packets (git-fixes). * wifi: mwifiex: Fix missed return in oob checks failed path (git-fixes). * wifi: mwifiex: avoid possible NULL skb pointer dereference (git-fixes). * wifi: mwifiex: fix error recovery in PCIE buffer descriptor management (git- fixes). * wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). * wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute (git-fixes). * wifi: radiotap: fix kernel-doc notation warnings (git-fixes). * wifi: rtw89: debug: Fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). * x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes). * x86/alternative: Make custom return thunk unconditional (git-fixes). * x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). * x86/cpu: Clean up SRSO return thunk mess (git-fixes). * x86/cpu: Cleanup the untrain mess (git-fixes). * x86/cpu: Fix __x86_return_thunk symbol type (git-fixes). * x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). * x86/cpu: Rename original retbleed methods (git-fixes). * x86/cpu: Rename srso_(.*) _alias to srso_alias_ \1 (git-fixes). * x86/hyperv: Add an interface to do nested hypercalls (bsc#1206453). * x86/hyperv: Add support for detecting nested hypervisor (bsc#1206453). * x86/hyperv: Change vTOM handling to use standard coco mechanisms (bsc#1206453). * x86/hyperv: Remove BUG_ON() for kmap_local_page() (bsc#1206453). * x86/hyperv: Reorder code to facilitate future work (bsc#1206453). * x86/hyperv: Replace kmap() with kmap_local_page() (bsc#1206453). * x86/ioremap: Add hypervisor callback for private MMIO mapping in coco (bsc#1206453). * x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes). * x86/mm: Handle decryption/re-encryption of bss_decrypted consistently (bsc#1206453). * x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes). * x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes). * x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). * x86/speculation: Add cpu_show_gds() prototype (git-fixes). * x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). * x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). * x86/srso: Disable the mitigation on unaffected configurations (git-fixes). * x86/srso: Explain the untraining sequences a bit more (git-fixes). * x86/srso: Fix build breakage with the LLVM linker (git-fixes). * x86/srso: Fix return thunks in generated code (git-fixes). * x86/static_call: Fix __static_call_fixup() (git-fixes). * x86/tdx: Add more registers to struct tdx_hypercall_args (bsc#1206453). * x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (bsc#1206453). * x86/tdx: Expand __tdx_hypercall() to handle more arguments (bsc#1206453). * x86/tdx: Fix typo in comment in __tdx_hypercall() (bsc#1206453). * x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (bsc#1206453). * xfs: fix sb write verify for lazysbcount (bsc#1214661). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3599=1 openSUSE-SLE-15.5-2023-3599=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3599=1 * SUSE Real Time Module 15-SP5 zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2023-3599=1 ## Package List: * openSUSE Leap 15.5 (noarch) * kernel-source-rt-5.14.21-150500.13.14.1 * kernel-devel-rt-5.14.21-150500.13.14.1 * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-SLE15-SP5-RT_Update_4-debugsource-1-150500.11.3.1 * kernel-rt-livepatch-5.14.21-150500.13.14.1 * kselftests-kmp-rt-5.14.21-150500.13.14.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.14.1 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.14.1 * kernel-rt-optional-5.14.21-150500.13.14.1 * reiserfs-kmp-rt-5.14.21-150500.13.14.1 * kernel-rt-debugsource-5.14.21-150500.13.14.1 * kernel-rt-devel-5.14.21-150500.13.14.1 * gfs2-kmp-rt-5.14.21-150500.13.14.1 * kernel-rt-debuginfo-5.14.21-150500.13.14.1 * kernel-rt-extra-5.14.21-150500.13.14.1 * kernel-rt_debug-livepatch-devel-5.14.21-150500.13.14.1 * kernel-livepatch-5_14_21-150500_13_14-rt-debuginfo-1-150500.11.3.1 * dlm-kmp-rt-5.14.21-150500.13.14.1 * kernel-livepatch-5_14_21-150500_13_14-rt-1-150500.11.3.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.14.1 * kernel-rt-livepatch-devel-5.14.21-150500.13.14.1 * kernel-rt_debug-debugsource-5.14.21-150500.13.14.1 * ocfs2-kmp-rt-5.14.21-150500.13.14.1 * cluster-md-kmp-rt-5.14.21-150500.13.14.1 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.14.1 * kernel-rt_debug-debuginfo-5.14.21-150500.13.14.1 * kernel-rt-optional-debuginfo-5.14.21-150500.13.14.1 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.14.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.14.1 * reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.14.1 * kernel-rt-devel-debuginfo-5.14.21-150500.13.14.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.14.1 * kernel-rt-extra-debuginfo-5.14.21-150500.13.14.1 * kselftests-kmp-rt-debuginfo-5.14.21-150500.13.14.1 * kernel-rt_debug-vdso-5.14.21-150500.13.14.1 * kernel-syms-rt-5.14.21-150500.13.14.1 * kernel-rt_debug-devel-5.14.21-150500.13.14.1 * kernel-rt-vdso-5.14.21-150500.13.14.1 * openSUSE Leap 15.5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.14.1 * kernel-rt_debug-5.14.21-150500.13.14.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_14-rt-1-150500.11.3.1 * kernel-livepatch-SLE15-SP5-RT_Update_4-debugsource-1-150500.11.3.1 * kernel-livepatch-5_14_21-150500_13_14-rt-debuginfo-1-150500.11.3.1 * SUSE Real Time Module 15-SP5 (x86_64) * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.14.1 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.14.1 * kernel-rt-debugsource-5.14.21-150500.13.14.1 * kernel-rt-devel-5.14.21-150500.13.14.1 * gfs2-kmp-rt-5.14.21-150500.13.14.1 * kernel-rt-debuginfo-5.14.21-150500.13.14.1 * dlm-kmp-rt-5.14.21-150500.13.14.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.14.1 * kernel-rt_debug-debugsource-5.14.21-150500.13.14.1 * ocfs2-kmp-rt-5.14.21-150500.13.14.1 * cluster-md-kmp-rt-5.14.21-150500.13.14.1 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.14.1 * kernel-rt_debug-debuginfo-5.14.21-150500.13.14.1 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.14.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.14.1 * kernel-rt-devel-debuginfo-5.14.21-150500.13.14.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.14.1 * kernel-rt_debug-vdso-5.14.21-150500.13.14.1 * kernel-syms-rt-5.14.21-150500.13.14.1 * kernel-rt_debug-devel-5.14.21-150500.13.14.1 * kernel-rt-vdso-5.14.21-150500.13.14.1 * SUSE Real Time Module 15-SP5 (noarch) * kernel-source-rt-5.14.21-150500.13.14.1 * kernel-devel-rt-5.14.21-150500.13.14.1 * SUSE Real Time Module 15-SP5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.14.1 * kernel-rt_debug-5.14.21-150500.13.14.1 ## References: * https://www.suse.com/security/cve/CVE-2022-38457.html * https://www.suse.com/security/cve/CVE-2022-40133.html * https://www.suse.com/security/cve/CVE-2023-2007.html * https://www.suse.com/security/cve/CVE-2023-20588.html * https://www.suse.com/security/cve/CVE-2023-34319.html * https://www.suse.com/security/cve/CVE-2023-3610.html * https://www.suse.com/security/cve/CVE-2023-37453.html * https://www.suse.com/security/cve/CVE-2023-3772.html * https://www.suse.com/security/cve/CVE-2023-3863.html * https://www.suse.com/security/cve/CVE-2023-40283.html * https://www.suse.com/security/cve/CVE-2023-4128.html * https://www.suse.com/security/cve/CVE-2023-4133.html * https://www.suse.com/security/cve/CVE-2023-4134.html * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4194.html * https://www.suse.com/security/cve/CVE-2023-4273.html * https://www.suse.com/security/cve/CVE-2023-4387.html * https://www.suse.com/security/cve/CVE-2023-4459.html * https://www.suse.com/security/cve/CVE-2023-4563.html * https://www.suse.com/security/cve/CVE-2023-4569.html * https://bugzilla.suse.com/show_bug.cgi?id=1023051 * https://bugzilla.suse.com/show_bug.cgi?id=1120059 * https://bugzilla.suse.com/show_bug.cgi?id=1177719 * https://bugzilla.suse.com/show_bug.cgi?id=1188885 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1203329 * https://bugzilla.suse.com/show_bug.cgi?id=1203330 * https://bugzilla.suse.com/show_bug.cgi?id=1205462 * https://bugzilla.suse.com/show_bug.cgi?id=1206453 * https://bugzilla.suse.com/show_bug.cgi?id=1208902 * https://bugzilla.suse.com/show_bug.cgi?id=1208949 * https://bugzilla.suse.com/show_bug.cgi?id=1209284 * https://bugzilla.suse.com/show_bug.cgi?id=1209799 * https://bugzilla.suse.com/show_bug.cgi?id=1210048 * https://bugzilla.suse.com/show_bug.cgi?id=1210448 * https://bugzilla.suse.com/show_bug.cgi?id=1211220 * https://bugzilla.suse.com/show_bug.cgi?id=1212091 * https://bugzilla.suse.com/show_bug.cgi?id=1212142 * https://bugzilla.suse.com/show_bug.cgi?id=1212423 * https://bugzilla.suse.com/show_bug.cgi?id=1212526 * https://bugzilla.suse.com/show_bug.cgi?id=1212857 * https://bugzilla.suse.com/show_bug.cgi?id=1212873 * https://bugzilla.suse.com/show_bug.cgi?id=1213026 * https://bugzilla.suse.com/show_bug.cgi?id=1213123 * https://bugzilla.suse.com/show_bug.cgi?id=1213546 * https://bugzilla.suse.com/show_bug.cgi?id=1213580 * https://bugzilla.suse.com/show_bug.cgi?id=1213601 * https://bugzilla.suse.com/show_bug.cgi?id=1213666 * https://bugzilla.suse.com/show_bug.cgi?id=1213733 * https://bugzilla.suse.com/show_bug.cgi?id=1213757 * https://bugzilla.suse.com/show_bug.cgi?id=1213759 * https://bugzilla.suse.com/show_bug.cgi?id=1213916 * https://bugzilla.suse.com/show_bug.cgi?id=1213921 * https://bugzilla.suse.com/show_bug.cgi?id=1213927 * https://bugzilla.suse.com/show_bug.cgi?id=1213946 * https://bugzilla.suse.com/show_bug.cgi?id=1213949 * https://bugzilla.suse.com/show_bug.cgi?id=1213968 * https://bugzilla.suse.com/show_bug.cgi?id=1213970 * https://bugzilla.suse.com/show_bug.cgi?id=1213971 * https://bugzilla.suse.com/show_bug.cgi?id=1214000 * https://bugzilla.suse.com/show_bug.cgi?id=1214019 * https://bugzilla.suse.com/show_bug.cgi?id=1214073 * https://bugzilla.suse.com/show_bug.cgi?id=1214120 * https://bugzilla.suse.com/show_bug.cgi?id=1214149 * https://bugzilla.suse.com/show_bug.cgi?id=1214180 * https://bugzilla.suse.com/show_bug.cgi?id=1214233 * https://bugzilla.suse.com/show_bug.cgi?id=1214238 * https://bugzilla.suse.com/show_bug.cgi?id=1214285 * https://bugzilla.suse.com/show_bug.cgi?id=1214297 * https://bugzilla.suse.com/show_bug.cgi?id=1214299 * https://bugzilla.suse.com/show_bug.cgi?id=1214305 * https://bugzilla.suse.com/show_bug.cgi?id=1214350 * https://bugzilla.suse.com/show_bug.cgi?id=1214368 * https://bugzilla.suse.com/show_bug.cgi?id=1214370 * https://bugzilla.suse.com/show_bug.cgi?id=1214371 * https://bugzilla.suse.com/show_bug.cgi?id=1214372 * https://bugzilla.suse.com/show_bug.cgi?id=1214380 * https://bugzilla.suse.com/show_bug.cgi?id=1214386 * https://bugzilla.suse.com/show_bug.cgi?id=1214392 * https://bugzilla.suse.com/show_bug.cgi?id=1214393 * https://bugzilla.suse.com/show_bug.cgi?id=1214397 * https://bugzilla.suse.com/show_bug.cgi?id=1214404 * https://bugzilla.suse.com/show_bug.cgi?id=1214428 * https://bugzilla.suse.com/show_bug.cgi?id=1214451 * https://bugzilla.suse.com/show_bug.cgi?id=1214659 * https://bugzilla.suse.com/show_bug.cgi?id=1214661 * https://bugzilla.suse.com/show_bug.cgi?id=1214727 * https://bugzilla.suse.com/show_bug.cgi?id=1214729 * https://bugzilla.suse.com/show_bug.cgi?id=1214742 * https://bugzilla.suse.com/show_bug.cgi?id=1214743 * https://bugzilla.suse.com/show_bug.cgi?id=1214756 * https://bugzilla.suse.com/show_bug.cgi?id=1214976 * https://jira.suse.com/browse/PED-3924 * https://jira.suse.com/browse/PED-4579 * https://jira.suse.com/browse/PED-4759 * https://jira.suse.com/browse/PED-4927 * https://jira.suse.com/browse/PED-4929 * https://jira.suse.com/browse/PED-5738 * https://jira.suse.com/browse/PED-6003 * https://jira.suse.com/browse/PED-6004 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Sep 14 12:31:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Sep 2023 12:31:38 -0000 Subject: SUSE-SU-2023:3601-1: important: Security update for the Linux Kernel Message-ID: <169469469854.18093.12796395612253648459@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3601-1 Rating: important References: * #1120059 * #1203517 * #1210327 * #1210448 * #1212051 * #1213543 * #1213546 * #1213601 * #1213666 * #1213899 * #1213904 * #1213906 * #1213908 * #1213910 * #1213911 * #1213912 * #1213921 * #1213927 * #1213969 * #1213970 * #1213971 * #1214019 * #1214149 * #1214157 * #1214209 * #1214233 * #1214299 * #1214335 * #1214348 * #1214350 * #1214451 * #1214453 * #1214752 * #1214928 * #1215028 * #1215032 * #1215034 * #1215035 * #1215036 * #1215037 * #1215038 * #1215041 * #1215046 * #1215049 * #1215057 * PED-4579 Cross-References: * CVE-2022-36402 * CVE-2023-2007 * CVE-2023-20588 * CVE-2023-34319 * CVE-2023-3772 * CVE-2023-3812 * CVE-2023-3863 * CVE-2023-40283 * CVE-2023-4128 * CVE-2023-4132 * CVE-2023-4133 * CVE-2023-4134 * CVE-2023-4194 * CVE-2023-4385 * CVE-2023-4387 * CVE-2023-4459 CVSS scores: * CVE-2022-36402 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36402 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2007 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2007 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20588 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34319 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-3772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-40283 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-40283 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4132 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4132 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4133 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4134 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-4194 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4385 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4385 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4387 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4387 ( NVD ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4459 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Real Time 12 SP5 * SUSE Linux Enterprise Server 12 SP5 An update that solves 16 vulnerabilities, contains one feature and has 29 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517). * CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). * CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). * CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). * CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). * CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). * CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). * CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). * CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). * CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969). * CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). * CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). * CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). * CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348). * CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). * CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). The following non-security bugs were fixed: * af_key: fix send_acquire race with pfkey_register (git-fixes). * af_packet: fix data-race in packet_setsockopt / packet_setsockopt (git- fixes). * af_unix: fix a data race of sk->sk_receive_queue->qlen (git-fixes). * arm64: re-enable support for contiguous hugepages (git-fixes) * arm64: vdso: fix clock_getres() for clock_realtime (git-fixes) * arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970). * bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git- fixes). * bnx2x: fix page fault following eeh recovery (bsc#1214299). * bonding: fix a use-after-free problem when bond_sysfs_slave_add() failed (git-fixes). * bpf, arm64: remove prefetch insn in xadd mapping (git-fixes) * bpf, arm64: use more scalable stadd over ldxr / stxr loop in xadd (git- fixes) * bridge: ebtables: do not crash when using dnat target in output chains (git- fixes). * btrfs-allow-use-of-global-block-reserve-for-balance: (bsc#1214335). * btrfs-unset-reloc-control-if-transaction-commit-fail: (bsc#1212051). * clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970). * clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970). * fs/sysv: null check to prevent null-ptr-deref bug (git-fixes). * fs: hfsplus: remove warn_on() from hfsplus_cat_{read,write}_inode() (git- fixes). * fs: lockd: avoid possible wrong null parameter (git-fixes). * inetpeer: fix data-race in inet_putpeer / inet_putpeer (git-fixes). * kabi/severities: ignore newly added srso mitigation functions * libceph: fix potential hang in ceph_osdc_notify() (bsc#1214752). * module: avoid allocation if module is already present and ready (bsc#1213921). * module: extract patient module check into helper (bsc#1213921). * module: move check_modinfo() early to early_mod_check() (bsc#1213921). * module: move early sanity checks into a helper (bsc#1213921). * net-sysfs: call dev_hold always in netdev_queue_add_kobject (git-fixes). * net-sysfs: call dev_hold always in rx_queue_add_kobject (git-fixes). * net-sysfs: fix netdev_queue_add_kobject() breakage (git-fixes). * net-sysfs: fix reference count leak in rx|netdev_queue_add_kobject (git- fixes). * net/af_unix: fix a data-race in unix_dgram_poll (git-fixes). * net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock (git- fixes). * net/fq_impl: switch to kvmalloc() for memory allocation (git-fixes). * net: bnx2x: fix variable dereferenced before check (git-fixes). * net: icmp: fix data-race in cmp_global_allow() (git-fixes). * net: mana: add support for xdp_query_prog (jsc#sle-18779, bsc#1214209). * net: usb: qmi_wwan: add support for compal rxm-g1 (git-fixes). * netfilter: ipset: fix an error code in ip_set_sockfn_get() (git-fixes). * netfilter: nf_conntrack: fix possible possible crash on module loading (git- fixes). * nfs/blocklayout: use the passed in gfp flags (git-fixes). * nfs: guard against readdir loop when entry names exceed maxnamelen (git- fixes). * nfsd: add encoding of op_recall flag for write delegation (git-fixes). * nfsd: da_addr_body field missing in some getdeviceinfo replies (git-fixes). * nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes). * packet: fix data-race in fanout_flow_is_huge() (git-fixes). * packet: unconditionally free po->rollover (git-fixes). * powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes). * revert "scsi: qla2xxx: fix buffer overrun" (bsc#1214928). * ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes). * ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes). * s390/cio: cio_ignore_proc_seq_next should increase position index (git-fixes bsc#1215057). * s390/cpum_sf: avoid sbd overflow condition in irq handler (git-fixes bsc#1213908). * s390/cpum_sf: check for sdbt and sdb consistency (git-fixes bsc#1213910). * s390/dasd/cio: interpret ccw_device_get_mdc return value correctly (git- fixes bsc#1215049). * s390/dasd: fix capacity calculation for large volumes (git-fixes bsc#1215034). * s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1214157). * s390/ftrace: fix endless recursion in function_graph tracer (git-fixes bsc#1213912). * s390/jump_label: print real address in a case of a jump label bug (git-fixes bsc#1213899). * s390/kasan: fix strncpy_from_user kasan checks (git-fixes bsc#1215037). * s390/kdump: fix memleak in nt_vmcoreinfo (git-fixes bsc#1215028). * s390/pkey: add one more argument space for debug feature entry (git-fixes bsc#1215035). * s390/qdio: add sanity checks to the fast-requeue path (git-fixes bsc#1215038). * s390/smp: __smp_rescan_cpus() - move cpumask away from stack (git-fixes bsc#1213906). * s390/smp: fix physical to logical cpu map for smt (git-fixes bsc#1213904). * s390/time: ensure get_clock_monotonic() returns monotonic values (git-fixes bsc#1213911). * s390/uaccess: avoid (false positive) compiler warnings (git-fixes bsc#1215041). * s390/zcrypt: handle new reply code filtered_by_hypervisor (git-fixes bsc#1215046). * s390/zcrypt: improve special ap message cmd handling (git-fixes bsc#1215032). * s390: zcrypt: initialize variables before_use (git-fixes bsc#1215036). * sched/core: check quota and period overflow at usec to nsec conversion (git fixes). * sched/core: handle overflow in cpu_shares_write_u64 (git fixes). * sched/cpufreq: fix kobject memleak (git fixes). * sched/fair: do not numa balance for kthreads (git fixes). * sched/fair: fix cfs bandwidth hrtimer expiry type (git fixes). * sched/topology: fix off by one bug (git fixes). * scsi: qla2xxx: add logs for sfp temperature monitoring (bsc#1214928). * scsi: qla2xxx: allow 32-byte cdbs (bsc#1214928). * scsi: qla2xxx: error code did not return to upper layer (bsc#1214928). * scsi: qla2xxx: fix firmware resource tracking (bsc#1214928). * scsi: qla2xxx: fix smatch warn for qla_init_iocb_limit() (bsc#1214928). * scsi: qla2xxx: flush mailbox commands on chip reset (bsc#1214928). * scsi: qla2xxx: move resource to allow code reuse (bsc#1214928). * scsi: qla2xxx: remove unsupported ql2xenabledif option (bsc#1214928). * scsi: qla2xxx: remove unused declarations (bsc#1214928). * scsi: qla2xxx: remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). * scsi: qla2xxx: update version to 10.02.09.100-k (bsc#1214928). * scsi: storvsc: always set no_report_opcodes (git-fixes). * scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes). * skbuff: fix a data race in skb_queue_len() (git-fixes). * sort latest foray of security patches * sunrpc: always clear xprt_sock_connecting before xprt_clear_connecting on tcp xprt (bsc#1214453). * timers: add shutdown mechanism to the internal functions (bsc#1213970). * timers: provide timer_shutdown_sync (bsc#1213970). * timers: rename del_timer() to timer_delete() (bsc#1213970). * timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970). * timers: replace bug_on()s (bsc#1213970). * timers: silently ignore timers with a null function (bsc#1213970). * timers: split [try_to_]del_timer_sync to prepare for shutdown mode (bsc#1213970). * timers: update kernel-doc for various functions (bsc#1213970). * timers: use del_timer_sync() even on up (bsc#1213970). * tracing: fix warning in trace_buffered_event_disable() (git-fixes). * tun: fix bonding active backup with arp monitoring (git-fixes). * ubifs: fix snprintf() checking (git-fixes). * udp6: fix race condition in udp6_sendmsg & connect (git-fixes). * udp: fix race between close() and udp_abort() (git-fixes). * usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes). * usb: host: xhci: fix potential memory leak in xhci_alloc_stream_info() (git- fixes). * usb: serial: cp210x: add kamstrup rf sniffer pids (git-fixes). * usb: serial: cp210x: add scalance lpe-9000 device id (git-fixes). * usb: serial: option: add lara-r6 01b pids (git-fixes). * usb: serial: option: add quectel ec200a module support (git-fixes). * usb: serial: option: add quectel ec200u modem (git-fixes). * usb: serial: option: add quectel em05cn (sg) modem (git-fixes). * usb: serial: option: add quectel em05cn modem (git-fixes). * usb: serial: option: add support for vw/skoda "carstick lte" (git-fixes). * usb: serial: option: add u-blox lara-l6 modem (git-fixes). * usb: serial: option: support quectel em060k_128 (git-fixes). * usb: serial: simple: add kaufmann rks+can vcp (git-fixes). * usb: serial: simple: sort driver entries (git-fixes). * usb: xhci-mtk: set the dma max_seg_size (git-fixes). * usb: xhci: check endpoint is valid before dereferencing it (git-fixes). * usb: zaurus: add id for a-300/b-500/c-700 (git-fixes). * x86/bugs: reset speculation control settings on init (git-fixes). * x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes). * x86/cpu/amd: enable zenbleed fix for amd custom apu 0405 (git-fixes). * x86/cpu/kvm: provide untrain_ret_vm (git-fixes). * x86/cpu/vmware: fix platform detection vmware_port macro (bsc#1210327). * x86/cpu/vmware: use the full form of inl in vmware_hypercall, for clang/llvm (bsc#1210327). * x86/cpu/vmware: use the full form of inl in vmware_port (bsc#1210327). * x86/cpu: cleanup the untrain mess (git-fixes). * x86/cpu: fix __x86_return_thunk symbol type (git-fixes). * x86/cpu: fix amd_check_microcode() declaration (git-fixes). * x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). * x86/cpu: rename original retbleed methods (git-fixes). * x86/cpu: rename srso_(.*) _alias to srso_alias_ \1 (git-fixes). * x86/crash: disable virt in core nmi crash handler to avoid double shootdown (git-fixes). * x86/ioapic: do not return 0 from arch_dynirq_lower_bound() (git-fixes). * x86/microcode/amd: load late on both threads too (git-fixes). * x86/mm: do not shuffle cpu entry areas without kaslr (git-fixes). * x86/mm: fix use of uninitialized buffer in sme_enable() (git-fixes). * x86/reboot: disable svm, not just vmx, when stopping cpus (git-fixes). * x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes). * x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes). * x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes). * x86/speculation: add cpu_show_gds() prototype (git-fixes). * x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes). * x86/srso: correct the mitigation status when smt is disabled (git-fixes). * x86/srso: disable the mitigation on unaffected configurations (git-fixes). * x86/srso: explain the untraining sequences a bit more (git-fixes). * x86/srso: fix build breakage with the llvm linker (git-fixes). * x86/virt: force gif=1 prior to disabling svm (for reboot flows) (git-fixes). * x86/vmware: add a header file for hypercall definitions (bsc#1210327). * x86/vmware: add steal time clock support for vmware guests (bsc#1210327). * x86/vmware: enable steal time accounting (bsc#1210327). * x86/vmware: update platform detection code for vmcall/vmmcall hypercalls (bsc#1210327). * x86: move gds_ucode_mitigated() declaration to header (git-fixes). * xfrm: release device reference for invalid state (git-fixes). * xhci-pci: set the dma max_seg_size (git-fixes). * xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 12 SP5 zypper in -t patch SUSE-SLE-RT-12-SP5-2023-3601=1 ## Package List: * SUSE Linux Enterprise Real Time 12 SP5 (x86_64) * kernel-syms-rt-4.12.14-10.141.1 * kernel-rt_debug-devel-4.12.14-10.141.1 * kernel-rt-base-4.12.14-10.141.1 * dlm-kmp-rt-4.12.14-10.141.1 * dlm-kmp-rt-debuginfo-4.12.14-10.141.1 * kernel-rt-base-debuginfo-4.12.14-10.141.1 * ocfs2-kmp-rt-debuginfo-4.12.14-10.141.1 * gfs2-kmp-rt-4.12.14-10.141.1 * kernel-rt_debug-debugsource-4.12.14-10.141.1 * cluster-md-kmp-rt-4.12.14-10.141.1 * kernel-rt-debugsource-4.12.14-10.141.1 * kernel-rt_debug-devel-debuginfo-4.12.14-10.141.1 * ocfs2-kmp-rt-4.12.14-10.141.1 * kernel-rt-debuginfo-4.12.14-10.141.1 * kernel-rt-devel-4.12.14-10.141.1 * cluster-md-kmp-rt-debuginfo-4.12.14-10.141.1 * kernel-rt_debug-debuginfo-4.12.14-10.141.1 * kernel-rt-devel-debuginfo-4.12.14-10.141.1 * gfs2-kmp-rt-debuginfo-4.12.14-10.141.1 * SUSE Linux Enterprise Real Time 12 SP5 (noarch) * kernel-devel-rt-4.12.14-10.141.1 * kernel-source-rt-4.12.14-10.141.1 * SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64) * kernel-rt_debug-4.12.14-10.141.1 * kernel-rt-4.12.14-10.141.1 ## References: * https://www.suse.com/security/cve/CVE-2022-36402.html * https://www.suse.com/security/cve/CVE-2023-2007.html * https://www.suse.com/security/cve/CVE-2023-20588.html * https://www.suse.com/security/cve/CVE-2023-34319.html * https://www.suse.com/security/cve/CVE-2023-3772.html * https://www.suse.com/security/cve/CVE-2023-3812.html * https://www.suse.com/security/cve/CVE-2023-3863.html * https://www.suse.com/security/cve/CVE-2023-40283.html * https://www.suse.com/security/cve/CVE-2023-4128.html * https://www.suse.com/security/cve/CVE-2023-4132.html * https://www.suse.com/security/cve/CVE-2023-4133.html * https://www.suse.com/security/cve/CVE-2023-4134.html * https://www.suse.com/security/cve/CVE-2023-4194.html * https://www.suse.com/security/cve/CVE-2023-4385.html * https://www.suse.com/security/cve/CVE-2023-4387.html * https://www.suse.com/security/cve/CVE-2023-4459.html * https://bugzilla.suse.com/show_bug.cgi?id=1120059 * https://bugzilla.suse.com/show_bug.cgi?id=1203517 * https://bugzilla.suse.com/show_bug.cgi?id=1210327 * https://bugzilla.suse.com/show_bug.cgi?id=1210448 * https://bugzilla.suse.com/show_bug.cgi?id=1212051 * https://bugzilla.suse.com/show_bug.cgi?id=1213543 * https://bugzilla.suse.com/show_bug.cgi?id=1213546 * https://bugzilla.suse.com/show_bug.cgi?id=1213601 * https://bugzilla.suse.com/show_bug.cgi?id=1213666 * https://bugzilla.suse.com/show_bug.cgi?id=1213899 * https://bugzilla.suse.com/show_bug.cgi?id=1213904 * https://bugzilla.suse.com/show_bug.cgi?id=1213906 * https://bugzilla.suse.com/show_bug.cgi?id=1213908 * https://bugzilla.suse.com/show_bug.cgi?id=1213910 * https://bugzilla.suse.com/show_bug.cgi?id=1213911 * https://bugzilla.suse.com/show_bug.cgi?id=1213912 * https://bugzilla.suse.com/show_bug.cgi?id=1213921 * https://bugzilla.suse.com/show_bug.cgi?id=1213927 * https://bugzilla.suse.com/show_bug.cgi?id=1213969 * https://bugzilla.suse.com/show_bug.cgi?id=1213970 * https://bugzilla.suse.com/show_bug.cgi?id=1213971 * https://bugzilla.suse.com/show_bug.cgi?id=1214019 * https://bugzilla.suse.com/show_bug.cgi?id=1214149 * https://bugzilla.suse.com/show_bug.cgi?id=1214157 * https://bugzilla.suse.com/show_bug.cgi?id=1214209 * https://bugzilla.suse.com/show_bug.cgi?id=1214233 * https://bugzilla.suse.com/show_bug.cgi?id=1214299 * https://bugzilla.suse.com/show_bug.cgi?id=1214335 * https://bugzilla.suse.com/show_bug.cgi?id=1214348 * https://bugzilla.suse.com/show_bug.cgi?id=1214350 * https://bugzilla.suse.com/show_bug.cgi?id=1214451 * https://bugzilla.suse.com/show_bug.cgi?id=1214453 * https://bugzilla.suse.com/show_bug.cgi?id=1214752 * https://bugzilla.suse.com/show_bug.cgi?id=1214928 * https://bugzilla.suse.com/show_bug.cgi?id=1215028 * https://bugzilla.suse.com/show_bug.cgi?id=1215032 * https://bugzilla.suse.com/show_bug.cgi?id=1215034 * https://bugzilla.suse.com/show_bug.cgi?id=1215035 * https://bugzilla.suse.com/show_bug.cgi?id=1215036 * https://bugzilla.suse.com/show_bug.cgi?id=1215037 * https://bugzilla.suse.com/show_bug.cgi?id=1215038 * https://bugzilla.suse.com/show_bug.cgi?id=1215041 * https://bugzilla.suse.com/show_bug.cgi?id=1215046 * https://bugzilla.suse.com/show_bug.cgi?id=1215049 * https://bugzilla.suse.com/show_bug.cgi?id=1215057 * https://jira.suse.com/browse/PED-4579 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Sep 14 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Sep 2023 16:30:02 -0000 Subject: SUSE-SU-2023:3344-2: moderate: Security update for postgresql15 Message-ID: <169470900220.3827.8500502507517605339@smelt2.suse.de> # Security update for postgresql15 Announcement ID: SUSE-SU-2023:3344-2 Rating: moderate References: * #1214059 Cross-References: * CVE-2023-39417 CVSS scores: * CVE-2023-39417 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-39417 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Galera for Ericsson 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for postgresql15 fixes the following issues: * Update to 13.12 * CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Galera for Ericsson 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-ERICSSON-2023-3344=1 ## Package List: * Galera for Ericsson 15 SP5 (x86_64) * postgresql13-server-devel-debuginfo-13.12-150200.5.43.1 * postgresql13-plpython-debuginfo-13.12-150200.5.43.1 * postgresql13-contrib-debuginfo-13.12-150200.5.43.1 * postgresql13-server-devel-13.12-150200.5.43.1 * postgresql13-devel-debuginfo-13.12-150200.5.43.1 * postgresql13-plperl-13.12-150200.5.43.1 * postgresql13-plperl-debuginfo-13.12-150200.5.43.1 * postgresql13-pltcl-13.12-150200.5.43.1 * postgresql13-pltcl-debuginfo-13.12-150200.5.43.1 * postgresql13-server-13.12-150200.5.43.1 * postgresql13-debugsource-13.12-150200.5.43.1 * postgresql13-server-debuginfo-13.12-150200.5.43.1 * postgresql13-debuginfo-13.12-150200.5.43.1 * postgresql13-13.12-150200.5.43.1 * postgresql13-devel-13.12-150200.5.43.1 * postgresql13-plpython-13.12-150200.5.43.1 * postgresql13-contrib-13.12-150200.5.43.1 * Galera for Ericsson 15 SP5 (noarch) * postgresql13-docs-13.12-150200.5.43.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39417.html * https://bugzilla.suse.com/show_bug.cgi?id=1214059 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 15 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Sep 2023 08:30:03 -0000 Subject: SUSE-SU-2023:3607-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP3) Message-ID: <169476660390.15541.3480183163973890774@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:3607-1 Rating: important References: * #1208839 * #1210630 * #1211187 * #1211395 * #1212849 * #1213063 * #1213244 Cross-References: * CVE-2023-1077 * CVE-2023-2156 * CVE-2023-2176 * CVE-2023-3090 * CVE-2023-32233 * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_98 fixes several issues. The following security issues were fixed: * CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211187). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210630). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-3607=1 SUSE-SLE- Module-Live-Patching-15-SP3-2023-3608=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_90-default-14-150300.2.2 * kernel-livepatch-5_3_18-150300_59_98-default-11-150300.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-32233.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1210630 * https://bugzilla.suse.com/show_bug.cgi?id=1211187 * https://bugzilla.suse.com/show_bug.cgi?id=1211395 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 15 08:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Sep 2023 08:30:06 -0000 Subject: SUSE-SU-2023:3603-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP1) Message-ID: <169476660677.15541.3996326890636874634@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP1) Announcement ID: SUSE-SU-2023:3603-1 Rating: important References: * #1208839 * #1210630 * #1212849 * #1213063 * #1213244 Cross-References: * CVE-2023-1077 * CVE-2023-2176 * CVE-2023-3090 * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-150100_197_134 fixes several issues. The following security issues were fixed: * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210630). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-3602=1 SUSE-SLE- Module-Live-Patching-15-SP1-2023-3606=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-3603=1 SUSE-SLE-Live- Patching-12-SP5-2023-3604=1 SUSE-SLE-Live-Patching-12-SP5-2023-3605=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_120-default-13-150100.2.2 * kernel-livepatch-4_12_14-150100_197_134-default-7-150100.2.2 * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_144-default-8-2.2 * kgraft-patch-4_12_14-122_139-default-9-2.2 * kgraft-patch-4_12_14-122_159-default-4-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1210630 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 15 08:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Sep 2023 08:30:11 -0000 Subject: SUSE-RU-2023:3611-1: moderate: Recommended update for sysuser-tools Message-ID: <169476661100.15541.1268412329480919354@smelt2.suse.de> # Recommended update for sysuser-tools Announcement ID: SUSE-RU-2023:3611-1 Rating: moderate References: * #1195391 * #1205161 * #1207778 * #1213240 * #1214140 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that has five fixes can now be installed. ## Description: This update for sysuser-tools fixes the following issues: * Update to version 3.2 * Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) * Add "quilt setup" friendly hint to %sysusers_requires usage * Use append so if a pre file already exists it isn't overridden * Invoke bash for bash scripts (bsc#1195391) * Remove all systemd requires not supported on SLE15 (bsc#1214140) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3611=1 openSUSE-SLE-15.4-2023-3611=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3611=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3611=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3611=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3611=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3611=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3611=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3611=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3611=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3611=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3611=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3611=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3611=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3611=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-3611=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-3611=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libpulse-mainloop-glib0-15.0-150400.4.2.2 * libpulse0-debuginfo-15.0-150400.4.2.2 * pulseaudio-utils-15.0-150400.4.2.2 * pulseaudio-module-x11-15.0-150400.4.2.2 * libpulse0-15.0-150400.4.2.2 * brltty-driver-at-spi2-6.4-150400.4.3.3 * pulseaudio-zsh-completion-15.0-150400.4.2.2 * tcl-brlapi-debuginfo-6.4-150400.4.3.3 * brltty-driver-espeak-debuginfo-6.4-150400.4.3.3 * brltty-driver-brlapi-6.4-150400.4.3.3 * pulseaudio-debugsource-15.0-150400.4.2.2 * pulseaudio-module-lirc-debuginfo-15.0-150400.4.2.2 * brltty-driver-speech-dispatcher-debuginfo-6.4-150400.4.3.3 * brltty-driver-brlapi-debuginfo-6.4-150400.4.3.3 * pulseaudio-bash-completion-15.0-150400.4.2.2 * ocaml-brlapi-debuginfo-6.4-150400.4.3.3 * pulseaudio-15.0-150400.4.2.2 * pulseaudio-gdm-hooks-15.0-150400.4.2.2 * pulseaudio-module-bluetooth-15.0-150400.4.2.2 * pulseaudio-module-gsettings-15.0-150400.4.2.2 * brltty-driver-xwindow-debuginfo-6.4-150400.4.3.3 * brltty-debugsource-6.4-150400.4.3.3 * pulseaudio-module-lirc-15.0-150400.4.2.2 * pulseaudio-module-zeroconf-debuginfo-15.0-150400.4.2.2 * xbrlapi-debuginfo-6.4-150400.4.3.3 * brltty-driver-espeak-6.4-150400.4.3.3 * brltty-utils-6.4-150400.4.3.3 * tcl-brlapi-6.4-150400.4.3.3 * brltty-driver-xwindow-6.4-150400.4.3.3 * libpulse-devel-15.0-150400.4.2.2 * pulseaudio-module-gsettings-debuginfo-15.0-150400.4.2.2 * pulseaudio-module-jack-15.0-150400.4.2.2 * ocaml-brlapi-6.4-150400.4.3.3 * pulseaudio-system-wide-15.0-150400.4.2.2 * brltty-driver-libbraille-6.4-150400.4.3.3 * libbrlapi0_8-debuginfo-6.4-150400.4.3.3 * brltty-utils-debuginfo-6.4-150400.4.3.3 * brlapi-java-6.4-150400.4.3.3 * pulseaudio-debuginfo-15.0-150400.4.2.2 * xbrlapi-6.4-150400.4.3.3 * pulseaudio-module-jack-debuginfo-15.0-150400.4.2.2 * pulseaudio-module-x11-debuginfo-15.0-150400.4.2.2 * pulseaudio-utils-debuginfo-15.0-150400.4.2.2 * libbrlapi0_8-6.4-150400.4.3.3 * brltty-debuginfo-6.4-150400.4.3.3 * brltty-driver-at-spi2-debuginfo-6.4-150400.4.3.3 * brlapi-java-debuginfo-6.4-150400.4.3.3 * libpulse-mainloop-glib0-debuginfo-15.0-150400.4.2.2 * brlapi-devel-6.4-150400.4.3.3 * pulseaudio-module-bluetooth-debuginfo-15.0-150400.4.2.2 * brltty-driver-libbraille-debuginfo-6.4-150400.4.3.3 * pulseaudio-setup-15.0-150400.4.2.2 * pulseaudio-module-zeroconf-15.0-150400.4.2.2 * python3-brlapi-6.4-150400.4.3.3 * python3-brlapi-debuginfo-6.4-150400.4.3.3 * brltty-6.4-150400.4.3.3 * brltty-driver-speech-dispatcher-6.4-150400.4.3.3 * openSUSE Leap 15.4 (noarch) * system-user-pulse-15.0-150400.4.2.2 * system-user-brltty-6.4-150400.4.3.3 * pulseaudio-lang-15.0-150400.4.2.2 * sysuser-shadow-3.2-150400.3.5.3 * brltty-lang-6.4-150400.4.3.3 * sysuser-tools-3.2-150400.3.5.3 * openSUSE Leap 15.4 (x86_64) * libpulse-devel-32bit-15.0-150400.4.2.2 * libpulse-mainloop-glib0-32bit-debuginfo-15.0-150400.4.2.2 * pulseaudio-utils-32bit-15.0-150400.4.2.2 * pulseaudio-utils-32bit-debuginfo-15.0-150400.4.2.2 * libpulse0-32bit-15.0-150400.4.2.2 * libpulse-mainloop-glib0-32bit-15.0-150400.4.2.2 * libpulse0-32bit-debuginfo-15.0-150400.4.2.2 * openSUSE Leap 15.4 (aarch64_ilp32) * libpulse0-64bit-15.0-150400.4.2.2 * libpulse-mainloop-glib0-64bit-debuginfo-15.0-150400.4.2.2 * pulseaudio-utils-64bit-15.0-150400.4.2.2 * libpulse0-64bit-debuginfo-15.0-150400.4.2.2 * libpulse-devel-64bit-15.0-150400.4.2.2 * libpulse-mainloop-glib0-64bit-15.0-150400.4.2.2 * pulseaudio-utils-64bit-debuginfo-15.0-150400.4.2.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libpulse-mainloop-glib0-15.0-150400.4.2.2 * libpulse0-debuginfo-15.0-150400.4.2.2 * pulseaudio-utils-15.0-150400.4.2.2 * pulseaudio-module-x11-15.0-150400.4.2.2 * libpulse0-15.0-150400.4.2.2 * brltty-driver-at-spi2-6.4-150400.4.3.3 * pulseaudio-zsh-completion-15.0-150400.4.2.2 * tcl-brlapi-debuginfo-6.4-150400.4.3.3 * brltty-driver-espeak-debuginfo-6.4-150400.4.3.3 * brltty-driver-brlapi-6.4-150400.4.3.3 * pulseaudio-debugsource-15.0-150400.4.2.2 * pulseaudio-module-lirc-debuginfo-15.0-150400.4.2.2 * brltty-driver-speech-dispatcher-debuginfo-6.4-150400.4.3.3 * brltty-driver-brlapi-debuginfo-6.4-150400.4.3.3 * pulseaudio-bash-completion-15.0-150400.4.2.2 * ocaml-brlapi-debuginfo-6.4-150400.4.3.3 * pulseaudio-15.0-150400.4.2.2 * pulseaudio-gdm-hooks-15.0-150400.4.2.2 * pulseaudio-module-bluetooth-15.0-150400.4.2.2 * pulseaudio-module-gsettings-15.0-150400.4.2.2 * brltty-driver-xwindow-debuginfo-6.4-150400.4.3.3 * brltty-debugsource-6.4-150400.4.3.3 * pulseaudio-module-lirc-15.0-150400.4.2.2 * pulseaudio-module-zeroconf-debuginfo-15.0-150400.4.2.2 * xbrlapi-debuginfo-6.4-150400.4.3.3 * brltty-driver-espeak-6.4-150400.4.3.3 * brltty-utils-6.4-150400.4.3.3 * pulseaudio-module-gsettings-debuginfo-15.0-150400.4.2.2 * brltty-driver-xwindow-6.4-150400.4.3.3 * libpulse-devel-15.0-150400.4.2.2 * pulseaudio-module-jack-15.0-150400.4.2.2 * tcl-brlapi-6.4-150400.4.3.3 * ocaml-brlapi-6.4-150400.4.3.3 * pulseaudio-system-wide-15.0-150400.4.2.2 * brltty-driver-libbraille-6.4-150400.4.3.3 * libbrlapi0_8-debuginfo-6.4-150400.4.3.3 * brltty-utils-debuginfo-6.4-150400.4.3.3 * brlapi-java-6.4-150400.4.3.3 * pulseaudio-debuginfo-15.0-150400.4.2.2 * xbrlapi-6.4-150400.4.3.3 * pulseaudio-module-jack-debuginfo-15.0-150400.4.2.2 * pulseaudio-module-x11-debuginfo-15.0-150400.4.2.2 * pulseaudio-utils-debuginfo-15.0-150400.4.2.2 * libbrlapi0_8-6.4-150400.4.3.3 * brltty-debuginfo-6.4-150400.4.3.3 * brltty-driver-at-spi2-debuginfo-6.4-150400.4.3.3 * brlapi-java-debuginfo-6.4-150400.4.3.3 * libpulse-mainloop-glib0-debuginfo-15.0-150400.4.2.2 * brlapi-devel-6.4-150400.4.3.3 * pulseaudio-module-bluetooth-debuginfo-15.0-150400.4.2.2 * brltty-driver-libbraille-debuginfo-6.4-150400.4.3.3 * pulseaudio-setup-15.0-150400.4.2.2 * pulseaudio-module-zeroconf-15.0-150400.4.2.2 * python3-brlapi-6.4-150400.4.3.3 * python3-brlapi-debuginfo-6.4-150400.4.3.3 * brltty-6.4-150400.4.3.3 * brltty-driver-speech-dispatcher-6.4-150400.4.3.3 * openSUSE Leap 15.5 (noarch) * system-user-pulse-15.0-150400.4.2.2 * system-user-brltty-6.4-150400.4.3.3 * pulseaudio-lang-15.0-150400.4.2.2 * sysuser-shadow-3.2-150400.3.5.3 * brltty-lang-6.4-150400.4.3.3 * sysuser-tools-3.2-150400.3.5.3 * openSUSE Leap 15.5 (x86_64) * libpulse-devel-32bit-15.0-150400.4.2.2 * libpulse-mainloop-glib0-32bit-debuginfo-15.0-150400.4.2.2 * pulseaudio-utils-32bit-15.0-150400.4.2.2 * pulseaudio-utils-32bit-debuginfo-15.0-150400.4.2.2 * libpulse0-32bit-15.0-150400.4.2.2 * libpulse-mainloop-glib0-32bit-15.0-150400.4.2.2 * libpulse0-32bit-debuginfo-15.0-150400.4.2.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * sysuser-shadow-3.2-150400.3.5.3 * system-user-pulse-15.0-150400.4.2.2 * system-user-brltty-6.4-150400.4.3.3 * SUSE Linux Enterprise Micro 5.3 (noarch) * sysuser-shadow-3.2-150400.3.5.3 * system-user-pulse-15.0-150400.4.2.2 * system-user-brltty-6.4-150400.4.3.3 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * sysuser-shadow-3.2-150400.3.5.3 * system-user-pulse-15.0-150400.4.2.2 * system-user-brltty-6.4-150400.4.3.3 * SUSE Linux Enterprise Micro 5.4 (noarch) * sysuser-shadow-3.2-150400.3.5.3 * system-user-pulse-15.0-150400.4.2.2 * system-user-brltty-6.4-150400.4.3.3 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libbrlapi0_8-6.4-150400.4.3.3 * brltty-debuginfo-6.4-150400.4.3.3 * libpulse-mainloop-glib0-15.0-150400.4.2.2 * libpulse0-debuginfo-15.0-150400.4.2.2 * pulseaudio-debugsource-15.0-150400.4.2.2 * libpulse-devel-15.0-150400.4.2.2 * libpulse-mainloop-glib0-debuginfo-15.0-150400.4.2.2 * brlapi-devel-6.4-150400.4.3.3 * libpulse0-15.0-150400.4.2.2 * libbrlapi0_8-debuginfo-6.4-150400.4.3.3 * python3-brlapi-6.4-150400.4.3.3 * brltty-debugsource-6.4-150400.4.3.3 * python3-brlapi-debuginfo-6.4-150400.4.3.3 * pulseaudio-debuginfo-15.0-150400.4.2.2 * Basesystem Module 15-SP4 (noarch) * sysuser-shadow-3.2-150400.3.5.3 * system-user-pulse-15.0-150400.4.2.2 * system-user-brltty-6.4-150400.4.3.3 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libbrlapi0_8-6.4-150400.4.3.3 * brltty-debuginfo-6.4-150400.4.3.3 * libpulse-mainloop-glib0-15.0-150400.4.2.2 * libpulse0-debuginfo-15.0-150400.4.2.2 * pulseaudio-debugsource-15.0-150400.4.2.2 * libpulse-devel-15.0-150400.4.2.2 * libpulse-mainloop-glib0-debuginfo-15.0-150400.4.2.2 * brlapi-devel-6.4-150400.4.3.3 * libpulse0-15.0-150400.4.2.2 * libbrlapi0_8-debuginfo-6.4-150400.4.3.3 * python3-brlapi-6.4-150400.4.3.3 * brltty-debugsource-6.4-150400.4.3.3 * python3-brlapi-debuginfo-6.4-150400.4.3.3 * pulseaudio-debuginfo-15.0-150400.4.2.2 * Basesystem Module 15-SP5 (noarch) * sysuser-shadow-3.2-150400.3.5.3 * system-user-pulse-15.0-150400.4.2.2 * system-user-brltty-6.4-150400.4.3.3 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * pulseaudio-utils-15.0-150400.4.2.2 * pulseaudio-module-x11-15.0-150400.4.2.2 * pulseaudio-zsh-completion-15.0-150400.4.2.2 * brltty-driver-at-spi2-6.4-150400.4.3.3 * brltty-driver-brlapi-6.4-150400.4.3.3 * pulseaudio-debugsource-15.0-150400.4.2.2 * brltty-driver-speech-dispatcher-debuginfo-6.4-150400.4.3.3 * brltty-driver-brlapi-debuginfo-6.4-150400.4.3.3 * pulseaudio-bash-completion-15.0-150400.4.2.2 * pulseaudio-15.0-150400.4.2.2 * pulseaudio-gdm-hooks-15.0-150400.4.2.2 * pulseaudio-module-gsettings-15.0-150400.4.2.2 * brltty-debugsource-6.4-150400.4.3.3 * pulseaudio-module-zeroconf-debuginfo-15.0-150400.4.2.2 * pulseaudio-module-gsettings-debuginfo-15.0-150400.4.2.2 * pulseaudio-debuginfo-15.0-150400.4.2.2 * pulseaudio-module-x11-debuginfo-15.0-150400.4.2.2 * pulseaudio-utils-debuginfo-15.0-150400.4.2.2 * brltty-debuginfo-6.4-150400.4.3.3 * brltty-driver-at-spi2-debuginfo-6.4-150400.4.3.3 * pulseaudio-setup-15.0-150400.4.2.2 * pulseaudio-module-zeroconf-15.0-150400.4.2.2 * brltty-6.4-150400.4.3.3 * brltty-driver-speech-dispatcher-6.4-150400.4.3.3 * Desktop Applications Module 15-SP4 (noarch) * system-user-pulse-15.0-150400.4.2.2 * pulseaudio-lang-15.0-150400.4.2.2 * brltty-lang-6.4-150400.4.3.3 * system-user-brltty-6.4-150400.4.3.3 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * pulseaudio-utils-15.0-150400.4.2.2 * pulseaudio-module-x11-15.0-150400.4.2.2 * pulseaudio-zsh-completion-15.0-150400.4.2.2 * brltty-driver-at-spi2-6.4-150400.4.3.3 * brltty-driver-brlapi-6.4-150400.4.3.3 * pulseaudio-debugsource-15.0-150400.4.2.2 * brltty-driver-speech-dispatcher-debuginfo-6.4-150400.4.3.3 * brltty-driver-brlapi-debuginfo-6.4-150400.4.3.3 * pulseaudio-bash-completion-15.0-150400.4.2.2 * pulseaudio-15.0-150400.4.2.2 * pulseaudio-gdm-hooks-15.0-150400.4.2.2 * pulseaudio-module-gsettings-15.0-150400.4.2.2 * brltty-debugsource-6.4-150400.4.3.3 * pulseaudio-module-zeroconf-debuginfo-15.0-150400.4.2.2 * pulseaudio-module-gsettings-debuginfo-15.0-150400.4.2.2 * pulseaudio-debuginfo-15.0-150400.4.2.2 * pulseaudio-module-x11-debuginfo-15.0-150400.4.2.2 * pulseaudio-utils-debuginfo-15.0-150400.4.2.2 * brltty-debuginfo-6.4-150400.4.3.3 * brltty-driver-at-spi2-debuginfo-6.4-150400.4.3.3 * pulseaudio-setup-15.0-150400.4.2.2 * pulseaudio-module-zeroconf-15.0-150400.4.2.2 * brltty-6.4-150400.4.3.3 * brltty-driver-speech-dispatcher-6.4-150400.4.3.3 * Desktop Applications Module 15-SP5 (noarch) * system-user-pulse-15.0-150400.4.2.2 * pulseaudio-lang-15.0-150400.4.2.2 * brltty-lang-6.4-150400.4.3.3 * system-user-brltty-6.4-150400.4.3.3 * Development Tools Module 15-SP4 (noarch) * sysuser-tools-3.2-150400.3.5.3 * system-user-pulse-15.0-150400.4.2.2 * system-user-brltty-6.4-150400.4.3.3 * Development Tools Module 15-SP5 (noarch) * sysuser-tools-3.2-150400.3.5.3 * system-user-pulse-15.0-150400.4.2.2 * system-user-brltty-6.4-150400.4.3.3 * SUSE Package Hub 15 15-SP4 (x86_64) * pulseaudio-debuginfo-15.0-150400.4.2.2 * pulseaudio-debugsource-15.0-150400.4.2.2 * libpulse0-32bit-debuginfo-15.0-150400.4.2.2 * libpulse0-32bit-15.0-150400.4.2.2 * SUSE Package Hub 15 15-SP5 (x86_64) * pulseaudio-debuginfo-15.0-150400.4.2.2 * pulseaudio-debugsource-15.0-150400.4.2.2 * libpulse0-32bit-15.0-150400.4.2.2 * libpulse0-32bit-debuginfo-15.0-150400.4.2.2 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * pulseaudio-debugsource-15.0-150400.4.2.2 * pulseaudio-module-lirc-debuginfo-15.0-150400.4.2.2 * pulseaudio-module-bluetooth-debuginfo-15.0-150400.4.2.2 * pulseaudio-module-bluetooth-15.0-150400.4.2.2 * pulseaudio-module-lirc-15.0-150400.4.2.2 * pulseaudio-debuginfo-15.0-150400.4.2.2 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * pulseaudio-debugsource-15.0-150400.4.2.2 * pulseaudio-module-lirc-debuginfo-15.0-150400.4.2.2 * pulseaudio-module-bluetooth-debuginfo-15.0-150400.4.2.2 * pulseaudio-module-bluetooth-15.0-150400.4.2.2 * pulseaudio-module-lirc-15.0-150400.4.2.2 * pulseaudio-debuginfo-15.0-150400.4.2.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1195391 * https://bugzilla.suse.com/show_bug.cgi?id=1205161 * https://bugzilla.suse.com/show_bug.cgi?id=1207778 * https://bugzilla.suse.com/show_bug.cgi?id=1213240 * https://bugzilla.suse.com/show_bug.cgi?id=1214140 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 15 08:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Sep 2023 08:30:16 -0000 Subject: SUSE-SU-2023:3610-1: critical: Security update for MozillaFirefox Message-ID: <169476661680.15541.12307075032251232040@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:3610-1 Rating: critical References: * #1210168 * #1215231 * #1215245 Cross-References: * CVE-2023-4863 CVSS scores: * CVE-2023-4863 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 115.2.1 ESR (bsc#1215245). * CVE-2023-4863: Fixed heap buffer overflow in libwebp (MFSA 2023-40) (bsc#1215231). The following non-security bug was fixed: * Fix i586 build by reducing debug info to -g1 (bsc#1210168). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3610=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3610=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3610=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3610=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3610=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3610=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3610=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3610=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3610=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3610=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3610=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3610=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-branding-upstream-115.2.1-150200.152.105.1 * MozillaFirefox-115.2.1-150200.152.105.1 * MozillaFirefox-debuginfo-115.2.1-150200.152.105.1 * MozillaFirefox-translations-other-115.2.1-150200.152.105.1 * MozillaFirefox-debugsource-115.2.1-150200.152.105.1 * MozillaFirefox-translations-common-115.2.1-150200.152.105.1 * openSUSE Leap 15.4 (noarch) * MozillaFirefox-devel-115.2.1-150200.152.105.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-branding-upstream-115.2.1-150200.152.105.1 * MozillaFirefox-115.2.1-150200.152.105.1 * MozillaFirefox-debuginfo-115.2.1-150200.152.105.1 * MozillaFirefox-translations-other-115.2.1-150200.152.105.1 * MozillaFirefox-debugsource-115.2.1-150200.152.105.1 * MozillaFirefox-translations-common-115.2.1-150200.152.105.1 * openSUSE Leap 15.5 (noarch) * MozillaFirefox-devel-115.2.1-150200.152.105.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.2.1-150200.152.105.1 * MozillaFirefox-debuginfo-115.2.1-150200.152.105.1 * MozillaFirefox-translations-other-115.2.1-150200.152.105.1 * MozillaFirefox-debugsource-115.2.1-150200.152.105.1 * MozillaFirefox-translations-common-115.2.1-150200.152.105.1 * Desktop Applications Module 15-SP4 (noarch) * MozillaFirefox-devel-115.2.1-150200.152.105.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.2.1-150200.152.105.1 * MozillaFirefox-debuginfo-115.2.1-150200.152.105.1 * MozillaFirefox-translations-other-115.2.1-150200.152.105.1 * MozillaFirefox-debugsource-115.2.1-150200.152.105.1 * MozillaFirefox-translations-common-115.2.1-150200.152.105.1 * Desktop Applications Module 15-SP5 (noarch) * MozillaFirefox-devel-115.2.1-150200.152.105.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * MozillaFirefox-115.2.1-150200.152.105.1 * MozillaFirefox-debuginfo-115.2.1-150200.152.105.1 * MozillaFirefox-translations-other-115.2.1-150200.152.105.1 * MozillaFirefox-debugsource-115.2.1-150200.152.105.1 * MozillaFirefox-translations-common-115.2.1-150200.152.105.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.2.1-150200.152.105.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * MozillaFirefox-115.2.1-150200.152.105.1 * MozillaFirefox-debuginfo-115.2.1-150200.152.105.1 * MozillaFirefox-translations-other-115.2.1-150200.152.105.1 * MozillaFirefox-debugsource-115.2.1-150200.152.105.1 * MozillaFirefox-translations-common-115.2.1-150200.152.105.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * MozillaFirefox-devel-115.2.1-150200.152.105.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * MozillaFirefox-115.2.1-150200.152.105.1 * MozillaFirefox-debuginfo-115.2.1-150200.152.105.1 * MozillaFirefox-translations-other-115.2.1-150200.152.105.1 * MozillaFirefox-debugsource-115.2.1-150200.152.105.1 * MozillaFirefox-translations-common-115.2.1-150200.152.105.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * MozillaFirefox-devel-115.2.1-150200.152.105.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.2.1-150200.152.105.1 * MozillaFirefox-debuginfo-115.2.1-150200.152.105.1 * MozillaFirefox-translations-other-115.2.1-150200.152.105.1 * MozillaFirefox-debugsource-115.2.1-150200.152.105.1 * MozillaFirefox-translations-common-115.2.1-150200.152.105.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.2.1-150200.152.105.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.2.1-150200.152.105.1 * MozillaFirefox-debuginfo-115.2.1-150200.152.105.1 * MozillaFirefox-translations-other-115.2.1-150200.152.105.1 * MozillaFirefox-debugsource-115.2.1-150200.152.105.1 * MozillaFirefox-translations-common-115.2.1-150200.152.105.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * MozillaFirefox-devel-115.2.1-150200.152.105.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * MozillaFirefox-115.2.1-150200.152.105.1 * MozillaFirefox-debuginfo-115.2.1-150200.152.105.1 * MozillaFirefox-translations-other-115.2.1-150200.152.105.1 * MozillaFirefox-debugsource-115.2.1-150200.152.105.1 * MozillaFirefox-translations-common-115.2.1-150200.152.105.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * MozillaFirefox-devel-115.2.1-150200.152.105.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * MozillaFirefox-115.2.1-150200.152.105.1 * MozillaFirefox-debuginfo-115.2.1-150200.152.105.1 * MozillaFirefox-translations-other-115.2.1-150200.152.105.1 * MozillaFirefox-debugsource-115.2.1-150200.152.105.1 * MozillaFirefox-translations-common-115.2.1-150200.152.105.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * MozillaFirefox-devel-115.2.1-150200.152.105.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * MozillaFirefox-115.2.1-150200.152.105.1 * MozillaFirefox-debuginfo-115.2.1-150200.152.105.1 * MozillaFirefox-translations-other-115.2.1-150200.152.105.1 * MozillaFirefox-debugsource-115.2.1-150200.152.105.1 * MozillaFirefox-translations-common-115.2.1-150200.152.105.1 * SUSE Enterprise Storage 7.1 (noarch) * MozillaFirefox-devel-115.2.1-150200.152.105.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4863.html * https://bugzilla.suse.com/show_bug.cgi?id=1210168 * https://bugzilla.suse.com/show_bug.cgi?id=1215231 * https://bugzilla.suse.com/show_bug.cgi?id=1215245 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 15 08:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Sep 2023 08:30:19 -0000 Subject: SUSE-SU-2023:3609-1: critical: Security update for MozillaFirefox Message-ID: <169476661955.15541.6367601179041573402@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:3609-1 Rating: critical References: * #1210168 * #1215231 * #1215245 Cross-References: * CVE-2023-4863 CVSS scores: * CVE-2023-4863 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 115.2.1 ESR (bsc#1215245). * CVE-2023-4863: Fixed heap buffer overflow in libwebp (MFSA 2023-40) (bsc#1215231). The following non-security bug was fixed: * Fix i586 build by reducing debug info to -g1 (bsc#1210168). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3609=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3609=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3609=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * MozillaFirefox-debugsource-115.2.1-150000.150.103.1 * MozillaFirefox-debuginfo-115.2.1-150000.150.103.1 * MozillaFirefox-translations-other-115.2.1-150000.150.103.1 * MozillaFirefox-115.2.1-150000.150.103.1 * MozillaFirefox-translations-common-115.2.1-150000.150.103.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * MozillaFirefox-devel-115.2.1-150000.150.103.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-115.2.1-150000.150.103.1 * MozillaFirefox-debuginfo-115.2.1-150000.150.103.1 * MozillaFirefox-translations-other-115.2.1-150000.150.103.1 * MozillaFirefox-115.2.1-150000.150.103.1 * MozillaFirefox-translations-common-115.2.1-150000.150.103.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * MozillaFirefox-devel-115.2.1-150000.150.103.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * MozillaFirefox-debugsource-115.2.1-150000.150.103.1 * MozillaFirefox-debuginfo-115.2.1-150000.150.103.1 * MozillaFirefox-translations-other-115.2.1-150000.150.103.1 * MozillaFirefox-115.2.1-150000.150.103.1 * MozillaFirefox-translations-common-115.2.1-150000.150.103.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * MozillaFirefox-devel-115.2.1-150000.150.103.1 * SUSE CaaS Platform 4.0 (x86_64) * MozillaFirefox-debugsource-115.2.1-150000.150.103.1 * MozillaFirefox-debuginfo-115.2.1-150000.150.103.1 * MozillaFirefox-translations-other-115.2.1-150000.150.103.1 * MozillaFirefox-115.2.1-150000.150.103.1 * MozillaFirefox-translations-common-115.2.1-150000.150.103.1 * SUSE CaaS Platform 4.0 (noarch) * MozillaFirefox-devel-115.2.1-150000.150.103.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4863.html * https://bugzilla.suse.com/show_bug.cgi?id=1210168 * https://bugzilla.suse.com/show_bug.cgi?id=1215231 * https://bugzilla.suse.com/show_bug.cgi?id=1215245 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 15 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Sep 2023 12:30:02 -0000 Subject: SUSE-SU-2023:3622-1: important: Security update for the Linux Kernel (Live Patch 38 for SLE 15 SP2) Message-ID: <169478100264.8815.11241302565453220863@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 38 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:3622-1 Rating: important References: * #1213063 * #1213244 Cross-References: * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_157 fixes several issues. The following security issues were fixed: * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-3622=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_157-default-2-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_38-debugsource-2-150200.2.1 * kernel-livepatch-5_3_18-150200_24_157-default-debuginfo-2-150200.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 15 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Sep 2023 12:30:05 -0000 Subject: SUSE-SU-2023:3621-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP2) Message-ID: <169478100528.8815.10606812550437415096@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:3621-1 Rating: important References: * #1208839 * #1212849 * #1213063 * #1213244 Cross-References: * CVE-2023-1077 * CVE-2023-3090 * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_154 fixes several issues. The following security issues were fixed: * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-3621=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_154-default-debuginfo-3-150200.2.1 * kernel-livepatch-5_3_18-150200_24_154-default-3-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_37-debugsource-3-150200.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 15 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Sep 2023 12:30:08 -0000 Subject: SUSE-SU-2023:3620-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP2) Message-ID: <169478100827.8815.13563682832856554260@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:3620-1 Rating: important References: * #1208839 * #1211187 * #1212849 * #1213063 * #1213244 Cross-References: * CVE-2023-1077 * CVE-2023-3090 * CVE-2023-32233 * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_151 fixes several issues. The following security issues were fixed: * CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211187). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-3620=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP2_Update_36-debugsource-5-150200.2.1 * kernel-livepatch-5_3_18-150200_24_151-default-5-150200.2.1 * kernel-livepatch-5_3_18-150200_24_151-default-debuginfo-5-150200.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-32233.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1211187 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 15 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Sep 2023 12:30:11 -0000 Subject: SUSE-SU-2023:3623-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP3) Message-ID: <169478101163.8815.9785087785506064031@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:3623-1 Rating: important References: * #1208839 * #1210630 * #1211187 * #1211395 * #1212849 * #1213063 * #1213244 Cross-References: * CVE-2023-1077 * CVE-2023-2156 * CVE-2023-2176 * CVE-2023-3090 * CVE-2023-32233 * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_112 fixes several issues. The following security issues were fixed: * CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211187). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210630). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-3618=1 SUSE-SLE- Module-Live-Patching-15-SP3-2023-3624=1 SUSE-SLE-Module-Live- Patching-15-SP3-2023-3623=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_109-default-8-150300.2.2 * kernel-livepatch-5_3_18-150300_59_101-default-10-150300.2.2 * kernel-livepatch-5_3_18-150300_59_112-default-7-150300.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-32233.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1210630 * https://bugzilla.suse.com/show_bug.cgi?id=1211187 * https://bugzilla.suse.com/show_bug.cgi?id=1211395 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 15 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Sep 2023 12:30:14 -0000 Subject: SUSE-SU-2023:3612-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP2) Message-ID: <169478101480.8815.9036835815912731301@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:3612-1 Rating: important References: * #1208839 * #1210630 * #1211187 * #1212849 * #1213063 * #1213244 Cross-References: * CVE-2023-1077 * CVE-2023-2176 * CVE-2023-3090 * CVE-2023-32233 * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves six vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_148 fixes several issues. The following security issues were fixed: * CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211187). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210630). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-3612=1 SUSE-SLE- Module-Live-Patching-15-SP2-2023-3613=1 SUSE-SLE-Module-Live- Patching-15-SP2-2023-3614=1 SUSE-SLE-Module-Live-Patching-15-SP2-2023-3615=1 SUSE-SLE-Module-Live-Patching-15-SP2-2023-3616=1 SUSE-SLE-Module-Live- Patching-15-SP2-2023-3617=1 SUSE-SLE-Module-Live-Patching-15-SP2-2023-3619=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_145-default-6-150200.2.1 * kernel-livepatch-5_3_18-150200_24_139-default-debuginfo-8-150200.2.2 * kernel-livepatch-5_3_18-150200_24_126-default-debuginfo-14-150200.2.2 * kernel-livepatch-5_3_18-150200_24_142-default-7-150200.2.2 * kernel-livepatch-5_3_18-150200_24_134-default-11-150200.2.2 * kernel-livepatch-SLE15-SP2_Update_35-debugsource-5-150200.2.1 * kernel-livepatch-5_3_18-150200_24_145-default-debuginfo-6-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_29-debugsource-14-150200.2.2 * kernel-livepatch-5_3_18-150200_24_148-default-debuginfo-5-150200.2.1 * kernel-livepatch-5_3_18-150200_24_142-default-debuginfo-7-150200.2.2 * kernel-livepatch-5_3_18-150200_24_148-default-5-150200.2.1 * kernel-livepatch-5_3_18-150200_24_134-default-debuginfo-11-150200.2.2 * kernel-livepatch-SLE15-SP2_Update_30-debugsource-11-150200.2.2 * kernel-livepatch-SLE15-SP2_Update_33-debugsource-7-150200.2.2 * kernel-livepatch-SLE15-SP2_Update_34-debugsource-6-150200.2.1 * kernel-livepatch-5_3_18-150200_24_129-default-11-150200.2.2 * kernel-livepatch-SLE15-SP2_Update_31-debugsource-11-150200.2.2 * kernel-livepatch-5_3_18-150200_24_126-default-14-150200.2.2 * kernel-livepatch-5_3_18-150200_24_129-default-debuginfo-11-150200.2.2 * kernel-livepatch-SLE15-SP2_Update_32-debugsource-8-150200.2.2 * kernel-livepatch-5_3_18-150200_24_139-default-8-150200.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-32233.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1210630 * https://bugzilla.suse.com/show_bug.cgi?id=1211187 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Sep 15 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Sep 2023 16:30:04 -0000 Subject: SUSE-SU-2023:3626-1: critical: Security update for MozillaFirefox Message-ID: <169479540428.30711.1049453775553136555@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:3626-1 Rating: critical References: * #1210168 * #1215231 * #1215245 Cross-References: * CVE-2023-4863 CVSS scores: * CVE-2023-4863 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 115.2.1 ESR (bsc#1215245). * CVE-2023-4863: Fixed heap buffer overflow in libwebp (MFSA 2023-40) (bsc#1215231). The following non-security bug was fixed: * Fix i586 build by reducing debug info to -g1 (bsc#1210168). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3626=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3626=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3626=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3626=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-115.2.1-112.179.1 * MozillaFirefox-debugsource-115.2.1-112.179.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * MozillaFirefox-devel-115.2.1-112.179.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * MozillaFirefox-115.2.1-112.179.1 * MozillaFirefox-translations-common-115.2.1-112.179.1 * MozillaFirefox-debuginfo-115.2.1-112.179.1 * MozillaFirefox-debugsource-115.2.1-112.179.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * MozillaFirefox-devel-115.2.1-112.179.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.2.1-112.179.1 * MozillaFirefox-translations-common-115.2.1-112.179.1 * MozillaFirefox-debuginfo-115.2.1-112.179.1 * MozillaFirefox-debugsource-115.2.1-112.179.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * MozillaFirefox-devel-115.2.1-112.179.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * MozillaFirefox-115.2.1-112.179.1 * MozillaFirefox-translations-common-115.2.1-112.179.1 * MozillaFirefox-debuginfo-115.2.1-112.179.1 * MozillaFirefox-debugsource-115.2.1-112.179.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * MozillaFirefox-devel-115.2.1-112.179.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4863.html * https://bugzilla.suse.com/show_bug.cgi?id=1210168 * https://bugzilla.suse.com/show_bug.cgi?id=1215231 * https://bugzilla.suse.com/show_bug.cgi?id=1215245 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Sep 16 07:06:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 09:06:00 +0200 (CEST) Subject: SUSE-CU-2023:2976-1: Recommended update of suse/389-ds Message-ID: <20230916070600.3AEE7FCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2976-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-14.59 , suse/389-ds:latest Container Release : 14.59 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated - container:sles15-image-15.0.0-36.5.33 updated From sle-updates at lists.suse.com Sat Sep 16 07:06:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 09:06:14 +0200 (CEST) Subject: SUSE-CU-2023:2977-1: Security update of bci/dotnet-aspnet Message-ID: <20230916070614.899D8FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2977-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-11.18 , bci/dotnet-aspnet:6.0.21 , bci/dotnet-aspnet:6.0.21-11.18 Container Release : 11.18 Severity : moderate Type : security References : 1030253 1095425 1103893 1112183 1146907 1158955 1159131 1161007 1162882 1166844 1167603 1182252 1182645 1192935 1193951 1195391 1205161 1207778 1213240 1214140 354372 437293 824262 CVE-2020-10531 CVE-2020-21913 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3563-1 Released: Fri Sep 8 15:28:17 2023 Summary: Security update for icu73_2 Type: security Severity: moderate References: 1030253,1095425,1103893,1112183,1146907,1158955,1159131,1161007,1162882,1166844,1167603,1182252,1182645,1192935,1193951,354372,437293,824262,CVE-2020-10531,CVE-2020-21913 This update for icu73_2 fixes the following issues: - Update to release 73.2 * CLDR extends the support for ???short??? Chinese sort orders to cover some additional, required characters for Level 2. This is carried over into ICU collation. * ICU has a modified character conversion table, mapping some GB18030 characters to Unicode characters that were encoded after GB18030-2005. - fixes builds where UCHAR_TYPE is re-defined such as libqt5-qtwebengine - Update to release 73.1 * Improved Japanese and Korean short-text line breaking * Reduction of C++ memory use in date formatting - Update to release 72.1 * Support for Unicode 15, including new characters, scripts, emoji, and corresponding API constants. * Support for CLDR 42 locale data with various additions and corrections. * Shift to tzdb 2022e. Pre-1970 data for a number of timezones has been removed. - bump library packagename to libicu71 to match the version. - update to 71.1: * updates to CLDR 41 locale data with various additions and corrections. * phrase-based line breaking for Japanese. Existing line breaking methods follow standards and conventions for body text but do not work well for short Japanese text, such as in titles and headings. This new feature is optimized for these use cases. * support for Hindi written in Latin letters (hi_Latn). The CLDR data for this increasingly popular locale has been significantly revised and expanded. Note that based on user expectations, hi_Latn incorporates a large amount of English, and can also be referred to as ???Hinglish???. * time zone data updated to version 2022a. Note that pre-1970 data for a number of time zones has been removed, as has been the case in the upstream tzdata release since 2021b. - ICU-21793 Fix ucptrietest golden diff [bsc#1192935] - Update to release 70.1: * Unicode 14 (new characters, scripts, emoji, and API constants) * CLDR 40 (many additions and corrections) * Fixes for measurement unit formatting * Can now be built with up to C++20 compilers - ICU-21613 Fix undefined behaviour in ComplexUnitsConverter::applyRounder - Update to release 69.1 * CLDR 39 * For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as equivalent. This aligns handling of Norwegian with other macro language codes. * Binary prefixes in measurement units (KiB, MiB, etc.) * Time zone offsets from local time: New APIs BasicTimeZone::getOffsetFromLocal() (C++) and ucal_getTimeZoneOffsetFromLocal() - Backport ICU-21366 (bsc#1182645) - Update to release 68.2 * Fix memory problem in FormattedStringBuilder * Fix assertion when setKeywordValue w/ long value. * Fix UBSan breakage on 8bit of rbbi * fix int32_t overflow in listFormat * Fix memory handling in MemoryPool::operator=() * Fix memory leak in AliasReplacer - Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361 - Update to release 68.1 * CLDR 38 * Measurement unit preferences * PluralRules selection for ranges of numbers * Locale ID canonicalization now conforms to the CLDR spec including edge cases * DateIntervalFormat supports output options such as capitalization * Measurement units are normalized in skeleton string output * Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) - Update to version 67.1 * Unicode 13 (ICU-20893, same as in ICU 66) + Total of 5930 new characters + 4 new scripts + 55 new emoji characters, plus additional new sequences + New CJK extension, first characters in plane 3: U+30000..U+3134A * CLDR 37 + New language at Modern coverage: Nigerian Pidgin + New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese + Region containment: EU no longer includes GB + Unicode 13 root collation data and Chinese data for collation and transliteration * DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier (ICU-20442) * Various other improvements for ECMA-402 conformance * Number skeletons have a new 'concise' form that can be used in MessageFormat strings (ICU-20418) * Currency formatting options for formal and other currency display name variants (ICU-20854) * ListFormatter: new public API to select the style & type (ICU-12863) * ListFormatter now selects the proper ???and???/???or??? form for Spanish & Hebrew (ICU-21016) * Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272) * LocaleMatcher: New option to ignore one-way matches (ICU-20936), and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR) * acceptLanguage() reimplemented via LocaleMatcher (ICU-20700) * Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category (ICU-21073) * Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type (ICU-20972), * and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984). * Support for manipulating CLDR 37 unit identifiers in MeasureUnit. * Fix potential integer overflow in UnicodeString:doAppend (bsc#1166844, CVE-2020-10531). - Update to version 66.1 * Unicode 13 support * Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type. (ICU-20972) * use LocalMemory for cmd to prevent use after free (bsc#1193951 CVE-2020-21913). - Remove /usr/lib(64)/icu/current [bsc#1158955]. - Update to release 65.1 (jsc#SLE-11118). * Updated to CLDR 36 locale data with many additions and corrections, and some new measurement units. * The Java LocaleMatcher API is improved, and ported to C++. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated - libicu73_2-ledata-73.2-150000.1.3.1 added - libicu73_2-73.2-150000.1.3.1 added - container:sles15-image-15.0.0-36.5.33 updated - libicu-suse65_1-65.1-150200.4.8.1 removed - libicu65_1-ledata-65.1-150200.4.8.1 removed From sle-updates at lists.suse.com Sat Sep 16 07:06:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 09:06:27 +0200 (CEST) Subject: SUSE-CU-2023:2978-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230916070627.CA5F1FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2978-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-11.17 , bci/dotnet-aspnet:7.0.10 , bci/dotnet-aspnet:7.0.10-11.17 , bci/dotnet-aspnet:latest Container Release : 11.17 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated - container:sles15-image-15.0.0-36.5.33 updated From sle-updates at lists.suse.com Sat Sep 16 07:06:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 09:06:32 +0200 (CEST) Subject: SUSE-CU-2023:2979-1: Recommended update of bci/bci-busybox Message-ID: <20230916070632.8554DFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2979-1 Container Tags : bci/bci-busybox:15.5 , bci/bci-busybox:15.5.11.5 , bci/bci-busybox:latest Container Release : 11.5 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated From sle-updates at lists.suse.com Sat Sep 16 07:06:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 09:06:41 +0200 (CEST) Subject: SUSE-CU-2023:2980-1: Recommended update of suse/registry Message-ID: <20230916070641.74C83FCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2980-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-14.22 , suse/registry:latest Container Release : 14.22 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated From sle-updates at lists.suse.com Sat Sep 16 07:06:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 09:06:57 +0200 (CEST) Subject: SUSE-CU-2023:2981-1: Recommended update of bci/dotnet-sdk Message-ID: <20230916070657.CEA76FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2981-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-10.17 , bci/dotnet-sdk:6.0.21 , bci/dotnet-sdk:6.0.21-10.17 Container Release : 10.17 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated - container:sles15-image-15.0.0-36.5.33 updated From sle-updates at lists.suse.com Sat Sep 16 07:07:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 09:07:15 +0200 (CEST) Subject: SUSE-CU-2023:2982-1: Recommended update of bci/dotnet-sdk Message-ID: <20230916070715.0142EFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2982-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-12.17 , bci/dotnet-sdk:7.0.10 , bci/dotnet-sdk:7.0.10-12.17 , bci/dotnet-sdk:latest Container Release : 12.17 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated - container:sles15-image-15.0.0-36.5.33 updated From sle-updates at lists.suse.com Sat Sep 16 07:07:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 09:07:29 +0200 (CEST) Subject: SUSE-CU-2023:2983-1: Recommended update of bci/dotnet-runtime Message-ID: <20230916070729.D9729FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2983-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-10.17 , bci/dotnet-runtime:6.0.21 , bci/dotnet-runtime:6.0.21-10.17 Container Release : 10.17 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated - container:sles15-image-15.0.0-36.5.33 updated From sle-updates at lists.suse.com Sat Sep 16 07:07:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 09:07:44 +0200 (CEST) Subject: SUSE-CU-2023:2984-1: Recommended update of bci/dotnet-runtime Message-ID: <20230916070744.D942DFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2984-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-12.17 , bci/dotnet-runtime:7.0.10 , bci/dotnet-runtime:7.0.10-12.17 , bci/dotnet-runtime:latest Container Release : 12.17 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated - container:sles15-image-15.0.0-36.5.33 updated From sle-updates at lists.suse.com Sat Sep 16 07:07:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 09:07:46 +0200 (CEST) Subject: SUSE-CU-2023:2985-1: Recommended update of bci/golang Message-ID: <20230916070746.93394FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2985-1 Container Tags : bci/golang:1.19-openssl , bci/golang:1.19-openssl-5.3 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-5.3 Container Release : 5.3 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated - container:sles15-image-15.0.0-36.5.33 updated From sle-updates at lists.suse.com Sat Sep 16 07:08:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 09:08:01 +0200 (CEST) Subject: SUSE-CU-2023:2986-1: Recommended update of bci/bci-init Message-ID: <20230916070801.38952FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2986-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.8.59 , bci/bci-init:latest Container Release : 8.59 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated - container:sles15-image-15.0.0-36.5.33 updated From sle-updates at lists.suse.com Sat Sep 16 07:08:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 09:08:06 +0200 (CEST) Subject: SUSE-CU-2023:2987-1: Recommended update of suse/nginx Message-ID: <20230916070806.1FC5EFCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2987-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-3.26 , suse/nginx:latest Container Release : 3.26 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated From sle-updates at lists.suse.com Sat Sep 16 07:08:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 09:08:21 +0200 (CEST) Subject: SUSE-CU-2023:2988-1: Recommended update of bci/nodejs Message-ID: <20230916070821.EF5DDFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2988-1 Container Tags : bci/node:18 , bci/node:18-9.30 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-9.30 , bci/nodejs:latest Container Release : 9.30 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated From sle-updates at lists.suse.com Sat Sep 16 07:08:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 09:08:39 +0200 (CEST) Subject: SUSE-CU-2023:2989-1: Recommended update of bci/openjdk-devel Message-ID: <20230916070839.8DA0DFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2989-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-8.95 Container Release : 8.95 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated - container:bci-openjdk-11-15.5.11-9.46 updated From sle-updates at lists.suse.com Sat Sep 16 07:08:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 09:08:53 +0200 (CEST) Subject: SUSE-CU-2023:2990-1: Recommended update of bci/openjdk Message-ID: <20230916070853.A9E57FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2990-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-9.46 Container Release : 9.46 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated From sle-updates at lists.suse.com Sat Sep 16 07:09:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 09:09:08 +0200 (CEST) Subject: SUSE-CU-2023:2991-1: Recommended update of bci/openjdk-devel Message-ID: <20230916070908.AEF5AFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2991-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-10.92 , bci/openjdk-devel:latest Container Release : 10.92 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated - container:bci-openjdk-17-15.5.17-10.46 updated From sle-updates at lists.suse.com Sat Sep 16 07:09:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 09:09:22 +0200 (CEST) Subject: SUSE-CU-2023:2992-1: Recommended update of bci/openjdk Message-ID: <20230916070922.D1422FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2992-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-10.46 , bci/openjdk:latest Container Release : 10.46 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated From sle-updates at lists.suse.com Sat Sep 16 07:09:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 09:09:36 +0200 (CEST) Subject: SUSE-CU-2023:2993-1: Recommended update of suse/pcp Message-ID: <20230916070936.CF2EDFCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2993-1 Container Tags : suse/pcp:5 , suse/pcp:5-13.50 , suse/pcp:5.2 , suse/pcp:5.2-13.50 , suse/pcp:5.2.5 , suse/pcp:5.2.5-13.50 , suse/pcp:latest Container Release : 13.50 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated - container:bci-bci-init-15.5-15.5-8.59 updated From sle-updates at lists.suse.com Sat Sep 16 07:09:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 09:09:49 +0200 (CEST) Subject: SUSE-CU-2023:2994-1: Recommended update of bci/php-apache Message-ID: <20230916070949.0B087FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2994-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-6.44 Container Release : 6.44 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated From sle-updates at lists.suse.com Sat Sep 16 07:10:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 09:10:01 +0200 (CEST) Subject: SUSE-CU-2023:2995-1: Recommended update of bci/php-fpm Message-ID: <20230916071001.0EF53FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2995-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-6.43 Container Release : 6.43 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated From sle-updates at lists.suse.com Sat Sep 16 07:10:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 09:10:14 +0200 (CEST) Subject: SUSE-CU-2023:2996-1: Recommended update of bci/php Message-ID: <20230916071014.55364FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2996-1 Container Tags : bci/php:8 , bci/php:8-6.43 Container Release : 6.43 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated From sle-updates at lists.suse.com Sat Sep 16 09:35:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 11:35:30 +0200 (CEST) Subject: SUSE-CU-2023:2996-1: Recommended update of bci/php Message-ID: <20230916093530.60C20FCEE@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2996-1 Container Tags : bci/php:8 , bci/php:8-6.43 Container Release : 6.43 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated From sle-updates at lists.suse.com Sat Sep 16 09:35:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 11:35:43 +0200 (CEST) Subject: SUSE-CU-2023:2997-1: Recommended update of suse/postgres Message-ID: <20230916093543.5BA36FCEE@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2997-1 Container Tags : suse/postgres:15 , suse/postgres:15-9.46 , suse/postgres:15.4 , suse/postgres:15.4-9.46 , suse/postgres:latest Container Release : 9.46 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated From sle-updates at lists.suse.com Sat Sep 16 09:35:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 11:35:59 +0200 (CEST) Subject: SUSE-CU-2023:2998-1: Recommended update of bci/python Message-ID: <20230916093559.CDBFCFCEE@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2998-1 Container Tags : bci/python:3 , bci/python:3-8.51 , bci/python:3.11 , bci/python:3.11-8.51 , bci/python:latest Container Release : 8.51 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated From sle-updates at lists.suse.com Sat Sep 16 09:36:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 11:36:15 +0200 (CEST) Subject: SUSE-CU-2023:2999-1: Recommended update of bci/python Message-ID: <20230916093615.CFF59FCEE@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2999-1 Container Tags : bci/python:3 , bci/python:3-10.49 , bci/python:3.6 , bci/python:3.6-10.49 Container Release : 10.49 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated From sle-updates at lists.suse.com Sat Sep 16 09:36:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 11:36:29 +0200 (CEST) Subject: SUSE-CU-2023:3000-1: Recommended update of bci/ruby Message-ID: <20230916093629.F0BD8FCEE@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3000-1 Container Tags : bci/ruby:2 , bci/ruby:2-10.41 , bci/ruby:2.5 , bci/ruby:2.5-10.41 , bci/ruby:latest Container Release : 10.41 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated From sle-updates at lists.suse.com Sat Sep 16 09:36:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 11:36:46 +0200 (CEST) Subject: SUSE-CU-2023:3001-1: Recommended update of bci/rust Message-ID: <20230916093646.CCCDCFCEE@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3001-1 Container Tags : bci/rust:1.70 , bci/rust:1.70-2.2.2 , bci/rust:oldstable , bci/rust:oldstable-2.2.2 Container Release : 2.2 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated From sle-updates at lists.suse.com Sat Sep 16 09:37:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 11:37:03 +0200 (CEST) Subject: SUSE-CU-2023:3002-1: Recommended update of bci/rust Message-ID: <20230916093703.6CC16FCEE@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3002-1 Container Tags : bci/rust:1.71 , bci/rust:1.71-1.2.2 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.2 Container Release : 2.2 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated From sle-updates at lists.suse.com Sat Sep 16 09:37:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Sep 2023 11:37:17 +0200 (CEST) Subject: SUSE-CU-2023:3003-1: Recommended update of suse/sle15 Message-ID: <20230916093717.162C8FCEE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3003-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.33 , suse/sle15:15.5 , suse/sle15:15.5.36.5.33 Container Release : 36.5.33 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated From sle-updates at lists.suse.com Mon Sep 18 07:01:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 09:01:55 +0200 (CEST) Subject: SUSE-IU-2023:611-1: Security update of suse-sles-15-sp5-chost-byos-v20230915-hvm-ssd-x86_64 Message-ID: <20230918070155.4CCC9FCA4@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20230915-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:611-1 Image Tags : suse-sles-15-sp5-chost-byos-v20230915-hvm-ssd-x86_64:20230915 Image Release : Severity : critical Type : security References : 1027519 1158763 1182142 1186606 1193412 1194609 1195391 1201519 1204844 1205161 1207778 1208194 1208574 1209741 1209998 1210070 1210419 1210702 1210740 1210797 1210996 1211256 1211257 1211461 1211576 1211757 1212368 1212434 1212684 1213120 1213185 1213212 1213229 1213231 1213240 1213500 1213557 1213575 1213582 1213607 1213616 1213673 1213826 1213873 1213940 1213951 1214006 1214025 1214071 1214081 1214082 1214083 1214107 1214108 1214109 1214140 1214248 1214290 CVE-2021-30560 CVE-2022-40982 CVE-2023-2004 CVE-2023-20569 CVE-2023-20593 CVE-2023-2426 CVE-2023-2609 CVE-2023-2610 CVE-2023-26112 CVE-2023-28840 CVE-2023-28841 CVE-2023-28842 CVE-2023-4016 CVE-2023-4156 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20230915-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2548-1 Released: Tue Jul 26 13:48:28 2022 Summary: Critical update for python-cssselect Type: recommended Severity: critical References: This update for python-cssselect implements packages to the unrestrictied repository. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:557-1 Released: Tue Feb 28 09:29:15 2023 Summary: Security update for libxslt Type: security Severity: important References: 1208574,CVE-2021-30560 This update for libxslt fixes the following issues: - CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2898-1 Released: Thu Jul 20 09:15:33 2023 Summary: Recommended update for python-instance-billing-flavor-check Type: feature Severity: critical References: This update for python-instance-billing-flavor-check fixes the following issues: - Include PAYG checker package in SLE (jsc#PED-4791) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3369-1 Released: Tue Aug 22 11:12:02 2023 Summary: Security update for python-configobj Type: security Severity: low References: 1210070,CVE-2023-26112 This update for python-configobj fixes the following issues: - CVE-2023-26112: Fixed regular expression denial of service vulnerability in validate.py (bsc#1210070). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3371-1 Released: Tue Aug 22 13:30:18 2023 Summary: Recommended update for liblognorm Type: recommended Severity: moderate References: This update for liblognorm fixes the following issues: - Update to liblognorm v2.0.6 (jsc#PED-4883) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3372-1 Released: Tue Aug 22 13:44:38 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1211757,1213212 This update for rsyslog fixes the following issues: - Fix removal of imfile state files (bsc#1213212) - Fix segfaults in modExit() of imklog.c (bsc#1211757) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3393-1 Released: Wed Aug 23 17:41:55 2023 Summary: Recommended update for dracut Type: recommended Severity: important References: 1214081 This update for dracut fixes the following issues: - Protect against broken links pointing to themselves - Exit if resolving executable dependencies fails (bsc#1214081) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3447-1 Released: Mon Aug 28 10:57:05 2023 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1212684,1213616,1214082,1214083,CVE-2022-40982,CVE-2023-20569,CVE-2023-20593 This update for xen fixes the following issues: - CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434) - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435) - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3452-1 Released: Mon Aug 28 12:41:11 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1213951 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update from version 1.0.7 to 1.0.8 (bsc#1213951) - Capture CSP billing adapter config and log - Accept upper case Amazon string in DMI table ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3461-1 Released: Mon Aug 28 17:25:09 2023 Summary: Security update for freetype2 Type: security Severity: moderate References: 1210419,CVE-2023-2004 This update for freetype2 fixes the following issues: - CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3465-1 Released: Tue Aug 29 07:30:00 2023 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1213607,1213826,1213940 This update for samba fixes the following issues: - Fix DFS not working with widelinks enabled; (bsc#1213607) - Move libcluster-samba4.so from samba-libs to samba-client-libs (bsc#1213940) - net ads lookup with unspecified realm fails (bsc#1213826) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3468-1 Released: Tue Aug 29 09:22:18 2023 Summary: Recommended update for python3 Type: recommended Severity: low References: This update for python3 fixes the following issue: - Rename sources in preparation of python3.11 (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3470-1 Released: Tue Aug 29 10:49:33 2023 Summary: Recommended update for parted Type: recommended Severity: low References: 1182142,1193412 This update for parted fixes the following issues: - fix null pointer dereference (bsc#1193412) - update mkpart options in manpage (bsc#1182142) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3485-1 Released: Tue Aug 29 14:20:56 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3497-1 Released: Wed Aug 30 21:25:05 2023 Summary: Security update for vim Type: security Severity: important References: 1210996,1211256,1211257,1211461,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610 This update for vim fixes the following issues: Updated to version 9.0 with patch level 1572. - CVE-2023-2426: Fixed Out-of-range Pointer Offset use (bsc#1210996). - CVE-2023-2609: Fixed NULL Pointer Dereference (bsc#1211256). - CVE-2023-2610: Fixed nteger Overflow or Wraparound (bsc#1211257). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3514-1 Released: Fri Sep 1 15:48:52 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3521-1 Released: Tue Sep 5 08:56:45 2023 Summary: Recommended update for python-iniconfig Type: recommended Severity: moderate References: 1213582 This update for python-iniconfig provides python3-iniconfig to SUSE Linux Enterprise Micro 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3536-1 Released: Tue Sep 5 15:00:27 2023 Summary: Security update for docker Type: security Severity: moderate References: 1210797,1212368,1213120,1213229,1213500,1214107,1214108,1214109,CVE-2023-28840,CVE-2023-28841,CVE-2023-28842 This update for docker fixes the following issues: - Update to Docker 24.0.5-ce. See upstream changelong online at bsc#1213229 - Update to Docker 24.0.4-ce. See upstream changelog online at . bsc#1213500 - Update to Docker 24.0.3-ce. See upstream changelog online at . bsc#1213120 - Recommend docker-rootless-extras instead of Require(ing) it, given it's an additional functionality and not inherently required for docker to function. - Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless) - Update to Docker 24.0.2-ce. See upstream changelog online at . bsc#1212368 * Includes the upstreamed fix for the mount table pollution issue. bsc#1210797 - Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as being provided by this package. - was rebuilt against current GO compiler. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3543-1 Released: Wed Sep 6 08:27:22 2023 Summary: Recommended update for protobuf-c Type: recommended Severity: moderate References: 1214006 This update for protobuf-c fixes the following issues: - Add missing Provides/Obsoletes after package merge (bsc#1214006) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low References: 1209998 This update for crypto-policies fixes the following issues: - Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - audit-3.0.6-150400.4.13.1 updated - ca-certificates-mozilla-2.62-150200.30.1 updated - crypto-policies-20210917.c9d86d1-150400.3.3.1 updated - docker-24.0.5_ce-150000.185.1 updated - dracut-055+suse.369.gde6c81bf-150500.3.9.1 updated - gawk-4.2.1-150000.3.3.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libauparse0-3.0.6-150400.4.13.1 updated - libdevmapper1_03-2.03.16_1.02.185-150500.7.6.1 updated - libfreetype6-2.10.4-150000.4.15.1 updated - liblognorm5-2.0.6-150000.3.3.1 updated - libparted0-3.2-150300.21.3.1 updated - libprocps7-3.3.15-150000.7.34.1 updated - libprotobuf-c1-1.3.2-150200.3.9.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libudev1-249.16-150400.8.33.1 updated - libxslt1-1.1.34-150400.3.3.1 added - libzypp-17.31.20-150400.3.40.1 updated - parted-3.2-150300.21.3.1 updated - procps-3.3.15-150000.7.34.1 updated - python-instance-billing-flavor-check-0.0.2-150000.1.3.1 added - python3-configobj-5.0.6-150000.3.3.1 updated - python3-cssselect-1.0.3-150000.3.3.1 added - python3-iniconfig-1.1.1-150000.1.11.1 updated - python3-lxml-4.9.1-150500.1.2 added - python3-more-itertools-8.10.0-150400.5.69 updated - python3-ordered-set-4.0.2-150400.8.34 updated - python3-pyOpenSSL-21.0.0-150400.7.62 updated - rsyslog-module-relp-8.2306.0-150400.5.18.1 updated - rsyslog-8.2306.0-150400.5.18.1 updated - samba-client-libs-4.17.9+git.387.ca59f91f61-150500.3.8.1 updated - supportutils-plugin-suse-public-cloud-1.0.8-150000.3.17.1 updated - system-group-audit-3.0.6-150400.4.13.1 updated - systemd-sysvinit-249.16-150400.8.33.1 updated - systemd-249.16-150400.8.33.1 updated - sysuser-shadow-3.2-150400.3.5.3 updated - udev-249.16-150400.8.33.1 updated - vim-data-common-9.0.1632-150500.20.3.1 updated - vim-9.0.1632-150500.20.3.1 updated - xen-libs-4.17.2_02-150500.3.6.1 updated - xen-tools-domU-4.17.2_02-150500.3.6.1 updated - zypper-1.14.63-150400.3.29.1 updated - samba-libs-4.17.9+git.367.dae41ffdd1f-150500.3.5.1 removed From sle-updates at lists.suse.com Mon Sep 18 07:02:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 09:02:01 +0200 (CEST) Subject: SUSE-IU-2023:612-1: Security update of sles-15-sp5-chost-byos-v20230915-arm64 Message-ID: <20230918070201.76249FCA4@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20230915-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:612-1 Image Tags : sles-15-sp5-chost-byos-v20230915-arm64:20230915 Image Release : Severity : critical Type : security References : 1002895 1027519 1102408 1107105 1138666 1138715 1138746 1158763 1167732 1176389 1177120 1179805 1182142 1182421 1182422 1184505 1186606 1187045 1193412 1194609 1195391 1195916 1196696 1198331 1200771 1201519 1202498 1202498 1204145 1204364 1204844 1205161 1206212 1207778 1207805 1208036 1208194 1208574 1209741 1209998 1210419 1210702 1210740 1210797 1210996 1211256 1211257 1211461 1211576 1211674 1211757 1212368 1212434 1212684 1213120 1213185 1213212 1213229 1213231 1213240 1213500 1213557 1213575 1213582 1213607 1213616 1213673 1213826 1213873 1213940 1213951 1214006 1214025 1214071 1214081 1214082 1214083 1214107 1214108 1214109 1214140 1214248 1214290 CVE-2020-25659 CVE-2020-26137 CVE-2020-29651 CVE-2020-29651 CVE-2021-30560 CVE-2021-33503 CVE-2022-23491 CVE-2022-40982 CVE-2022-42969 CVE-2023-2004 CVE-2023-20569 CVE-2023-20593 CVE-2023-23931 CVE-2023-2426 CVE-2023-2609 CVE-2023-2610 CVE-2023-28840 CVE-2023-28841 CVE-2023-28842 CVE-2023-32681 CVE-2023-4016 CVE-2023-4156 ----------------------------------------------------------------- The container sles-15-sp5-chost-byos-v20230915-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1037-1 Released: Mon Apr 20 10:49:39 2020 Summary: Recommended update for python-pytest Type: recommended Severity: low References: 1002895,1107105,1138666,1167732 This update fixes the following issues: New python-pytest versions are provided. In Basesystem: - python3-pexpect: updated to 4.8.0 - python3-py: updated to 1.8.1 - python3-zipp: shipped as dependency in version 0.6.0 In Python2: - python2-pexpect: updated to 4.8.0 - python2-py: updated to 1.8.1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1859-1 Released: Fri Jun 4 09:02:38 2021 Summary: Security update for python-py Type: security Severity: moderate References: 1179805,1184505,CVE-2020-29651 This update for python-py fixes the following issues: - CVE-2020-29651: Fixed regular expression denial of service in svnwc.py (bsc#1179805, bsc#1184505). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2012-1 Released: Fri Jun 18 09:15:13 2021 Summary: Security update for python-urllib3 Type: security Severity: important References: 1187045,CVE-2021-33503 This update for python-urllib3 fixes the following issues: - CVE-2021-33503: Fixed a denial of service when the URL contained many @ characters in the authority component (bsc#1187045) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2817-1 Released: Mon Aug 23 15:05:18 2021 Summary: Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 Type: security Severity: moderate References: 1102408,1138715,1138746,1176389,1177120,1182421,1182422,CVE-2020-26137 This patch updates the Python AWS SDK stack in SLE 15: General: # aws-cli - Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-boto3 - Version updated to upstream release 1.17.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-botocore - Version updated to upstream release 1.20.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-urllib3 - Version updated to upstream release 1.25.10 For a detailed list of all changes, please refer to the changelog file of this package. # python-service_identity - Added this new package to resolve runtime dependencies for other packages. Version: 18.1.0 # python-trustme - Added this new package to resolve runtime dependencies for other packages. Version: 0.6.0 Security fixes: # python-urllib3: - CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2355-1 Released: Mon Jul 11 12:44:33 2022 Summary: Recommended update for python-cryptography Type: recommended Severity: moderate References: 1198331,CVE-2020-25659 This update for python-cryptography fixes the following issues: python-cryptography was updated to 3.3.2. update to 3.3.0: * BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit to 1024-bit (8 byte to 128 byte) initialization vectors. This change is to conform with an upcoming OpenSSL release that will no longer support sizes outside this window. * BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we now raise ValueError rather than UnsupportedAlgorithm when an unsupported cipher is used. This change is to conform with an upcoming OpenSSL release that will no longer distinguish between error types. * BACKWARDS INCOMPATIBLE: We no longer allow loading of finite field Diffie-Hellman parameters of less than 512 bits in length. This change is to conform with an upcoming OpenSSL release that no longer supports smaller sizes. These keys were already wildly insecure and should not have been used in any application outside of testing. * Added the recover_data_from_signature() function to RSAPublicKey for recovering the signed data from an RSA signature. Update to 3.2.1: Disable blinding on RSA public keys to address an error with some versions of OpenSSL. update to 3.2 (bsc#1178168, CVE-2020-25659): * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability. * Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder. update to 3.1: * **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based :term:`U-label` parsing in various X.509 classes. This support was originally deprecated in version 2.1 and moved to an extra in 2.5. * ``backend`` arguments to functions are no longer required and the default backend will automatically be selected if no ``backend`` is provided. * Added initial support for parsing certificates from PKCS7 files with :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates` and :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates` . * Calling ``update`` or ``update_into`` on :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data`` longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This also resolves the same issue in :doc:`/fernet`. update to 3.0: * RSA generate_private_key() no longer accepts public_exponent values except 65537 and 3 (the latter for legacy purposes). * X.509 certificate parsing now enforces that the version field contains a valid value, rather than deferring this check until version is accessed. * Deprecated support for Python 2 * Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa private keys: load_ssh_private_key() for loading and OpenSSH for writing. * Added support for OpenSSH certificates to load_ssh_public_key(). * Added encrypt_at_time() and decrypt_at_time() to Fernet. * Added support for the SubjectInformationAccess X.509 extension. * Added support for parsing SignedCertificateTimestamps in OCSP responses. * Added support for parsing attributes in certificate signing requests via get_attribute_for_oid(). * Added support for encoding attributes in certificate signing requests via add_attribute(). * On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL???s built-in CSPRNG instead of its own OS random engine because these versions of OpenSSL properly reseed on fork. * Added initial support for creating PKCS12 files with serialize_key_and_certificates(). Update to 2.9: * BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden. * BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade. * BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed. * Removed support for calling public_bytes() with no arguments, as per our deprecation policy. You must now pass encoding and format. * BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string() returns the RDNs as required by RFC 4514. * Added support for parsing single_extensions in an OCSP response. * NameAttribute values can now be empty strings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2548-1 Released: Tue Jul 26 13:48:28 2022 Summary: Critical update for python-cssselect Type: recommended Severity: critical References: This update for python-cssselect implements packages to the unrestrictied repository. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2831-1 Released: Wed Aug 17 14:41:07 2022 Summary: Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins Type: security Severity: moderate References: 1195916,1196696,CVE-2020-29651 This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues: - Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972) - Remove redundant python3 dependency from Requires - Update regular expression to fix python shebang - Style is enforced upstream and triggers unnecessary build version requirements - Allow specifying fs_id in cloudwatch log group name - Includes fix for stunnel path - Added hardening to systemd service(s). - Raise minimal pytest version - Fix typo in the ansi2html Requires - Cleanup with spec-cleaner - Make sure the tests are really executed - Remove useless devel dependency - Multiprocessing support in Python 3.8 was broken, but is now fixed - Bumpy the URL to point to github rather than to docs ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2853-1 Released: Fri Aug 19 15:59:42 2022 Summary: Recommended update for sle-module-legacy-release Type: recommended Severity: low References: 1202498 This update for python-iniconfig provides the following fix: - Ship python3-iniconfig also to openSUSE 15.3 and 15.4 (bsc#1202498) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2943-1 Released: Tue Aug 30 15:42:16 2022 Summary: Recommended update for python-iniconfig Type: recommended Severity: low References: 1202498 This update for python-iniconfig provides the following fix: - Ship missing python2-iniconfig to openSUSE 15.3 (bsc#1202498) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3022-1 Released: Mon Sep 5 15:16:02 2022 Summary: Recommended update for python-pyOpenSSL Type: recommended Severity: moderate References: 1200771 This update for python-pyOpenSSL fixes the following issues: - Fixed checks for invalid ALPN lists before calling OpenSSL (gh#pyca/pyopenssl#1056). python-pyOpenSSL was updated to 21.0.0 (bsc#1200771, jsc#SLE-24519): - The minimum ``cryptography`` version is now 3.3. - Raise an error when an invalid ALPN value is set. - Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version`` - Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3985-1 Released: Tue Nov 15 12:54:11 2022 Summary: Recommended update for python-apipkg Type: recommended Severity: moderate References: 1204145 This update fixes for python3-apipkg the following issues: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:139-1 Released: Wed Jan 25 14:41:55 2023 Summary: Security update for python-certifi Type: security Severity: important References: 1206212,CVE-2022-23491 This update for python-certifi fixes the following issues: - remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle certs (bsc#1206212 CVE-2022-23491) - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 - Add removeTrustCor.patch ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:161-1 Released: Thu Jan 26 18:23:16 2023 Summary: Security update for python-py Type: security Severity: moderate References: 1204364,CVE-2022-42969 This update for python-py fixes the following issues: - CVE-2022-42969: Fixed an excessive resource consumption that could be triggered when interacting with a Subversion repository containing crated data (bsc#1204364). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:557-1 Released: Tue Feb 28 09:29:15 2023 Summary: Security update for libxslt Type: security Severity: important References: 1208574,CVE-2021-30560 This update for libxslt fixes the following issues: - CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:722-1 Released: Tue Mar 14 14:57:15 2023 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1208036,CVE-2023-23931 This update for python-cryptography fixes the following issues: - CVE-2023-23931: Fixed memory corruption due to invalidly changed immutable object (bsc#1208036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2866-1 Released: Tue Jul 18 11:09:03 2023 Summary: Security update for python-requests Type: security Severity: moderate References: 1211674,CVE-2023-32681 This update for python-requests fixes the following issues: - CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2898-1 Released: Thu Jul 20 09:15:33 2023 Summary: Recommended update for python-instance-billing-flavor-check Type: feature Severity: critical References: This update for python-instance-billing-flavor-check fixes the following issues: - Include PAYG checker package in SLE (jsc#PED-4791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3330-1 Released: Wed Aug 16 08:59:33 2023 Summary: Recommended update for python-pyasn1 Type: recommended Severity: important References: 1207805 This update for python-pyasn1 fixes the following issues: - To avoid users of this package having to recompile bytecode files, change the mtime of any __init__.py. (bsc#1207805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3371-1 Released: Tue Aug 22 13:30:18 2023 Summary: Recommended update for liblognorm Type: recommended Severity: moderate References: This update for liblognorm fixes the following issues: - Update to liblognorm v2.0.6 (jsc#PED-4883) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3372-1 Released: Tue Aug 22 13:44:38 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1211757,1213212 This update for rsyslog fixes the following issues: - Fix removal of imfile state files (bsc#1213212) - Fix segfaults in modExit() of imklog.c (bsc#1211757) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3393-1 Released: Wed Aug 23 17:41:55 2023 Summary: Recommended update for dracut Type: recommended Severity: important References: 1214081 This update for dracut fixes the following issues: - Protect against broken links pointing to themselves - Exit if resolving executable dependencies fails (bsc#1214081) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3447-1 Released: Mon Aug 28 10:57:05 2023 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1212684,1213616,1214082,1214083,CVE-2022-40982,CVE-2023-20569,CVE-2023-20593 This update for xen fixes the following issues: - CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434) - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435) - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3452-1 Released: Mon Aug 28 12:41:11 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1213951 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update from version 1.0.7 to 1.0.8 (bsc#1213951) - Capture CSP billing adapter config and log - Accept upper case Amazon string in DMI table ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3461-1 Released: Mon Aug 28 17:25:09 2023 Summary: Security update for freetype2 Type: security Severity: moderate References: 1210419,CVE-2023-2004 This update for freetype2 fixes the following issues: - CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3465-1 Released: Tue Aug 29 07:30:00 2023 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1213607,1213826,1213940 This update for samba fixes the following issues: - Fix DFS not working with widelinks enabled; (bsc#1213607) - Move libcluster-samba4.so from samba-libs to samba-client-libs (bsc#1213940) - net ads lookup with unspecified realm fails (bsc#1213826) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3468-1 Released: Tue Aug 29 09:22:18 2023 Summary: Recommended update for python3 Type: recommended Severity: low References: This update for python3 fixes the following issue: - Rename sources in preparation of python3.11 (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3470-1 Released: Tue Aug 29 10:49:33 2023 Summary: Recommended update for parted Type: recommended Severity: low References: 1182142,1193412 This update for parted fixes the following issues: - fix null pointer dereference (bsc#1193412) - update mkpart options in manpage (bsc#1182142) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3485-1 Released: Tue Aug 29 14:20:56 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3497-1 Released: Wed Aug 30 21:25:05 2023 Summary: Security update for vim Type: security Severity: important References: 1210996,1211256,1211257,1211461,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610 This update for vim fixes the following issues: Updated to version 9.0 with patch level 1572. - CVE-2023-2426: Fixed Out-of-range Pointer Offset use (bsc#1210996). - CVE-2023-2609: Fixed NULL Pointer Dereference (bsc#1211256). - CVE-2023-2610: Fixed nteger Overflow or Wraparound (bsc#1211257). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3514-1 Released: Fri Sep 1 15:48:52 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3521-1 Released: Tue Sep 5 08:56:45 2023 Summary: Recommended update for python-iniconfig Type: recommended Severity: moderate References: 1213582 This update for python-iniconfig provides python3-iniconfig to SUSE Linux Enterprise Micro 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3536-1 Released: Tue Sep 5 15:00:27 2023 Summary: Security update for docker Type: security Severity: moderate References: 1210797,1212368,1213120,1213229,1213500,1214107,1214108,1214109,CVE-2023-28840,CVE-2023-28841,CVE-2023-28842 This update for docker fixes the following issues: - Update to Docker 24.0.5-ce. See upstream changelong online at bsc#1213229 - Update to Docker 24.0.4-ce. See upstream changelog online at . bsc#1213500 - Update to Docker 24.0.3-ce. See upstream changelog online at . bsc#1213120 - Recommend docker-rootless-extras instead of Require(ing) it, given it's an additional functionality and not inherently required for docker to function. - Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless) - Update to Docker 24.0.2-ce. See upstream changelog online at . bsc#1212368 * Includes the upstreamed fix for the mount table pollution issue. bsc#1210797 - Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as being provided by this package. - was rebuilt against current GO compiler. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3543-1 Released: Wed Sep 6 08:27:22 2023 Summary: Recommended update for protobuf-c Type: recommended Severity: moderate References: 1214006 This update for protobuf-c fixes the following issues: - Add missing Provides/Obsoletes after package merge (bsc#1214006) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low References: 1209998 This update for crypto-policies fixes the following issues: - Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - audit-3.0.6-150400.4.13.1 updated - ca-certificates-mozilla-2.62-150200.30.1 updated - crypto-policies-20210917.c9d86d1-150400.3.3.1 updated - docker-24.0.5_ce-150000.185.1 updated - dracut-055+suse.369.gde6c81bf-150500.3.9.1 updated - gawk-4.2.1-150000.3.3.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libauparse0-3.0.6-150400.4.13.1 updated - libdevmapper1_03-2.03.16_1.02.185-150500.7.6.1 updated - libfreetype6-2.10.4-150000.4.15.1 updated - liblognorm5-2.0.6-150000.3.3.1 updated - libparted0-3.2-150300.21.3.1 updated - libprocps7-3.3.15-150000.7.34.1 updated - libprotobuf-c1-1.3.2-150200.3.9.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libudev1-249.16-150400.8.33.1 updated - libxslt1-1.1.34-150400.3.3.1 added - libzypp-17.31.20-150400.3.40.1 updated - parted-3.2-150300.21.3.1 updated - procps-3.3.15-150000.7.34.1 updated - python-instance-billing-flavor-check-0.0.2-150000.1.3.1 added - python3-apipkg-2.1.0-150500.1.1 added - python3-asn1crypto-0.24.0-3.2.1 added - python3-certifi-2018.1.18-150000.3.3.1 added - python3-cffi-1.13.2-3.2.5 added - python3-chardet-3.0.4-3.23 added - python3-cryptography-3.3.2-150400.16.6.1 added - python3-cssselect-1.0.3-150000.3.3.1 added - python3-idna-2.6-1.20 added - python3-iniconfig-1.1.1-150000.1.11.1 added - python3-lxml-4.9.1-150500.1.2 added - python3-ordered-set-4.0.2-150400.8.34 updated - python3-pyOpenSSL-21.0.0-150400.7.62 added - python3-pyasn1-0.4.2-150000.3.5.1 added - python3-pycparser-2.17-3.2.1 added - python3-py-1.10.0-150100.5.12.1 added - python3-requests-2.24.0-150300.3.3.1 added - python3-urllib3-1.25.10-4.3.1 added - rsyslog-module-relp-8.2306.0-150400.5.18.1 updated - rsyslog-8.2306.0-150400.5.18.1 updated - samba-client-libs-4.17.9+git.387.ca59f91f61-150500.3.8.1 updated - supportutils-plugin-suse-public-cloud-1.0.8-150000.3.17.1 updated - system-group-audit-3.0.6-150400.4.13.1 updated - systemd-sysvinit-249.16-150400.8.33.1 updated - systemd-249.16-150400.8.33.1 updated - sysuser-shadow-3.2-150400.3.5.3 updated - udev-249.16-150400.8.33.1 updated - vim-data-common-9.0.1632-150500.20.3.1 updated - vim-9.0.1632-150500.20.3.1 updated - xen-libs-4.17.2_02-150500.3.6.1 updated - zypper-1.14.63-150400.3.29.1 updated - samba-libs-4.17.9+git.367.dae41ffdd1f-150500.3.5.1 removed From sle-updates at lists.suse.com Mon Sep 18 07:03:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 09:03:50 +0200 (CEST) Subject: SUSE-CU-2023:3005-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20230918070350.18CB4FCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3005-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.46 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.46 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated - container:sles15-image-15.0.0-36.5.33 updated From sle-updates at lists.suse.com Mon Sep 18 07:05:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 09:05:15 +0200 (CEST) Subject: SUSE-CU-2023:3006-1: Recommended update of suse/sle15 Message-ID: <20230918070515.1C1FEFCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3006-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.97 , suse/sle15:15.4 , suse/sle15:15.4.27.14.97 Container Release : 27.14.97 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated From sle-updates at lists.suse.com Mon Sep 18 07:05:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 09:05:30 +0200 (CEST) Subject: SUSE-CU-2023:3007-1: Recommended update of bci/golang Message-ID: <20230918070530.C29A5FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3007-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.2.3 , bci/golang:oldstable , bci/golang:oldstable-2.2.3 Container Release : 2.3 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated - container:sles15-image-15.0.0-36.5.33 updated From sle-updates at lists.suse.com Mon Sep 18 07:05:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 09:05:46 +0200 (CEST) Subject: SUSE-CU-2023:3008-1: Recommended update of bci/golang Message-ID: <20230918070546.F15DDFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3008-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-1.2.2 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.2.2 Container Release : 2.2 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated From sle-updates at lists.suse.com Mon Sep 18 09:26:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 09:26:30 -0000 Subject: SUSE-SU-2023:3628-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP3) Message-ID: <169502919028.7023.2654021620663936877@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:3628-1 Rating: important References: * #1208839 * #1211187 * #1211395 * #1212849 * #1213063 * #1213244 Cross-References: * CVE-2023-1077 * CVE-2023-2156 * CVE-2023-3090 * CVE-2023-32233 * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves six vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_121 fixes several issues. The following security issues were fixed: * CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211187). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-3628=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_121-default-5-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-32233.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1211187 * https://bugzilla.suse.com/show_bug.cgi?id=1211395 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 09:26:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 09:26:33 -0000 Subject: SUSE-SU-2023:3627-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP3) Message-ID: <169502919375.7023.17539868898608461548@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:3627-1 Rating: important References: * #1208839 * #1210630 * #1211187 * #1211395 * #1212849 * #1213063 * #1213244 Cross-References: * CVE-2023-1077 * CVE-2023-2156 * CVE-2023-2176 * CVE-2023-3090 * CVE-2023-32233 * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_115 fixes several issues. The following security issues were fixed: * CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211187). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210630). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-3627=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_115-default-6-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-32233.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1210630 * https://bugzilla.suse.com/show_bug.cgi?id=1211187 * https://bugzilla.suse.com/show_bug.cgi?id=1211395 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 12:30:04 -0000 Subject: SUSE-SU-2023:3632-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP3) Message-ID: <169504020497.826.6032697379708868083@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:3632-1 Rating: important References: * #1211395 * #1213063 * #1213244 Cross-References: * CVE-2023-2156 * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_127 fixes several issues. The following security issues were fixed: * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-3632=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_127-default-2-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1211395 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 12:30:07 -0000 Subject: SUSE-SU-2023:3631-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP3) Message-ID: <169504020789.826.9239050484187017810@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:3631-1 Rating: important References: * #1208839 * #1211395 * #1212849 * #1213063 * #1213244 Cross-References: * CVE-2023-1077 * CVE-2023-2156 * CVE-2023-3090 * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_124 fixes several issues. The following security issues were fixed: * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-3631=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_124-default-3-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1211395 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 12:30:11 -0000 Subject: SUSE-SU-2023:3630-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP5) Message-ID: <169504021148.826.13488949117708716712@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:3630-1 Rating: important References: * #1208839 * #1210630 * #1211187 * #1211395 * #1212849 * #1213063 * #1213244 Cross-References: * CVE-2023-1077 * CVE-2023-2156 * CVE-2023-2176 * CVE-2023-3090 * CVE-2023-32233 * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_53 fixes several issues. The following security issues were fixed: * CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211187). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210630). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-3630=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3633=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3633=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_118-default-5-150300.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_53-default-debuginfo-3-150500.6.2 * kernel-livepatch-SLE15-SP5_Update_0-debugsource-3-150500.6.2 * kernel-livepatch-5_14_21-150500_53-default-3-150500.6.2 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_53-default-debuginfo-3-150500.6.2 * kernel-livepatch-SLE15-SP5_Update_0-debugsource-3-150500.6.2 * kernel-livepatch-5_14_21-150500_53-default-3-150500.6.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-32233.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1210630 * https://bugzilla.suse.com/show_bug.cgi?id=1211187 * https://bugzilla.suse.com/show_bug.cgi?id=1211395 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 12:30:14 -0000 Subject: SUSE-SU-2023:3629-1: important: Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP5) Message-ID: <169504021444.826.1982560580684253716@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:3629-1 Rating: important References: * #1208839 * #1210630 * #1212849 * #1213063 * #1213244 Cross-References: * CVE-2023-1077 * CVE-2023-2176 * CVE-2023-3090 * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_147 fixes several issues. The following security issues were fixed: * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210630). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-3629=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_147-default-7-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1210630 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 12:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 12:30:16 -0000 Subject: SUSE-SU-2023:3639-1: moderate: Security update for libeconf Message-ID: <169504021686.826.17922029846558145829@smelt2.suse.de> # Security update for libeconf Announcement ID: SUSE-SU-2023:3639-1 Rating: moderate References: * #1198165 * #1211078 Cross-References: * CVE-2023-22652 * CVE-2023-30078 * CVE-2023-30079 * CVE-2023-32181 CVSS scores: * CVE-2023-22652 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-22652 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-30078 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-30078 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-30079 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-30079 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32181 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32181 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves four vulnerabilities can now be installed. ## Description: This update for libeconf fixes the following issues: Update to version 0.5.2. * CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in "econf_writeFile" function (bsc#1211078). * CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in "read_file" function. (bsc#1211078) The following non-security bug was fixed: * Fixed parsing files correctly which have space characters AND none space characters as delimiters (bsc#1198165). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3639=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3639=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3639=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3639=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3639=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3639=1 ## Package List: * SUSE Manager Proxy 4.2 (x86_64) * libeconf-debugsource-0.5.2-150300.3.11.1 * libeconf0-debuginfo-0.5.2-150300.3.11.1 * libeconf0-0.5.2-150300.3.11.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libeconf-debugsource-0.5.2-150300.3.11.1 * libeconf0-debuginfo-0.5.2-150300.3.11.1 * libeconf0-0.5.2-150300.3.11.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libeconf-debugsource-0.5.2-150300.3.11.1 * libeconf0-debuginfo-0.5.2-150300.3.11.1 * libeconf0-0.5.2-150300.3.11.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libeconf-debugsource-0.5.2-150300.3.11.1 * libeconf0-debuginfo-0.5.2-150300.3.11.1 * libeconf0-0.5.2-150300.3.11.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libeconf-debugsource-0.5.2-150300.3.11.1 * libeconf0-debuginfo-0.5.2-150300.3.11.1 * libeconf0-0.5.2-150300.3.11.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libeconf-debugsource-0.5.2-150300.3.11.1 * libeconf0-debuginfo-0.5.2-150300.3.11.1 * libeconf0-0.5.2-150300.3.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22652.html * https://www.suse.com/security/cve/CVE-2023-30078.html * https://www.suse.com/security/cve/CVE-2023-30079.html * https://www.suse.com/security/cve/CVE-2023-32181.html * https://bugzilla.suse.com/show_bug.cgi?id=1198165 * https://bugzilla.suse.com/show_bug.cgi?id=1211078 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 12:30:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 12:30:32 -0000 Subject: SUSE-RU-2023:3636-1: important: Recommended update for cloud-netconfig Message-ID: <169504023241.826.11040928661421361095@smelt2.suse.de> # Recommended update for cloud-netconfig Announcement ID: SUSE-RU-2023:3636-1 Rating: important References: * #1214715 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one fix can now be installed. ## Description: This update for cloud-netconfig fixes the following issues: * Update to version 1.8: * Fix Automatic Addition of Secondary IP Addresses in Azure Using cloud- netconfig. (bsc#1214715) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-3636=1 ## Package List: * Public Cloud Module 12 (noarch) * cloud-netconfig-azure-1.8-30.1 * cloud-netconfig-gce-1.8-30.1 * cloud-netconfig-ec2-1.8-30.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214715 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 12:30:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 12:30:30 -0000 Subject: SUSE-RU-2023:3637-1: important: Recommended update for cloud-netconfig Message-ID: <169504023053.826.14923002109996510166@smelt2.suse.de> # Recommended update for cloud-netconfig Announcement ID: SUSE-RU-2023:3637-1 Rating: important References: * #1214715 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for cloud-netconfig fixes the following issues: * Update to version 1.8: * Fix Automatic Addition of Secondary IP Addresses in Azure Using cloud- netconfig. (bsc#1214715) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3637=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3637=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3637=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3637=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3637=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3637=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3637=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3637=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-3637=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-3637=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-3637=1 ## Package List: * Public Cloud Module 15-SP4 (noarch) * cloud-netconfig-gce-1.8-150000.25.11.1 * cloud-netconfig-azure-1.8-150000.25.11.1 * cloud-netconfig-ec2-1.8-150000.25.11.1 * Public Cloud Module 15-SP5 (noarch) * cloud-netconfig-gce-1.8-150000.25.11.1 * cloud-netconfig-azure-1.8-150000.25.11.1 * cloud-netconfig-ec2-1.8-150000.25.11.1 * openSUSE Leap 15.4 (noarch) * cloud-netconfig-gce-1.8-150000.25.11.1 * cloud-netconfig-azure-1.8-150000.25.11.1 * cloud-netconfig-ec2-1.8-150000.25.11.1 * openSUSE Leap 15.5 (noarch) * cloud-netconfig-gce-1.8-150000.25.11.1 * cloud-netconfig-azure-1.8-150000.25.11.1 * cloud-netconfig-ec2-1.8-150000.25.11.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * cloud-netconfig-gce-1.8-150000.25.11.1 * cloud-netconfig-azure-1.8-150000.25.11.1 * cloud-netconfig-ec2-1.8-150000.25.11.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * cloud-netconfig-gce-1.8-150000.25.11.1 * cloud-netconfig-azure-1.8-150000.25.11.1 * cloud-netconfig-ec2-1.8-150000.25.11.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * cloud-netconfig-gce-1.8-150000.25.11.1 * cloud-netconfig-azure-1.8-150000.25.11.1 * cloud-netconfig-ec2-1.8-150000.25.11.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * cloud-netconfig-gce-1.8-150000.25.11.1 * cloud-netconfig-azure-1.8-150000.25.11.1 * cloud-netconfig-ec2-1.8-150000.25.11.1 * Public Cloud Module 15-SP1 (noarch) * cloud-netconfig-gce-1.8-150000.25.11.1 * cloud-netconfig-azure-1.8-150000.25.11.1 * cloud-netconfig-ec2-1.8-150000.25.11.1 * Public Cloud Module 15-SP2 (noarch) * cloud-netconfig-gce-1.8-150000.25.11.1 * cloud-netconfig-azure-1.8-150000.25.11.1 * cloud-netconfig-ec2-1.8-150000.25.11.1 * Public Cloud Module 15-SP3 (noarch) * cloud-netconfig-gce-1.8-150000.25.11.1 * cloud-netconfig-azure-1.8-150000.25.11.1 * cloud-netconfig-ec2-1.8-150000.25.11.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214715 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 12:30:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 12:30:34 -0000 Subject: SUSE-SU-2023:3635-1: moderate: Security update for flac Message-ID: <169504023482.826.5559591130274773879@smelt2.suse.de> # Security update for flac Announcement ID: SUSE-SU-2023:3635-1 Rating: moderate References: * #1214615 Cross-References: * CVE-2020-22219 CVSS scores: * CVE-2020-22219 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-22219 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for flac fixes the following issues: * CVE-2020-22219: Fixed a buffer overflow in function bitwriter_grow_ which might allow a remote attacker to run arbitrary code via crafted input to the encoder. (bsc#1214615) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3635=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3635=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3635=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3635=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3635=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3635=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3635=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3635=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3635=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * flac-devel-1.3.2-150000.3.14.1 * libFLAC8-debuginfo-1.3.2-150000.3.14.1 * flac-1.3.2-150000.3.14.1 * libFLAC8-1.3.2-150000.3.14.1 * libFLAC++6-1.3.2-150000.3.14.1 * flac-debuginfo-1.3.2-150000.3.14.1 * flac-debugsource-1.3.2-150000.3.14.1 * libFLAC++6-debuginfo-1.3.2-150000.3.14.1 * openSUSE Leap 15.4 (x86_64) * flac-devel-32bit-1.3.2-150000.3.14.1 * libFLAC++6-32bit-1.3.2-150000.3.14.1 * libFLAC++6-32bit-debuginfo-1.3.2-150000.3.14.1 * libFLAC8-32bit-debuginfo-1.3.2-150000.3.14.1 * libFLAC8-32bit-1.3.2-150000.3.14.1 * openSUSE Leap 15.4 (noarch) * flac-doc-1.3.2-150000.3.14.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * flac-devel-1.3.2-150000.3.14.1 * libFLAC8-debuginfo-1.3.2-150000.3.14.1 * flac-1.3.2-150000.3.14.1 * libFLAC8-1.3.2-150000.3.14.1 * libFLAC++6-1.3.2-150000.3.14.1 * flac-debuginfo-1.3.2-150000.3.14.1 * flac-debugsource-1.3.2-150000.3.14.1 * libFLAC++6-debuginfo-1.3.2-150000.3.14.1 * openSUSE Leap 15.5 (x86_64) * flac-devel-32bit-1.3.2-150000.3.14.1 * libFLAC++6-32bit-1.3.2-150000.3.14.1 * libFLAC++6-32bit-debuginfo-1.3.2-150000.3.14.1 * libFLAC8-32bit-debuginfo-1.3.2-150000.3.14.1 * libFLAC8-32bit-1.3.2-150000.3.14.1 * openSUSE Leap 15.5 (noarch) * flac-doc-1.3.2-150000.3.14.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * flac-devel-1.3.2-150000.3.14.1 * libFLAC8-debuginfo-1.3.2-150000.3.14.1 * libFLAC8-1.3.2-150000.3.14.1 * libFLAC++6-1.3.2-150000.3.14.1 * flac-debuginfo-1.3.2-150000.3.14.1 * flac-debugsource-1.3.2-150000.3.14.1 * libFLAC++6-debuginfo-1.3.2-150000.3.14.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * flac-devel-1.3.2-150000.3.14.1 * libFLAC8-debuginfo-1.3.2-150000.3.14.1 * libFLAC8-1.3.2-150000.3.14.1 * libFLAC++6-1.3.2-150000.3.14.1 * flac-debuginfo-1.3.2-150000.3.14.1 * flac-debugsource-1.3.2-150000.3.14.1 * libFLAC++6-debuginfo-1.3.2-150000.3.14.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * flac-debugsource-1.3.2-150000.3.14.1 * flac-1.3.2-150000.3.14.1 * flac-debuginfo-1.3.2-150000.3.14.1 * SUSE Package Hub 15 15-SP4 (x86_64) * libFLAC8-32bit-debuginfo-1.3.2-150000.3.14.1 * libFLAC8-32bit-1.3.2-150000.3.14.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * flac-debugsource-1.3.2-150000.3.14.1 * flac-1.3.2-150000.3.14.1 * flac-debuginfo-1.3.2-150000.3.14.1 * SUSE Package Hub 15 15-SP5 (x86_64) * libFLAC8-32bit-debuginfo-1.3.2-150000.3.14.1 * libFLAC8-32bit-1.3.2-150000.3.14.1 * SUSE Manager Proxy 4.2 (x86_64) * flac-devel-1.3.2-150000.3.14.1 * libFLAC8-debuginfo-1.3.2-150000.3.14.1 * libFLAC8-1.3.2-150000.3.14.1 * libFLAC++6-1.3.2-150000.3.14.1 * flac-debuginfo-1.3.2-150000.3.14.1 * flac-debugsource-1.3.2-150000.3.14.1 * libFLAC++6-debuginfo-1.3.2-150000.3.14.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * flac-devel-1.3.2-150000.3.14.1 * libFLAC8-debuginfo-1.3.2-150000.3.14.1 * libFLAC8-1.3.2-150000.3.14.1 * libFLAC++6-1.3.2-150000.3.14.1 * flac-debuginfo-1.3.2-150000.3.14.1 * flac-debugsource-1.3.2-150000.3.14.1 * libFLAC++6-debuginfo-1.3.2-150000.3.14.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * flac-devel-1.3.2-150000.3.14.1 * libFLAC8-debuginfo-1.3.2-150000.3.14.1 * libFLAC8-1.3.2-150000.3.14.1 * libFLAC++6-1.3.2-150000.3.14.1 * flac-debuginfo-1.3.2-150000.3.14.1 * flac-debugsource-1.3.2-150000.3.14.1 * libFLAC++6-debuginfo-1.3.2-150000.3.14.1 ## References: * https://www.suse.com/security/cve/CVE-2020-22219.html * https://bugzilla.suse.com/show_bug.cgi?id=1214615 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 12:30:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 12:30:37 -0000 Subject: SUSE-SU-2023:3634-1: critical: Security update for libwebp Message-ID: <169504023781.826.11128318647283344386@smelt2.suse.de> # Security update for libwebp Announcement ID: SUSE-SU-2023:3634-1 Rating: critical References: * #1215231 Cross-References: * CVE-2023-4863 CVSS scores: * CVE-2023-4863 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libwebp fixes the following issues: * CVE-2023-4863: Fixed heap buffer overflow (bsc#1215231). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3634=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3634=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3634=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3634=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3634=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3634=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3634=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3634=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3634=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3634=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3634=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3634=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3634=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3634=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3634=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3634=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3634=1 ## Package List: * SUSE Package Hub 15 15-SP4 (x86_64) * libwebp7-32bit-debuginfo-1.0.3-150200.3.10.1 * libwebp7-32bit-1.0.3-150200.3.10.1 * SUSE Package Hub 15 15-SP5 (x86_64) * libwebp-debugsource-1.0.3-150200.3.10.1 * libwebp7-32bit-1.0.3-150200.3.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libwebp7-1.0.3-150200.3.10.1 * libwebpdecoder3-debuginfo-1.0.3-150200.3.10.1 * libwebpmux3-1.0.3-150200.3.10.1 * libwebpmux3-debuginfo-1.0.3-150200.3.10.1 * libwebpdemux2-1.0.3-150200.3.10.1 * libwebp7-debuginfo-1.0.3-150200.3.10.1 * libwebp-devel-1.0.3-150200.3.10.1 * libwebpdecoder3-1.0.3-150200.3.10.1 * libwebpdemux2-debuginfo-1.0.3-150200.3.10.1 * libwebp-debugsource-1.0.3-150200.3.10.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libwebp7-1.0.3-150200.3.10.1 * libwebpdecoder3-debuginfo-1.0.3-150200.3.10.1 * libwebpmux3-1.0.3-150200.3.10.1 * libwebpmux3-debuginfo-1.0.3-150200.3.10.1 * libwebpdemux2-1.0.3-150200.3.10.1 * libwebp7-debuginfo-1.0.3-150200.3.10.1 * libwebp-devel-1.0.3-150200.3.10.1 * libwebpdecoder3-1.0.3-150200.3.10.1 * libwebpdemux2-debuginfo-1.0.3-150200.3.10.1 * libwebp-debugsource-1.0.3-150200.3.10.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libwebp7-1.0.3-150200.3.10.1 * libwebpdecoder3-debuginfo-1.0.3-150200.3.10.1 * libwebpmux3-1.0.3-150200.3.10.1 * libwebpmux3-debuginfo-1.0.3-150200.3.10.1 * libwebpdemux2-1.0.3-150200.3.10.1 * libwebp7-debuginfo-1.0.3-150200.3.10.1 * libwebp-devel-1.0.3-150200.3.10.1 * libwebpdecoder3-1.0.3-150200.3.10.1 * libwebpdemux2-debuginfo-1.0.3-150200.3.10.1 * libwebp-debugsource-1.0.3-150200.3.10.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libwebp7-1.0.3-150200.3.10.1 * libwebpdecoder3-debuginfo-1.0.3-150200.3.10.1 * libwebpmux3-1.0.3-150200.3.10.1 * libwebpmux3-debuginfo-1.0.3-150200.3.10.1 * libwebpdemux2-1.0.3-150200.3.10.1 * libwebp7-debuginfo-1.0.3-150200.3.10.1 * libwebp-devel-1.0.3-150200.3.10.1 * libwebpdecoder3-1.0.3-150200.3.10.1 * libwebpdemux2-debuginfo-1.0.3-150200.3.10.1 * libwebp-debugsource-1.0.3-150200.3.10.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libwebp7-1.0.3-150200.3.10.1 * libwebpdecoder3-debuginfo-1.0.3-150200.3.10.1 * libwebpmux3-1.0.3-150200.3.10.1 * libwebpmux3-debuginfo-1.0.3-150200.3.10.1 * libwebpdemux2-1.0.3-150200.3.10.1 * libwebp7-debuginfo-1.0.3-150200.3.10.1 * libwebp-devel-1.0.3-150200.3.10.1 * libwebpdecoder3-1.0.3-150200.3.10.1 * libwebpdemux2-debuginfo-1.0.3-150200.3.10.1 * libwebp-debugsource-1.0.3-150200.3.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libwebp7-1.0.3-150200.3.10.1 * libwebpdecoder3-debuginfo-1.0.3-150200.3.10.1 * libwebpmux3-1.0.3-150200.3.10.1 * libwebpmux3-debuginfo-1.0.3-150200.3.10.1 * libwebpdemux2-1.0.3-150200.3.10.1 * libwebp7-debuginfo-1.0.3-150200.3.10.1 * libwebp-devel-1.0.3-150200.3.10.1 * libwebpdecoder3-1.0.3-150200.3.10.1 * libwebpdemux2-debuginfo-1.0.3-150200.3.10.1 * libwebp-debugsource-1.0.3-150200.3.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libwebp7-1.0.3-150200.3.10.1 * libwebpdecoder3-debuginfo-1.0.3-150200.3.10.1 * libwebpmux3-1.0.3-150200.3.10.1 * libwebpmux3-debuginfo-1.0.3-150200.3.10.1 * libwebpdemux2-1.0.3-150200.3.10.1 * libwebp7-debuginfo-1.0.3-150200.3.10.1 * libwebp-devel-1.0.3-150200.3.10.1 * libwebpdecoder3-1.0.3-150200.3.10.1 * libwebpdemux2-debuginfo-1.0.3-150200.3.10.1 * libwebp-debugsource-1.0.3-150200.3.10.1 * SUSE Manager Proxy 4.2 (x86_64) * libwebp7-1.0.3-150200.3.10.1 * libwebpdecoder3-debuginfo-1.0.3-150200.3.10.1 * libwebpmux3-1.0.3-150200.3.10.1 * libwebpmux3-debuginfo-1.0.3-150200.3.10.1 * libwebpdemux2-1.0.3-150200.3.10.1 * libwebp7-debuginfo-1.0.3-150200.3.10.1 * libwebp-devel-1.0.3-150200.3.10.1 * libwebpdecoder3-1.0.3-150200.3.10.1 * libwebpdemux2-debuginfo-1.0.3-150200.3.10.1 * libwebp-debugsource-1.0.3-150200.3.10.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libwebp7-1.0.3-150200.3.10.1 * libwebpdecoder3-debuginfo-1.0.3-150200.3.10.1 * libwebpmux3-1.0.3-150200.3.10.1 * libwebpmux3-debuginfo-1.0.3-150200.3.10.1 * libwebpdemux2-1.0.3-150200.3.10.1 * libwebp7-debuginfo-1.0.3-150200.3.10.1 * libwebp-devel-1.0.3-150200.3.10.1 * libwebpdecoder3-1.0.3-150200.3.10.1 * libwebpdemux2-debuginfo-1.0.3-150200.3.10.1 * libwebp-debugsource-1.0.3-150200.3.10.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libwebp7-1.0.3-150200.3.10.1 * libwebpdecoder3-debuginfo-1.0.3-150200.3.10.1 * libwebpmux3-1.0.3-150200.3.10.1 * libwebpmux3-debuginfo-1.0.3-150200.3.10.1 * libwebpdemux2-1.0.3-150200.3.10.1 * libwebp7-debuginfo-1.0.3-150200.3.10.1 * libwebp-devel-1.0.3-150200.3.10.1 * libwebpdecoder3-1.0.3-150200.3.10.1 * libwebpdemux2-debuginfo-1.0.3-150200.3.10.1 * libwebp-debugsource-1.0.3-150200.3.10.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libwebp7-1.0.3-150200.3.10.1 * libwebpdecoder3-debuginfo-1.0.3-150200.3.10.1 * libwebpmux3-1.0.3-150200.3.10.1 * libwebpmux3-debuginfo-1.0.3-150200.3.10.1 * libwebpdemux2-1.0.3-150200.3.10.1 * libwebp7-debuginfo-1.0.3-150200.3.10.1 * libwebp-devel-1.0.3-150200.3.10.1 * libwebpdecoder3-1.0.3-150200.3.10.1 * libwebpdemux2-debuginfo-1.0.3-150200.3.10.1 * libwebp-debugsource-1.0.3-150200.3.10.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libwebp7-1.0.3-150200.3.10.1 * libwebpdecoder3-debuginfo-1.0.3-150200.3.10.1 * libwebpmux3-1.0.3-150200.3.10.1 * libwebpmux3-debuginfo-1.0.3-150200.3.10.1 * libwebp-tools-debuginfo-1.0.3-150200.3.10.1 * libwebpdemux2-1.0.3-150200.3.10.1 * libwebp-tools-1.0.3-150200.3.10.1 * libwebp-devel-1.0.3-150200.3.10.1 * libwebp7-debuginfo-1.0.3-150200.3.10.1 * libwebpdecoder3-1.0.3-150200.3.10.1 * libwebpdemux2-debuginfo-1.0.3-150200.3.10.1 * libwebp-debugsource-1.0.3-150200.3.10.1 * openSUSE Leap 15.4 (x86_64) * libwebp7-32bit-1.0.3-150200.3.10.1 * libwebpdemux2-32bit-1.0.3-150200.3.10.1 * libwebpdemux2-32bit-debuginfo-1.0.3-150200.3.10.1 * libwebpdecoder3-32bit-debuginfo-1.0.3-150200.3.10.1 * libwebpmux3-32bit-1.0.3-150200.3.10.1 * libwebp7-32bit-debuginfo-1.0.3-150200.3.10.1 * libwebp-devel-32bit-1.0.3-150200.3.10.1 * libwebpdecoder3-32bit-1.0.3-150200.3.10.1 * libwebpmux3-32bit-debuginfo-1.0.3-150200.3.10.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libwebp7-1.0.3-150200.3.10.1 * libwebpdecoder3-debuginfo-1.0.3-150200.3.10.1 * libwebpmux3-1.0.3-150200.3.10.1 * libwebpmux3-debuginfo-1.0.3-150200.3.10.1 * libwebp-tools-debuginfo-1.0.3-150200.3.10.1 * libwebpdemux2-1.0.3-150200.3.10.1 * libwebp-tools-1.0.3-150200.3.10.1 * libwebp-devel-1.0.3-150200.3.10.1 * libwebp7-debuginfo-1.0.3-150200.3.10.1 * libwebpdecoder3-1.0.3-150200.3.10.1 * libwebpdemux2-debuginfo-1.0.3-150200.3.10.1 * libwebp-debugsource-1.0.3-150200.3.10.1 * openSUSE Leap 15.5 (x86_64) * libwebp7-32bit-1.0.3-150200.3.10.1 * libwebpdemux2-32bit-1.0.3-150200.3.10.1 * libwebpdemux2-32bit-debuginfo-1.0.3-150200.3.10.1 * libwebpdecoder3-32bit-debuginfo-1.0.3-150200.3.10.1 * libwebpmux3-32bit-1.0.3-150200.3.10.1 * libwebp7-32bit-debuginfo-1.0.3-150200.3.10.1 * libwebp-devel-32bit-1.0.3-150200.3.10.1 * libwebpdecoder3-32bit-1.0.3-150200.3.10.1 * libwebpmux3-32bit-debuginfo-1.0.3-150200.3.10.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libwebp7-1.0.3-150200.3.10.1 * libwebpdecoder3-debuginfo-1.0.3-150200.3.10.1 * libwebpmux3-1.0.3-150200.3.10.1 * libwebpmux3-debuginfo-1.0.3-150200.3.10.1 * libwebpdemux2-1.0.3-150200.3.10.1 * libwebp7-debuginfo-1.0.3-150200.3.10.1 * libwebp-devel-1.0.3-150200.3.10.1 * libwebpdecoder3-1.0.3-150200.3.10.1 * libwebpdemux2-debuginfo-1.0.3-150200.3.10.1 * libwebp-debugsource-1.0.3-150200.3.10.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libwebp7-1.0.3-150200.3.10.1 * libwebpdecoder3-debuginfo-1.0.3-150200.3.10.1 * libwebpmux3-1.0.3-150200.3.10.1 * libwebpmux3-debuginfo-1.0.3-150200.3.10.1 * libwebpdemux2-1.0.3-150200.3.10.1 * libwebp7-debuginfo-1.0.3-150200.3.10.1 * libwebp-devel-1.0.3-150200.3.10.1 * libwebpdecoder3-1.0.3-150200.3.10.1 * libwebpdemux2-debuginfo-1.0.3-150200.3.10.1 * libwebp-debugsource-1.0.3-150200.3.10.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4863.html * https://bugzilla.suse.com/show_bug.cgi?id=1215231 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 16:30:06 -0000 Subject: SUSE-SU-2023:3653-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP4) Message-ID: <169505460630.11580.3457998939270556000@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:3653-1 Rating: important References: * #1211395 * #1213063 Cross-References: * CVE-2023-2156 * CVE-2023-35001 CVSS scores: * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_69 fixes several issues. The following security issues were fixed: * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3653=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3653=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_69-default-2-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_14-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_69-default-debuginfo-2-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_69-default-2-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_14-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_69-default-debuginfo-2-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://bugzilla.suse.com/show_bug.cgi?id=1211395 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 16:30:09 -0000 Subject: SUSE-SU-2023:3648-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP4) Message-ID: <169505460928.11580.2685647438493345252@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:3648-1 Rating: important References: * #1208839 * #1211187 * #1211395 * #1212849 * #1213063 Cross-References: * CVE-2023-1077 * CVE-2023-2156 * CVE-2023-3090 * CVE-2023-32233 * CVE-2023-35001 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_63 fixes several issues. The following security issues were fixed: * CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211187). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3648=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3648=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_12-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_63-default-debuginfo-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_63-default-5-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_12-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_63-default-debuginfo-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_63-default-5-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-32233.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1211187 * https://bugzilla.suse.com/show_bug.cgi?id=1211395 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 16:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 16:30:12 -0000 Subject: SUSE-SU-2023:3647-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP4) Message-ID: <169505461276.11580.12168668510824655609@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:3647-1 Rating: important References: * #1208839 * #1210630 * #1211187 * #1211395 * #1212849 * #1213063 Cross-References: * CVE-2023-1077 * CVE-2023-2156 * CVE-2023-2176 * CVE-2023-3090 * CVE-2023-32233 * CVE-2023-35001 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves six vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_60 fixes several issues. The following security issues were fixed: * CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211187). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210630). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3652=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-3647=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3647=1 SUSE-2023-3652=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_55-default-debuginfo-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_55-default-6-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_10-debugsource-6-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_11-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_60-default-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_60-default-debuginfo-5-150400.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_55-default-debuginfo-6-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_10-debugsource-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_55-default-6-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_11-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_60-default-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_60-default-debuginfo-5-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-32233.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1210630 * https://bugzilla.suse.com/show_bug.cgi?id=1211187 * https://bugzilla.suse.com/show_bug.cgi?id=1211395 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 16:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 16:30:16 -0000 Subject: SUSE-SU-2023:3644-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP4) Message-ID: <169505461638.11580.17403502512729205000@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:3644-1 Rating: important References: * #1208839 * #1210630 * #1211187 * #1211395 * #1212849 * #1213063 * #1213244 Cross-References: * CVE-2023-1077 * CVE-2023-2156 * CVE-2023-2176 * CVE-2023-3090 * CVE-2023-32233 * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_46 fixes several issues. The following security issues were fixed: * CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211187). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210630). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3646=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-3650=1 SUSE-SLE-Module-Live- Patching-15-SP4-2023-3651=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-3644=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-3642=1 SUSE-SLE-Module-Live- Patching-15-SP4-2023-3643=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-3645=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3650=1 SUSE-2023-3651=1 SUSE-2023-3644=1 SUSE-2023-3642=1 SUSE-2023-3643=1 SUSE-2023-3645=1 SUSE-2023-3646=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_4-debugsource-11-150400.2.2 * kernel-livepatch-5_14_21-150400_24_21-default-13-150400.2.2 * kernel-livepatch-5_14_21-150400_24_38-default-debuginfo-9-150400.2.2 * kernel-livepatch-5_14_21-150400_24_38-default-9-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_6-debugsource-9-150400.2.2 * kernel-livepatch-5_14_21-150400_24_28-default-11-150400.2.2 * kernel-livepatch-5_14_21-150400_24_18-default-debuginfo-14-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_3-debugsource-13-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_7-debugsource-8-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_5-debugsource-10-150400.2.2 * kernel-livepatch-5_14_21-150400_24_41-default-8-150400.2.2 * kernel-livepatch-5_14_21-150400_24_21-default-debuginfo-13-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_2-debugsource-14-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_8-debugsource-7-150400.2.2 * kernel-livepatch-5_14_21-150400_24_18-default-14-150400.2.2 * kernel-livepatch-5_14_21-150400_24_28-default-debuginfo-11-150400.2.2 * kernel-livepatch-5_14_21-150400_24_46-default-7-150400.2.2 * kernel-livepatch-5_14_21-150400_24_46-default-debuginfo-7-150400.2.2 * kernel-livepatch-5_14_21-150400_24_33-default-10-150400.2.2 * kernel-livepatch-5_14_21-150400_24_33-default-debuginfo-10-150400.2.2 * kernel-livepatch-5_14_21-150400_24_41-default-debuginfo-8-150400.2.2 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_4-debugsource-11-150400.2.2 * kernel-livepatch-5_14_21-150400_24_21-default-13-150400.2.2 * kernel-livepatch-5_14_21-150400_24_38-default-debuginfo-9-150400.2.2 * kernel-livepatch-5_14_21-150400_24_38-default-9-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_6-debugsource-9-150400.2.2 * kernel-livepatch-5_14_21-150400_24_28-default-11-150400.2.2 * kernel-livepatch-5_14_21-150400_24_18-default-debuginfo-14-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_3-debugsource-13-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_7-debugsource-8-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_5-debugsource-10-150400.2.2 * kernel-livepatch-5_14_21-150400_24_41-default-8-150400.2.2 * kernel-livepatch-5_14_21-150400_24_21-default-debuginfo-13-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_2-debugsource-14-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_8-debugsource-7-150400.2.2 * kernel-livepatch-5_14_21-150400_24_18-default-14-150400.2.2 * kernel-livepatch-5_14_21-150400_24_28-default-debuginfo-11-150400.2.2 * kernel-livepatch-5_14_21-150400_24_46-default-7-150400.2.2 * kernel-livepatch-5_14_21-150400_24_46-default-debuginfo-7-150400.2.2 * kernel-livepatch-5_14_21-150400_24_33-default-10-150400.2.2 * kernel-livepatch-5_14_21-150400_24_33-default-debuginfo-10-150400.2.2 * kernel-livepatch-5_14_21-150400_24_41-default-debuginfo-8-150400.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-32233.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1210630 * https://bugzilla.suse.com/show_bug.cgi?id=1211187 * https://bugzilla.suse.com/show_bug.cgi?id=1211395 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 16:30:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 16:30:42 -0000 Subject: SUSE-SU-2023:3656-1: important: Security update for the Linux Kernel Message-ID: <169505464231.11580.15099708746301867613@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3656-1 Rating: important References: * #1023051 * #1120059 * #1177719 * #1188885 * #1193629 * #1194869 * #1203329 * #1203330 * #1205462 * #1206453 * #1208902 * #1208949 * #1209284 * #1209799 * #1210048 * #1210448 * #1211220 * #1212091 * #1212142 * #1212423 * #1212526 * #1212857 * #1212873 * #1213026 * #1213123 * #1213546 * #1213580 * #1213601 * #1213666 * #1213733 * #1213757 * #1213759 * #1213916 * #1213921 * #1213927 * #1213946 * #1213949 * #1213968 * #1213970 * #1213971 * #1214000 * #1214019 * #1214073 * #1214120 * #1214149 * #1214180 * #1214233 * #1214238 * #1214285 * #1214297 * #1214299 * #1214305 * #1214350 * #1214368 * #1214370 * #1214371 * #1214372 * #1214380 * #1214386 * #1214392 * #1214393 * #1214397 * #1214404 * #1214428 * #1214451 * #1214659 * #1214661 * #1214727 * #1214729 * #1214742 * #1214743 * #1214756 * #1214760 * #1214976 * PED-3924 * PED-4579 * PED-4759 * PED-4927 * PED-4929 * PED-5738 * PED-6003 * PED-6004 Cross-References: * CVE-2022-38457 * CVE-2022-40133 * CVE-2023-2007 * CVE-2023-20588 * CVE-2023-34319 * CVE-2023-3610 * CVE-2023-37453 * CVE-2023-3772 * CVE-2023-3863 * CVE-2023-40283 * CVE-2023-4128 * CVE-2023-4133 * CVE-2023-4134 * CVE-2023-4147 * CVE-2023-4194 * CVE-2023-4273 * CVE-2023-4387 * CVE-2023-4459 * CVE-2023-4563 * CVE-2023-4569 CVSS scores: * CVE-2022-38457 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38457 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H * CVE-2022-40133 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-40133 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H * CVE-2023-2007 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2007 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20588 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34319 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-37453 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37453 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-40283 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-40283 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4133 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4134 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-4194 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4273 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4273 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-4387 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4387 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-4459 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4569 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-4569 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 20 vulnerabilities, contains eight features and has 54 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-38457: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203330). * CVE-2022-40133: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203329). * CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). * CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). * CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). * CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). * CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). * CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). * CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). * CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). * CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). * CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). * CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). * CVE-2023-4563: Fixed use-after-free in nft_verdict_dump due to a race between set GC and transaction (bsc#1214727). * CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). * CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). * CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). * CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). * CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). The following non-security bugs were fixed: * ACPI/IORT: Update SMMUv3 DeviceID support (bsc#1214305). * ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily (git- fixes). * ACPI: processor: perflib: Use the "no limit" frequency QoS (git-fixes). * ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table (git- fixes). * ALSA: ac97: Fix possible error value of *rac97 (git-fixes). * ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes). * ALSA: hda/realtek - Remodified 3k pull low procedure (git-fixes). * ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED (git- fixes). * ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx (git- fixes). * ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes). * ALSA: hda/realtek: Switch Dell Oasis models to use SPI (git-fixes). * ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (git-fixes). * ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces (git-fixes). * ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes). * ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (git- fixes). * ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings (git-fixes). * ARM: dts: imx6sll: fixup of operating points (git-fixes). * ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970). * ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (git-fixes). * ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ (git-fixes). * ASoC: lower "no backend DAIs enabled for ... Port" log severity (git-fixes). * ASoC: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). * ASoC: rt5665: add missed regulator_bulk_disable (git-fixes). * ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes). * ASoC: tegra: Fix SFC conversion for few rates (git-fixes). * Bluetooth: Fix potential use-after-free when clear keys (git-fixes). * Bluetooth: L2CAP: Fix use-after-free (git-fixes). * Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (git-fixes). * Bluetooth: Remove unused declaration amp_read_loc_info() (git-fixes). * Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (git-fixes). * Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (git- fixes). * Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git- fixes). * CONFIG_NVME_VERBOSE_ERRORS=y gone with a82baa8083b * CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 gone with 7e152d55123 * Created new preempt kernel flavor Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel. * Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes). * Documentation: devices.txt: Remove ttyIOC* (git-fixes). * Documentation: devices.txt: Remove ttySIOC* (git-fixes). * Drivers: hv: Do not remap addresses that are above shared_gpa_boundary (bsc#1206453). * Drivers: hv: Enable vmbus driver for nested root partition (bsc#1206453). * Drivers: hv: Explicitly request decrypted in vmap_pfn() calls (bsc#1206453). * Drivers: hv: Setup synic registers in case of nested root partition (bsc#1206453). * Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (bsc#1206453). * Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages (bsc#1206453). * Drivers: hv: vmbus: Remove second way of mapping ring buffers (bsc#1206453). * Drivers: hv: vmbus: Remove the per-CPU post_msg_page (bsc#1206453). * Drop cfg80211 lock fix patches that caused a regression (bsc#1213757) * Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) * Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759) * HID: add quirk for 03f0:464a HP Elite Presenter Mouse (git-fixes). * HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). * HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard (git-fixes). * HID: multitouch: Correct devm device reference for hidinput input_dev name (git-fixes). * HID: wacom: remove the battery when the EKR is off (git-fixes). * HWPOISON: offline support: fix spelling in Documentation/ABI/ (git-fixes). * IB/hfi1: Fix possible panic during hotplug remove (git-fixes) * IB/uverbs: Fix an potential error pointer dereference (git-fixes) * Input: exc3000 - properly stop timer on shutdown (git-fixes). * KVM: s390: fix sthyi error handling (git-fixes bsc#1214370). * Kbuild: add -Wno-shift-negative-value where -Wextra is used (bsc#1214756). * Kbuild: move to -std=gnu11 (bsc#1214756). * PCI/ASPM: Avoid link retraining race (git-fixes). * PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes). * PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() (git-fixes). * PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes). * PCI: acpiphp: Reassign resources on bridge if necessary (git-fixes). * PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). * PCI: hv: Enable PCI pass-thru devices in Confidential VMs (bsc#1206453). * PCI: hv: Replace retarget_msi_interrupt_params with (bsc#1206453). * PCI: meson: Remove cast between incompatible function type (git-fixes). * PCI: microchip: Correct the DED and SEC interrupt bit offsets (git-fixes). * PCI: microchip: Remove cast between incompatible function type (git-fixes). * PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes). * PCI: rockchip: Remove writes to unused registers (git-fixes). * PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (git-fixes). * PCI: tegra194: Fix possible array out of bounds access (git-fixes). * PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes). * RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes) * RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes) * RDMA/efa: Fix wrong resources deallocation order (git-fixes) * RDMA/hns: Fix CQ and QP cache affinity (git-fixes) * RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes) * RDMA/hns: Fix port active speed (git-fixes) * RDMA/irdma: Prevent zero-length STAG registration (git-fixes) * RDMA/irdma: Replace one-element array with flexible-array member (git-fixes) * RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes) * RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes) * RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes) * RDMA/siw: Correct wrong debug message (git-fixes) * RDMA/umem: Set iova in ODP flow (git-fixes) * README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer. * Revert "IB/isert: Fix incorrect release of isert connection" (git-fixes) * Revert "tracing: Add "(fault)" name injection to kernel probes" (git-fixes). * Update patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq- initi.patch (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * amba: bus: fix refcount leak (git-fixes). * arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux (git-fixes). * arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). * arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 (git-fixes). * audit: fix possible soft lockup in __audit_inode_child() (git-fixes). * backlight/bd6107: Compare against struct fb_info.device (git-fixes). * backlight/gpio_backlight: Compare against struct fb_info.device (git-fixes). * backlight/lv5207lp: Compare against struct fb_info.device (git-fixes). * batman-adv: Do not get eth header before batadv_check_management_packet (git-fixes). * batman-adv: Do not increase MTU when set by user (git-fixes). * batman-adv: Fix TT global entry leak when client roamed back (git-fixes). * batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes). * batman-adv: Hold rtnl lock during MTU update via netlink (git-fixes). * batman-adv: Trigger events for auto adjusted MTU (git-fixes). * bnx2x: fix page fault following EEH recovery (bsc#1214299). * bpf: Disable preemption in bpf_event_output (git-fixes). * bpftool: Print newline before '}' for struct with padding only fields (bsc#1211220 jsc#PED-3924). * bus: mhi: host: Skip MHI reset if device is in RDDM (git-fixes). * bus: ti-sysc: Fix build warning for 64-bit build (git-fixes). * bus: ti-sysc: Fix cast to enum warning (git-fixes). * bus: ti-sysc: Flush posted write on enable before reset (git-fixes). * can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (git-fixes). * ceph: defer stopping mdsc delayed_work (bsc#1214392). * ceph: do not check for quotas on MDS stray dirs (bsc#1214238). * ceph: never send metrics if disable_send_metrics is set (bsc#1214180). * check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does. * cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). * cifs: allow dumping keys for directories too (bsc#1193629). * cifs: fix mid leak during reconnection after timeout threshold (git-fixes). * cifs: if deferred close is disabled then close files immediately (git- fixes). * cifs: is_network_name_deleted should return a bool (bsc#1193629). * cifs: update internal module version number for cifs.ko (bsc#1193629). * clk: Fix slab-out-of-bounds error in devm_clk_release() (git-fixes). * clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). * clk: imx8mp: fix sai4 clock (git-fixes). * clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). * clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz (git- fixes). * clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). * clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). * clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src (git-fixes). * clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes). * clk: sunxi-ng: Modify mismatched function name (git-fixes). * clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970). * clocksource/drivers/hyper-v: Rework clocksource and sched clock setup (bsc#1206453). * clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970). * clocksource: hyper-v: Add TSC page support for root partition (bsc#1206453). * clocksource: hyper-v: Introduce TSC PFN getter (bsc#1206453). * clocksource: hyper-v: Introduce a pointer to TSC page (bsc#1206453). * clocksource: hyper-v: Use TSC PFN getter to map vvar page (bsc#1206453). * clocksource: hyper-v: make sure Invariant-TSC is used if it is (bsc#1206453). * cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpufreq: Fix the race condition while updating the transition_task of policy (git-fixes). * cpufreq: intel_pstate: Adjust balance_performance EPP for Sapphire Rapids (bsc#1214659). * cpufreq: intel_pstate: Enable HWP IO boost for all servers (bsc#1208949 jsc#PED-6003 jsc#PED-6004). * cpufreq: intel_pstate: Fix scaling for hybrid-capable systems with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * cpufreq: intel_pstate: Read all MSRs on the target CPU (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * cpufreq: intel_pstate: hybrid: Rework HWP calibration (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * crypto: caam - fix unchecked return value error (git-fixes). * crypto: stm32 - Properly handle pm_runtime_get failing (git-fixes). * define more Hyper-V related constants (bsc#1206453). * dma-buf/sw_sync: Avoid recursive lock during fence signal (git-fixes). * dma-buf/sync_file: Fix docs syntax (git-fixes). * dmaengine: idxd: Modify the dependence of attribute pasid_enabled (git- fixes). * dmaengine: mcf-edma: Fix a potential un-allocated memory access (git-fixes). * dmaengine: pl330: Return DMA_PAUSED when transaction is paused (git-fixes). * dmaengine: ste_dma40: Add missing IRQ check in d40_probe (git-fixes). * docs/process/howto: Replace C89 with C11 (bsc#1214756). * docs: kernel-parameters: Refer to the correct bitmap function (git-fixes). * docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). * docs: printk-formats: Fix hex printing of signed values (git-fixes). * driver core: test_async: fix an error code (git-fixes). * drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (git- fixes). * drivers: usb: smsusb: fix error handling code in smsusb_init_device (git- fixes). * drm/amd/display: Apply 60us prefetch for DCFCLK <= 300Mhz (git-fixes). * drm/amd/display: Disable phantom OTG after enable for plane disable (git- fixes). * drm/amd/display: Do not set drr on pipe commit (git-fixes). * drm/amd/display: Enable dcn314 DPP RCO (git-fixes). * drm/amd/display: Ensure that planes are in the same order (git-fixes). * drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV register (git-fixes). * drm/amd/display: Retain phantom plane/stream if validation fails (git- fixes). * drm/amd/display: Skip DPP DTO update if root clock is gated (git-fixes). * drm/amd/display: Use update plane and stream routine for DCN32x (git-fixes). * drm/amd/display: check TG is non-null before checking if enabled (git- fixes). * drm/amd/display: check attr flag before set cursor degamma on DCN3+ (git- fixes). * drm/amd/display: disable RCO for DCN314 (git-fixes). * drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). * drm/amd/display: fix access hdcp_workqueue assert (git-fixes). * drm/amd/display: fix the build when DRM_AMD_DC_DCN is not set (git-fixes). * drm/amd/display: limit DPIA link rate to HBR3 (git-fixes). * drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). * drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). * drm/amd/display: trigger timing sync only if TG is running (git-fixes). * drm/amd/pm/smu7: move variables to where they are used (git-fixes). * drm/amd/pm: avoid unintentional shutdown due to temperature momentary fluctuation (git-fixes). * drm/amd/pm: expose swctf threshold setting for legacy powerplay (git-fixes). * drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). * drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock settings (git-fixes). * drm/amd/pm: fulfill swsmu peak profiling mode shader/memory clock settings (git-fixes). * drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 (git- fixes). * drm/amd: Disable S/G for APUs when 64GB or more host memory (git-fixes). * drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). * drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7 (git-fixes). * drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (git-fixes). * drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes). * drm/amdgpu: Remove unnecessary domain argument (git-fixes). * drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes). * drm/amdgpu: add S/G display parameter (git-fixes). * drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git- fixes). * drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). * drm/amdgpu: fix calltrace warning in amddrm_buddy_fini (git-fixes). * drm/amdgpu: fix memory leak in mes self test (git-fixes). * drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() (git-fixes). * drm/amdgpu: install stub fence into potential unused fence pointers (git- fixes). * drm/amdgpu: keep irq count in amdgpu_irq_disable_all (git-fixes). * drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix (git-fixes). * drm/armada: Fix off-by-one error in armada_overlay_get_property() (git- fixes). * drm/ast: Fix DRAM init on AST2200 (git-fixes). * drm/atomic-helper: Update reference to drm_crtc_force_disable_all() (git- fixes). * drm/bridge: anx7625: Drop device lock before drm_helper_hpd_irq_event() (git-fixes). * drm/bridge: anx7625: Use common macros for DP power sequencing commands (git-fixes). * drm/bridge: anx7625: Use common macros for HDCP capabilities (git-fixes). * drm/bridge: fix -Wunused-const-variable= warning (git-fixes). * drm/bridge: tc358764: Fix debug print parameter order (git-fixes). * drm/etnaviv: fix dumping of active MMU context (git-fixes). * drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers (git- fixes). * drm/i915/sdvo: fix panel_type initialization (git-fixes). * drm/i915: Fix premature release of request's reusable memory (git-fixes). * drm/mediatek: Fix dereference before null check (git-fixes). * drm/mediatek: Fix potential memory leak if vmap() fail (git-fixes). * drm/mediatek: Remove freeing not dynamic allocated memory (git-fixes). * drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes). * drm/msm/dpu: fix the irq index in dpu_encoder_phys_wb_wait_for_commit_done (git-fixes). * drm/msm/mdp5: Do not leak some plane state (git-fixes). * drm/msm: Update dev core dump to not print backwards (git-fixes). * drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable() (git-fixes). * drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (git-fixes). * drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create (bsc#1214073). * drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). * drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues (git-fixes). * drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 (git-fixes). * drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs (git-fixes). * drm/qxl: fix UAF on handle creation (git-fixes). * drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes). * drm/repaper: Reduce temporary buffer size in repaper_fb_dirty() (git-fixes). * drm/rockchip: Do not spam logs in atomic check (git-fixes). * drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap() (git- fixes). * drm/stm: ltdc: fix late dereference check (git-fixes). * drm/tegra: dpaux: Fix incorrect return value of platform_get_irq (git- fixes). * drm/ttm: check null pointer before accessing when swapping (git-fixes). * drm/ttm: never consider pinned BOs for eviction&swap (git-fixes). * drm/vmwgfx: Fix shader stage validation (git-fixes). * drm: adv7511: Fix low refresh rate register for ADV7533/5 (git-fixes). * drm: rcar-du: remove R-Car H3 ES1.* workarounds (git-fixes). * drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask (git-fixes). * dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). * dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). * dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). * e1000: Fix typos in comments (jsc#PED-5738). * e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738). * e1000: switch to napi_build_skb() (jsc#PED-5738). * e1000: switch to napi_consume_skb() (jsc#PED-5738). * enable TPM in azure (bsc#1214760) * exfat: fix unexpected EOF while reading dir (bsc#1214000). * exfat: release s_lock before calling dir_emit() (bsc#1214000). * exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). * fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (git-fixes). * fbdev: Fix sys_imageblit() for arbitrary image widths (git-fixes). * fbdev: Improve performance of sys_imageblit() (git-fixes). * fbdev: Update fbdev source file paths (git-fixes). * fbdev: fix potential OOB read in fast_imageblit() (git-fixes). * fbdev: mmp: fix value check in mmphw_probe() (git-fixes). * file: reinstate f_pos locking optimization for regular files (bsc#1213759). * firmware: arm_scmi: Drop OF node reference in the transport channel setup (git-fixes). * firmware: cs_dsp: Fix new control name check (git-fixes). * firmware: meson_sm: fix to avoid potential NULL pointer dereference (git- fixes). * firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). * fprobe: Release rethook after the ftrace_ops is unregistered (git-fixes). * fprobe: add unlock to match a succeeded ftrace_test_recursion_trylock (git- fixes). * fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes). * fsi: aspeed: Reset master errors after CFAM reset (git-fixes). * fsi: master-ast-cf: Add MODULE_FIRMWARE macro (git-fixes). * ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). * gpio: mvebu: Make use of devm_pwmchip_add (git-fixes). * gpio: mvebu: fix irq domain leak (git-fixes). * gpio: tps68470: Make tps68470_gpio_output() always set the initial value (git-fixes). * hv_netvsc: Remove second mapping of send and recv buffers (bsc#1206453). * hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100 (git- fixes). * hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() (git-fixes). * hwrng: iproc-rng200 - Implement suspend and resume calls (git-fixes). * hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). * hwrng: pic32 - use devm_clk_get_enabled (git-fixes). * i2c: Delete error messages for failed memory allocations (git-fixes). * i2c: Improve size determinations (git-fixes). * i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue (git-fixes). * i2c: designware: Correct length byte validation logic (git-fixes). * i2c: designware: Handle invalid SMBus block data response length value (git- fixes). * i2c: hisi: Only handle the interrupt of the driver's transfer (git-fixes). * i2c: nomadik: Remove a useless call in the remove function (git-fixes). * i2c: nomadik: Remove unnecessary goto label (git-fixes). * i2c: nomadik: Use devm_clk_get_enabled() (git-fixes). * i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). * iavf: fix potential races for FDIR filters (git-fixes). * ice: Fix RDMA VSI removal during queue rebuild (git-fixes). * ice: Fix crash by keep old cfg when update TCs more than queues (git-fixes). * ice: Fix max_rate check while configuring TX rate limits (git-fixes). * ice: Fix memory management in ice_ethtool_fdir.c (git-fixes). * iio: adc: ina2xx: avoid NULL pointer dereference on OF device match (git- fixes). * iio: adc: stx104: Implement and utilize register structures (git-fixes). * iio: adc: stx104: Utilize iomap interface (git-fixes). * iio: cros_ec: Fix the allocation size for cros_ec_command (git-fixes). * intel/e1000:fix repeated words in comments (jsc#PED-5738). * intel: remove unused macros (jsc#PED-5738). * iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd: Add PCI segment support for ivrs_ commands (git-fixes). * iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). * iommu/amd: Do not identity map v2 capable device when snp is enabled (git- fixes). * iommu/amd: Fix compile warning in init code (git-fixes). * iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). * iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes). * iommu/amd: Fix pci device refcount leak in ppr_notifier() (git-fixes). * iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). * iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (git-fixes). * iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). * iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). * iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git- fixes). * iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes). * iommu/dma: Fix incorrect error return on iommu deferred attach (git-fixes). * iommu/dma: Fix iova map result check bug (git-fixes). * iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). * iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (git-fixes). * iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit (git- fixes). * iommu/iova: Fix module config properly (git-fixes). * iommu/mediatek: Add error path for loop of mm_dts_parse (git-fixes). * iommu/mediatek: Add platform_device_put for recovering the device refcnt (git-fixes). * iommu/mediatek: Check return value after calling platform_get_resource() (git-fixes). * iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN (git-fixes). * iommu/mediatek: Use component_match_add (git-fixes). * iommu/mediatek: Validate number of phandles associated with "mediatek,larbs" (git-fixes). * iommu/omap: Fix buffer overflow in debugfs (git-fixes). * iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). * iommu/s390: Fix duplicate domain attachments (git-fixes). * iommu/sun50i: Consider all fault sources for reset (git-fixes). * iommu/sun50i: Fix R/W permission check (git-fixes). * iommu/sun50i: Fix flush size (git-fixes). * iommu/sun50i: Fix reset release (git-fixes). * iommu/sun50i: Implement .iotlb_sync_map (git-fixes). * iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes). * iommu/vt-d: Add RPLS to quirk list to skip TE disabling (git-fixes). * iommu/vt-d: Check correct capability for sagaw determination (git-fixes). * iommu/vt-d: Clean up si_domain in the init_dmars() error path (git-fixes). * iommu/vt-d: Correctly calculate sagaw value of IOMMU (git-fixes). * iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (git- fixes). * iommu/vt-d: Fix PCI device refcount leak in has_external_pci() (git-fixes). * iommu/vt-d: Fix kdump kernels boot failure with scalable mode (git-fixes). * iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (git- fixes). * iommu/vt-d: Set SRE bit only when hardware has SRS cap (git-fixes). * ipmi:ssif: Add check for kstrdup (git-fixes). * ipmi:ssif: Fix a memory leak when scanning for an adapter (git-fixes). * ipmi_si: fix a memleak in try_smi_init() (git-fixes). * jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). * kabi/severities: Ignore newly added SRSO mitigation functions * kabi: Allow extra bugsints (bsc#1213927). * kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. * kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12. * kunit: make kunit_test_timeout compatible with comment (git-fixes). * leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always false (git- fixes). * leds: multicolor: Use rounded division when calculating color components (git-fixes). * leds: pwm: Fix error code in led_pwm_create_fwnode() (git-fixes). * leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead (git-fixes). * leds: turris-omnia: Drop unnecessary mutex locking (git-fixes). * lib/test_meminit: allocate pages up to order MAX_ORDER (git-fixes). * lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). * libbpf: Fix BTF-to-C converter's padding logic (bsc#1211220 jsc#PED-3924). * libbpf: Fix btf_dump's packed struct determination (bsc#1211220 jsc#PED-3924). * libbpf: Fix single-line struct definition output in btf_dump (bsc#1211220 jsc#PED-3924). * libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). * md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916). * md/raid0: Fix performance regression for large sequential writes (bsc#1213916). * media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). * media: cx24120: Add retval check for cx24120_message_send() (git-fixes). * media: dib7000p: Fix potential division by zero (git-fixes). * media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (git- fixes). * media: go7007: Remove redundant if statement (git-fixes). * media: i2c: ccs: Check rules is non-NULL (git-fixes). * media: i2c: rdacm21: Fix uninitialized value (git-fixes). * media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). * media: ov2680: Add ov2680_fill_format() helper function (git-fixes). * media: ov2680: Do not take the lock for try_fmt calls (git-fixes). * media: ov2680: Fix ov2680_bayer_order() (git-fixes). * media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not working (git-fixes). * media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors (git-fixes). * media: ov2680: Fix vflip / hflip set functions (git-fixes). * media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes). * media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() (git-fixes). * media: rkvdec: increase max supported height for H.264 (git-fixes). * media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). * media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). * media: venus: hfi_venus: Only consider sys_idle_indicator on V1 (git-fixes). * media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts (git-fixes). * misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes). * mkspec: Allow unsupported KMPs (bsc#1214386) * mlxsw: pci: Add shutdown method in PCI driver (git-fixes). * mmc: block: Fix in_flight[issue_type] value error (git-fixes). * mmc: moxart: read scr register without changing byte order (git-fixes). * mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). * module: avoid allocation if module is already present and ready (bsc#1213921). * module: extract patient module check into helper (bsc#1213921). * module: move check_modinfo() early to early_mod_check() (bsc#1213921). * module: move early sanity checks into a helper (bsc#1213921). * mtd: rawnand: brcmnand: Fix crash during the panic_write (git-fixes). * mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes). * mtd: rawnand: brcmnand: Fix potential false time out warning (git-fixes). * mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write (git-fixes). * mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() (git-fixes). * mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git- fixes). * mtd: rawnand: omap_elm: Fix incorrect type in assignment (git-fixes). * mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts (git-fixes). * mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). * mtd: spi-nor: Check bus width while setting QE bit (git-fixes). * mtd: spinand: toshiba: Fix ecc_get_status (git-fixes). * n_tty: Rename tail to old_tail in n_tty_read() (git-fixes). * net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). * net: ieee802154: at86rf230: Stop leaking skb's (git-fixes). * net: mana: Fix MANA VF unload when hardware is unresponsive (git-fixes). * net: phy: at803x: remove set/get wol callbacks for AR8032 (git-fixes). * net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). * net: phy: fix IRQ-based wake-on-lan over hibernate / power off (git-fixes). * net: stmmac: tegra: Properly allocate clock bulk data (bsc#1213733) * net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (git-fixes). * net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (git-fixes). * netfs: Fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). * netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946 bsc#1214404). * netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946). * netfs: fix parameter of cleanup() (bsc#1214743). * nfsd: Remove incorrect check in nfsd4_validate_stateid (git-fixes). * nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (git- fixes). * nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git- fixes). * nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). * nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). * objtool/x86: Fix SRSO mess (git-fixes). * objtool/x86: Fixup frame-pointer vs rethunk (git-fixes). * objtool: Union instruction::{call_dest,jump_table} (git-fixes). * old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported. * pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() (git-fixes). * phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git- fixes). * phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git- fixes). * phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). * phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). * phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). * phy: qcom-snps: Use dev_err_probe() to simplify code (git-fixes). * phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). * pinctrl: amd: Mask wake bits on probe again (git-fixes). * pinctrl: amd: Revert "pinctrl: amd: disable and mask interrupts on probe" (git-fixes). * pinctrl: cherryview: fix address_space_handler() argument (git-fixes). * pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). * pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). * platform/x86: dell-sysman: Fix reference leak (git-fixes). * powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106). * powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case (bsc#1212091 ltc#199106). * powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device (bsc#1212091 ltc#199106). * powerpc/iommu: TCEs are incorrectly manipulated with DLPAR add/remove of memory (bsc#1212091 ltc#199106). * powerpc/iommu: do not set failed sg dma_address to DMA_MAPPING_ERROR (bsc#1212091 ltc#199106). * powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). * powerpc/kernel/iommu: Add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). * powerpc/kexec: Fix build failure from uninitialised variable (bsc#1212091 ltc#199106). * powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes). * powerpc/pseries/ddw: Do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). * powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Add of_node_put() before break (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Allow DDW windows starting at 0x00 (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Check if the default window in use before removing it (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is present (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Find existing DDW with given property name (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Make use of DDW for indirect mapping (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Rename "direct window" to "dma window" (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Replace hard-coded page shift (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091 ltc#199106). * powerpc/pseries: Add __init attribute to eligible functions (bsc#1212091 ltc#199106). * powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc/rtas: block error injection when locked down (bsc#1023051). * powerpc/rtas: enture rtas_call is called with MMU enabled (bsc#1023051). * powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). * powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). * powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 (bsc#1188885 ltc#193722 git-fixes). * powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files. * powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503). * powerpc: fix typos in comments (bsc#1212091 ltc#199106). * pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). * pstore/ram: Check start of empty przs during init (git-fixes). * pwm: Add a stub for devm_pwmchip_add() (git-fixes). * pwm: meson: Simplify duplicated per-channel tracking (git-fixes). * pwm: meson: fix handling of period/duty if greater than UINT_MAX (git- fixes). * qed: Fix scheduling in a tasklet while getting stats (git-fixes). * regmap: rbtree: Use alloc_flags for memory allocations (git-fixes). * ring-buffer: Do not swap cpu_buffer during resize process (git-fixes). * ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes). * ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes). * rpm/mkspec-dtb: support for nested subdirs * rpmsg: glink: Add check for kstrdup (git-fixes). * s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976). * s390/purgatory: disable branch profiling (git-fixes bsc#1214372). * s390/zcrypt: fix reply buffer calculations for CCA replies (bsc#1213949). * sched/fair: Fix inaccurate tally of ttwu_move_affine (git fixes). * sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes). * sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799). * scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). * scsi: 53c700: Check that command slot is not NULL (git-fixes). * scsi: RDMA/srp: Fix residual handling (git-fixes) * scsi: bsg: Increase number of devices (bsc#1210048). * scsi: core: Do not wait for quiesce in scsi_device_block() (bsc#1209284). * scsi: core: Do not wait for quiesce in scsi_stop_queue() (bsc#1209284). * scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). * scsi: core: Fix possible memory leak if device_add() fails (git-fixes). * scsi: core: Improve warning message in scsi_device_block() (bsc#1209284). * scsi: core: Merge scsi_internal_device_block() and device_block() (bsc#1209284). * scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). * scsi: qedf: Fix NULL dereference in error handling (git-fixes). * scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). * scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). * scsi: scsi_debug: Remove dead code (git-fixes). * scsi: sg: Increase number of devices (bsc#1210048). * scsi: snic: Fix double free in snic_tgt_create() (git-fixes). * scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). * scsi: storvsc: Always set no_report_opcodes (git-fixes). * scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes). * scsi: storvsc: Handle SRB status value 0x30 (git-fixes). * scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (git- fixes). * scsi: zfcp: Defer fc_rport blocking until after ADISC response (git-fixes bsc#1214371). * selftests/bpf: Test btf dump for struct with padding only fields (bsc#1211220 jsc#PED-3924). * selftests/futex: Order calls to futex_lock_pi (git-fixes). * selftests/harness: Actually report SKIP for signal tests (git-fixes). * selftests/resctrl: Close perf value read fd on errors (git-fixes). * selftests/resctrl: Do not leak buffer in fill_cache() (git-fixes). * selftests/resctrl: Unmount resctrl FS if child fails to run benchmark (git- fixes). * selftests/rseq: check if libc rseq support is registered (git-fixes). * selftests: forwarding: Add a helper to skip test when using veth pairs (git- fixes). * selftests: forwarding: Skip test when no interfaces are specified (git- fixes). * selftests: forwarding: Switch off timeout (git-fixes). * selftests: forwarding: ethtool: Skip when using veth pairs (git-fixes). * selftests: forwarding: ethtool_extended_state: Skip when using veth pairs (git-fixes). * selftests: forwarding: tc_actions: Use ncat instead of nc (git-fixes). * selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). * selftests: forwarding: tc_flower: Relax success criterion (git-fixes). * selftests: mirror_gre_changes: Tighten up the TTL test match (git-fixes). * serial: sc16is7xx: fix broken port 0 uart init (git-fixes). * serial: sc16is7xx: fix bug when first setting GPIO direction (git-fixes). * serial: sprd: Assign sprd_port after initialized to avoid wrong access (git- fixes). * serial: sprd: Fix DMA buffer leak issue (git-fixes). * serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). * sfc: fix crash when reading stats while NIC is resetting (git-fixes). * smb3: Do not send lease break acknowledgment if all file handles have been closed (git-fixes). * smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request (bsc#1193629). * smb: client: Fix -Wstringop-overflow issues (bsc#1193629). * smb: client: fix dfs link mount against w2k8 (bsc#1212142). * smb: client: fix null auth (git-fixes). * soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes). * soundwire: bus: pm_runtime_request_resume on peripheral attachment (git- fixes). * soundwire: fix enumeration completion (git-fixes). * spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). * supported.conf: fix typos for -!optional markers * swiotlb: Remove bounce buffer remapping for Hyper-V (bsc#1206453). * target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). * target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). * target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). * target_core_rbd: remove snapshot existence validation code (bsc#1212857). * thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). * timers: Add shutdown mechanism to the internal functions (bsc#1213970). * timers: Provide timer_shutdown_sync (bsc#1213970). * timers: Rename del_timer() to timer_delete() (bsc#1213970). * timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970). * timers: Replace BUG_ON()s (bsc#1213970). * timers: Silently ignore timers with a NULL function (bsc#1213970). * timers: Split [try_to_]del_timer_sync to prepare for shutdown mode (bsc#1213970). * timers: Update kernel-doc for various functions (bsc#1213970). * timers: Use del_timer_sync() even on UP (bsc#1213970). * tracing/histograms: Add histograms to hist_vars if they have referenced variables (git-fixes). * tracing/histograms: Return an error if we fail to add histogram to hist_vars list (git-fixes). * tracing/probes: Fix not to count error code to total length (git-fixes). * tracing/probes: Fix to avoid double count of the string length on the array (git-fixes). * tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). * tracing/probes: Fix to update dynamic data counter if fetcharg uses it (git- fixes). * tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git- fixes). * tracing: Fix memleak due to race between current_tracer and trace (git- fixes). * tracing: Fix memory leak of iter->temp when reading trace_pipe (git-fixes). * tracing: Fix null pointer dereference in tracing_err_log_open() (git-fixes). * tracing: Fix warning in trace_buffered_event_disable() (git-fixes). * tty: fix hang on tty device with no_room set (git-fixes). * tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (git- fixes). * tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes). * tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms (git-fixes). * tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). * tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A (git-fixes). * ubifs: Fix memleak when insert_old_idx() failed (git-fixes). * usb-storage: alauda: Fix uninit-value in alauda_check_media() (git-fixes). * usb: chipidea: imx: add missing USB PHY DPDM wakeup setting (git-fixes). * usb: chipidea: imx: do not request QoS for imx8ulp (git-fixes). * usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git- fixes). * usb: common: usb-conn-gpio: Prevent bailing out if initial role is none (git-fixes). * usb: dwc3: Fix typos in gadget.c (git-fixes). * usb: dwc3: Properly handle processing of pending events (git-fixes). * usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git- fixes). * usb: gadget: Fix the memory leak in raw_gadget driver (git-fixes). * usb: gadget: f_mass_storage: Fix unused variable warning (git-fixes). * usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push (git- fixes). * usb: ohci-at91: Fix the unhandle interrupt when resume (git-fixes). * usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git- fixes). * usb: quirks: add quirk for Focusrite Scarlett (git-fixes). * usb: serial: option: add Quectel EC200A module support (git-fixes). * usb: serial: option: support Quectel EM060K_128 (git-fixes). * usb: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes). * usb: serial: simple: sort driver entries (git-fixes). * usb: typec: altmodes/displayport: Signal hpd when configuring pin assignment (git-fixes). * usb: typec: tcpm: Fix response to vsafe0V event (git-fixes). * usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). * usb: zaurus: Add ID for A-300/B-500/C-700 (git-fixes). * watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) (git- fixes). * wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes). * wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes). * wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git- fixes). * wifi: ath9k: protect WMI command response buffer replacement with a lock (git-fixes). * wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes). * wifi: cfg80211: Fix return value in scan logic (git-fixes). * wifi: cfg80211: fix sband iftype data lookup for AP_VLAN (git-fixes). * wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) (git-fixes). * wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). * wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). * wifi: mt76: mt7921: fix non-PSC channel scan fail (git-fixes). * wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH (git-fixes). * wifi: mwifiex: Fix OOB and integer underflow when rx packets (git-fixes). * wifi: mwifiex: Fix missed return in oob checks failed path (git-fixes). * wifi: mwifiex: avoid possible NULL skb pointer dereference (git-fixes). * wifi: mwifiex: fix error recovery in PCIE buffer descriptor management (git- fixes). * wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). * wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute (git-fixes). * wifi: radiotap: fix kernel-doc notation warnings (git-fixes). * wifi: rtw89: debug: Fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). * x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes). * x86/alternative: Make custom return thunk unconditional (git-fixes). * x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). * x86/cpu: Clean up SRSO return thunk mess (git-fixes). * x86/cpu: Cleanup the untrain mess (git-fixes). * x86/cpu: Fix __x86_return_thunk symbol type (git-fixes). * x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). * x86/cpu: Rename original retbleed methods (git-fixes). * x86/cpu: Rename srso_(.*) _alias to srso_alias_ \1 (git-fixes). * x86/hyperv: Add an interface to do nested hypercalls (bsc#1206453). * x86/hyperv: Add support for detecting nested hypervisor (bsc#1206453). * x86/hyperv: Change vTOM handling to use standard coco mechanisms (bsc#1206453). * x86/hyperv: Remove BUG_ON() for kmap_local_page() (bsc#1206453). * x86/hyperv: Reorder code to facilitate future work (bsc#1206453). * x86/hyperv: Replace kmap() with kmap_local_page() (bsc#1206453). * x86/ioremap: Add hypervisor callback for private MMIO mapping in coco (bsc#1206453). * x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes). * x86/mm: Handle decryption/re-encryption of bss_decrypted consistently (bsc#1206453). * x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes). * x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes). * x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). * x86/speculation: Add cpu_show_gds() prototype (git-fixes). * x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). * x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). * x86/srso: Disable the mitigation on unaffected configurations (git-fixes). * x86/srso: Explain the untraining sequences a bit more (git-fixes). * x86/srso: Fix build breakage with the LLVM linker (git-fixes). * x86/srso: Fix return thunks in generated code (git-fixes). * x86/static_call: Fix __static_call_fixup() (git-fixes). * x86/tdx: Add more registers to struct tdx_hypercall_args (bsc#1206453). * x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (bsc#1206453). * x86/tdx: Expand __tdx_hypercall() to handle more arguments (bsc#1206453). * x86/tdx: Fix typo in comment in __tdx_hypercall() (bsc#1206453). * x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (bsc#1206453). * xfs: fix sb write verify for lazysbcount (bsc#1214661). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3656=1 openSUSE-SLE-15.5-2023-3656=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3656=1 ## Package List: * openSUSE Leap 15.5 (aarch64 x86_64) * kernel-azure-debugsource-5.14.21-150500.33.17.1 * kernel-azure-livepatch-devel-5.14.21-150500.33.17.1 * gfs2-kmp-azure-5.14.21-150500.33.17.1 * kernel-azure-debuginfo-5.14.21-150500.33.17.1 * kernel-azure-optional-5.14.21-150500.33.17.1 * cluster-md-kmp-azure-5.14.21-150500.33.17.1 * dlm-kmp-azure-5.14.21-150500.33.17.1 * kernel-azure-devel-5.14.21-150500.33.17.1 * kernel-azure-extra-debuginfo-5.14.21-150500.33.17.1 * kernel-azure-extra-5.14.21-150500.33.17.1 * kselftests-kmp-azure-5.14.21-150500.33.17.1 * kernel-azure-optional-debuginfo-5.14.21-150500.33.17.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150500.33.17.1 * ocfs2-kmp-azure-5.14.21-150500.33.17.1 * kernel-syms-azure-5.14.21-150500.33.17.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.17.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150500.33.17.1 * dlm-kmp-azure-debuginfo-5.14.21-150500.33.17.1 * reiserfs-kmp-azure-5.14.21-150500.33.17.1 * kselftests-kmp-azure-debuginfo-5.14.21-150500.33.17.1 * gfs2-kmp-azure-debuginfo-5.14.21-150500.33.17.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150500.33.17.1 * openSUSE Leap 15.5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.17.1 * openSUSE Leap 15.5 (x86_64) * kernel-azure-vdso-5.14.21-150500.33.17.1 * kernel-azure-vdso-debuginfo-5.14.21-150500.33.17.1 * openSUSE Leap 15.5 (noarch) * kernel-source-azure-5.14.21-150500.33.17.1 * kernel-devel-azure-5.14.21-150500.33.17.1 * Public Cloud Module 15-SP5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.17.1 * Public Cloud Module 15-SP5 (aarch64 x86_64) * kernel-azure-debugsource-5.14.21-150500.33.17.1 * kernel-syms-azure-5.14.21-150500.33.17.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.17.1 * kernel-azure-debuginfo-5.14.21-150500.33.17.1 * kernel-azure-devel-5.14.21-150500.33.17.1 * Public Cloud Module 15-SP5 (noarch) * kernel-source-azure-5.14.21-150500.33.17.1 * kernel-devel-azure-5.14.21-150500.33.17.1 ## References: * https://www.suse.com/security/cve/CVE-2022-38457.html * https://www.suse.com/security/cve/CVE-2022-40133.html * https://www.suse.com/security/cve/CVE-2023-2007.html * https://www.suse.com/security/cve/CVE-2023-20588.html * https://www.suse.com/security/cve/CVE-2023-34319.html * https://www.suse.com/security/cve/CVE-2023-3610.html * https://www.suse.com/security/cve/CVE-2023-37453.html * https://www.suse.com/security/cve/CVE-2023-3772.html * https://www.suse.com/security/cve/CVE-2023-3863.html * https://www.suse.com/security/cve/CVE-2023-40283.html * https://www.suse.com/security/cve/CVE-2023-4128.html * https://www.suse.com/security/cve/CVE-2023-4133.html * https://www.suse.com/security/cve/CVE-2023-4134.html * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4194.html * https://www.suse.com/security/cve/CVE-2023-4273.html * https://www.suse.com/security/cve/CVE-2023-4387.html * https://www.suse.com/security/cve/CVE-2023-4459.html * https://www.suse.com/security/cve/CVE-2023-4563.html * https://www.suse.com/security/cve/CVE-2023-4569.html * https://bugzilla.suse.com/show_bug.cgi?id=1023051 * https://bugzilla.suse.com/show_bug.cgi?id=1120059 * https://bugzilla.suse.com/show_bug.cgi?id=1177719 * https://bugzilla.suse.com/show_bug.cgi?id=1188885 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1203329 * https://bugzilla.suse.com/show_bug.cgi?id=1203330 * https://bugzilla.suse.com/show_bug.cgi?id=1205462 * https://bugzilla.suse.com/show_bug.cgi?id=1206453 * https://bugzilla.suse.com/show_bug.cgi?id=1208902 * https://bugzilla.suse.com/show_bug.cgi?id=1208949 * https://bugzilla.suse.com/show_bug.cgi?id=1209284 * https://bugzilla.suse.com/show_bug.cgi?id=1209799 * https://bugzilla.suse.com/show_bug.cgi?id=1210048 * https://bugzilla.suse.com/show_bug.cgi?id=1210448 * https://bugzilla.suse.com/show_bug.cgi?id=1211220 * https://bugzilla.suse.com/show_bug.cgi?id=1212091 * https://bugzilla.suse.com/show_bug.cgi?id=1212142 * https://bugzilla.suse.com/show_bug.cgi?id=1212423 * https://bugzilla.suse.com/show_bug.cgi?id=1212526 * https://bugzilla.suse.com/show_bug.cgi?id=1212857 * https://bugzilla.suse.com/show_bug.cgi?id=1212873 * https://bugzilla.suse.com/show_bug.cgi?id=1213026 * https://bugzilla.suse.com/show_bug.cgi?id=1213123 * https://bugzilla.suse.com/show_bug.cgi?id=1213546 * https://bugzilla.suse.com/show_bug.cgi?id=1213580 * https://bugzilla.suse.com/show_bug.cgi?id=1213601 * https://bugzilla.suse.com/show_bug.cgi?id=1213666 * https://bugzilla.suse.com/show_bug.cgi?id=1213733 * https://bugzilla.suse.com/show_bug.cgi?id=1213757 * https://bugzilla.suse.com/show_bug.cgi?id=1213759 * https://bugzilla.suse.com/show_bug.cgi?id=1213916 * https://bugzilla.suse.com/show_bug.cgi?id=1213921 * https://bugzilla.suse.com/show_bug.cgi?id=1213927 * https://bugzilla.suse.com/show_bug.cgi?id=1213946 * https://bugzilla.suse.com/show_bug.cgi?id=1213949 * https://bugzilla.suse.com/show_bug.cgi?id=1213968 * https://bugzilla.suse.com/show_bug.cgi?id=1213970 * https://bugzilla.suse.com/show_bug.cgi?id=1213971 * https://bugzilla.suse.com/show_bug.cgi?id=1214000 * https://bugzilla.suse.com/show_bug.cgi?id=1214019 * https://bugzilla.suse.com/show_bug.cgi?id=1214073 * https://bugzilla.suse.com/show_bug.cgi?id=1214120 * https://bugzilla.suse.com/show_bug.cgi?id=1214149 * https://bugzilla.suse.com/show_bug.cgi?id=1214180 * https://bugzilla.suse.com/show_bug.cgi?id=1214233 * https://bugzilla.suse.com/show_bug.cgi?id=1214238 * https://bugzilla.suse.com/show_bug.cgi?id=1214285 * https://bugzilla.suse.com/show_bug.cgi?id=1214297 * https://bugzilla.suse.com/show_bug.cgi?id=1214299 * https://bugzilla.suse.com/show_bug.cgi?id=1214305 * https://bugzilla.suse.com/show_bug.cgi?id=1214350 * https://bugzilla.suse.com/show_bug.cgi?id=1214368 * https://bugzilla.suse.com/show_bug.cgi?id=1214370 * https://bugzilla.suse.com/show_bug.cgi?id=1214371 * https://bugzilla.suse.com/show_bug.cgi?id=1214372 * https://bugzilla.suse.com/show_bug.cgi?id=1214380 * https://bugzilla.suse.com/show_bug.cgi?id=1214386 * https://bugzilla.suse.com/show_bug.cgi?id=1214392 * https://bugzilla.suse.com/show_bug.cgi?id=1214393 * https://bugzilla.suse.com/show_bug.cgi?id=1214397 * https://bugzilla.suse.com/show_bug.cgi?id=1214404 * https://bugzilla.suse.com/show_bug.cgi?id=1214428 * https://bugzilla.suse.com/show_bug.cgi?id=1214451 * https://bugzilla.suse.com/show_bug.cgi?id=1214659 * https://bugzilla.suse.com/show_bug.cgi?id=1214661 * https://bugzilla.suse.com/show_bug.cgi?id=1214727 * https://bugzilla.suse.com/show_bug.cgi?id=1214729 * https://bugzilla.suse.com/show_bug.cgi?id=1214742 * https://bugzilla.suse.com/show_bug.cgi?id=1214743 * https://bugzilla.suse.com/show_bug.cgi?id=1214756 * https://bugzilla.suse.com/show_bug.cgi?id=1214760 * https://bugzilla.suse.com/show_bug.cgi?id=1214976 * https://jira.suse.com/browse/PED-3924 * https://jira.suse.com/browse/PED-4579 * https://jira.suse.com/browse/PED-4759 * https://jira.suse.com/browse/PED-4927 * https://jira.suse.com/browse/PED-4929 * https://jira.suse.com/browse/PED-5738 * https://jira.suse.com/browse/PED-6003 * https://jira.suse.com/browse/PED-6004 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 16:30:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 16:30:44 -0000 Subject: SUSE-RU-2023:3655-1: moderate: Recommended update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestf Message-ID: <169505464496.11580.7027654423376785457@smelt2.suse.de> # Recommended update for kubevirt, virt-api-container, virt-controller- container, virt-exportproxy-container, virt-exportserver-container, virt- handler-container, virt-launcher-container, virt-libguestf Announcement ID: SUSE-RU-2023:3655-1 Rating: moderate References: Affected Products: * Containers Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that can now be installed. ## Description: This update for kubevirt, virt-api-container, virt-controller-container, virt- exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator- container, virt-pr-helper-container fixes the following issues: kubevirt was updated to fix: * Fix leaking file descriptor * Fix volume detach on hotplug attachment pod delete * Fix leaking tickers * Run helper pod as qemu user * SCSI reservation: fix leftover mount and resource permissions * Bump client-go (fix possible panic in discovery) * Wait for new hotplug attachment pod to be ready * Adapt the storage tests to the new populators flow * Create export VM datavolumes compatible with populators * Delete VMI prior to NFS server pod in tests * Use compat cmdline options for virtiofsd * Update to version 1.0.0 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.0.0 * Switch to qemu user (107) * Initial container for qemu-pr-helper ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3655=1 openSUSE-SLE-15.5-2023-3655=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-3655=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * kubevirt-tests-debuginfo-1.0.0-150500.8.3.1 * kubevirt-virt-exportserver-1.0.0-150500.8.3.1 * kubevirt-virt-operator-debuginfo-1.0.0-150500.8.3.1 * obs-service-kubevirt_containers_meta-1.0.0-150500.8.3.1 * kubevirt-virt-operator-1.0.0-150500.8.3.1 * kubevirt-virt-exportproxy-debuginfo-1.0.0-150500.8.3.1 * kubevirt-container-disk-1.0.0-150500.8.3.1 * kubevirt-virt-handler-debuginfo-1.0.0-150500.8.3.1 * kubevirt-virt-launcher-debuginfo-1.0.0-150500.8.3.1 * kubevirt-virt-launcher-1.0.0-150500.8.3.1 * kubevirt-virt-handler-1.0.0-150500.8.3.1 * kubevirt-pr-helper-conf-1.0.0-150500.8.3.1 * kubevirt-virt-api-debuginfo-1.0.0-150500.8.3.1 * kubevirt-manifests-1.0.0-150500.8.3.1 * kubevirt-tests-1.0.0-150500.8.3.1 * kubevirt-virt-exportserver-debuginfo-1.0.0-150500.8.3.1 * kubevirt-virtctl-1.0.0-150500.8.3.1 * kubevirt-virt-controller-1.0.0-150500.8.3.1 * kubevirt-virt-api-1.0.0-150500.8.3.1 * kubevirt-virtctl-debuginfo-1.0.0-150500.8.3.1 * kubevirt-virt-controller-debuginfo-1.0.0-150500.8.3.1 * kubevirt-virt-exportproxy-1.0.0-150500.8.3.1 * kubevirt-container-disk-debuginfo-1.0.0-150500.8.3.1 * Containers Module 15-SP5 (x86_64) * kubevirt-manifests-1.0.0-150500.8.3.1 * kubevirt-virtctl-1.0.0-150500.8.3.1 * kubevirt-virtctl-debuginfo-1.0.0-150500.8.3.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 16:30:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 16:30:46 -0000 Subject: SUSE-RU-2023:3654-1: moderate: Recommended update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, c Message-ID: <169505464639.11580.13364545004290326596@smelt2.suse.de> # Recommended update for cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, c Announcement ID: SUSE-RU-2023:3654-1 Rating: moderate References: Affected Products: * Containers Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that can now be installed. ## Description: This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller- container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy- container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.57.0 * Release notes https://github.com/kubevirt/containerized-data- importer/releases/tag/v1.57.0 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-3654=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3654=1 openSUSE-SLE-15.5-2023-3654=1 ## Package List: * Containers Module 15-SP5 (x86_64) * containerized-data-importer-manifests-1.57.0-150500.6.3.1 * openSUSE Leap 15.5 (x86_64) * containerized-data-importer-manifests-1.57.0-150500.6.3.1 * obs-service-cdi_containers_meta-1.57.0-150500.6.3.1 * containerized-data-importer-api-debuginfo-1.57.0-150500.6.3.1 * containerized-data-importer-uploadproxy-1.57.0-150500.6.3.1 * containerized-data-importer-operator-1.57.0-150500.6.3.1 * containerized-data-importer-cloner-1.57.0-150500.6.3.1 * containerized-data-importer-operator-debuginfo-1.57.0-150500.6.3.1 * containerized-data-importer-uploadserver-debuginfo-1.57.0-150500.6.3.1 * containerized-data-importer-controller-1.57.0-150500.6.3.1 * containerized-data-importer-api-1.57.0-150500.6.3.1 * containerized-data-importer-importer-debuginfo-1.57.0-150500.6.3.1 * containerized-data-importer-importer-1.57.0-150500.6.3.1 * containerized-data-importer-controller-debuginfo-1.57.0-150500.6.3.1 * containerized-data-importer-cloner-debuginfo-1.57.0-150500.6.3.1 * containerized-data-importer-uploadproxy-debuginfo-1.57.0-150500.6.3.1 * containerized-data-importer-uploadserver-1.57.0-150500.6.3.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 16:30:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 16:30:47 -0000 Subject: SUSE-RU-2023:3649-1: important: Recommended update for java-17-openjdk Message-ID: <169505464786.11580.5899943408497601135@smelt2.suse.de> # Recommended update for java-17-openjdk Announcement ID: SUSE-RU-2023:3649-1 Rating: important References: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for java-17-openjdk fixes the following issues: * Fix a regression where the validation would reject valid zip64 (zip with 64-bit offset extensions) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3649=1 openSUSE-SLE-15.4-2023-3649=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3649=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3649=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3649=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * java-17-openjdk-jmods-17.0.8.1-150400.3.30.1 * java-17-openjdk-devel-17.0.8.1-150400.3.30.1 * java-17-openjdk-src-17.0.8.1-150400.3.30.1 * java-17-openjdk-headless-17.0.8.1-150400.3.30.1 * java-17-openjdk-17.0.8.1-150400.3.30.1 * java-17-openjdk-devel-debuginfo-17.0.8.1-150400.3.30.1 * java-17-openjdk-debuginfo-17.0.8.1-150400.3.30.1 * java-17-openjdk-demo-17.0.8.1-150400.3.30.1 * java-17-openjdk-debugsource-17.0.8.1-150400.3.30.1 * java-17-openjdk-headless-debuginfo-17.0.8.1-150400.3.30.1 * openSUSE Leap 15.4 (noarch) * java-17-openjdk-javadoc-17.0.8.1-150400.3.30.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-jmods-17.0.8.1-150400.3.30.1 * java-17-openjdk-devel-17.0.8.1-150400.3.30.1 * java-17-openjdk-src-17.0.8.1-150400.3.30.1 * java-17-openjdk-headless-17.0.8.1-150400.3.30.1 * java-17-openjdk-17.0.8.1-150400.3.30.1 * java-17-openjdk-devel-debuginfo-17.0.8.1-150400.3.30.1 * java-17-openjdk-debuginfo-17.0.8.1-150400.3.30.1 * java-17-openjdk-demo-17.0.8.1-150400.3.30.1 * java-17-openjdk-debugsource-17.0.8.1-150400.3.30.1 * java-17-openjdk-headless-debuginfo-17.0.8.1-150400.3.30.1 * openSUSE Leap 15.5 (noarch) * java-17-openjdk-javadoc-17.0.8.1-150400.3.30.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-devel-17.0.8.1-150400.3.30.1 * java-17-openjdk-headless-17.0.8.1-150400.3.30.1 * java-17-openjdk-17.0.8.1-150400.3.30.1 * java-17-openjdk-devel-debuginfo-17.0.8.1-150400.3.30.1 * java-17-openjdk-debuginfo-17.0.8.1-150400.3.30.1 * java-17-openjdk-demo-17.0.8.1-150400.3.30.1 * java-17-openjdk-debugsource-17.0.8.1-150400.3.30.1 * java-17-openjdk-headless-debuginfo-17.0.8.1-150400.3.30.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-devel-17.0.8.1-150400.3.30.1 * java-17-openjdk-headless-17.0.8.1-150400.3.30.1 * java-17-openjdk-17.0.8.1-150400.3.30.1 * java-17-openjdk-devel-debuginfo-17.0.8.1-150400.3.30.1 * java-17-openjdk-debuginfo-17.0.8.1-150400.3.30.1 * java-17-openjdk-demo-17.0.8.1-150400.3.30.1 * java-17-openjdk-debugsource-17.0.8.1-150400.3.30.1 * java-17-openjdk-headless-debuginfo-17.0.8.1-150400.3.30.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 16:30:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 16:30:49 -0000 Subject: SUSE-RU-2023:3641-1: important: Recommended update for java-11-openjdk Message-ID: <169505464973.11580.5056921636089301928@smelt2.suse.de> # Recommended update for java-11-openjdk Announcement ID: SUSE-RU-2023:3641-1 Rating: important References: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that can now be installed. ## Description: This update for java-11-openjdk fixes the following issues: * Fix a regression where the validation would reject valid zip64 (zip with 64-bit offset extensions) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3641=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3641=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3641=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3641=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3641=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3641=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3641=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3641=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3641=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3641=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3641=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3641=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3641=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3641=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3641=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3641=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3641=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3641=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3641=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3641=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3641=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-demo-11.0.20.1-150000.3.102.1 * java-11-openjdk-src-11.0.20.1-150000.3.102.1 * java-11-openjdk-devel-11.0.20.1-150000.3.102.1 * java-11-openjdk-headless-11.0.20.1-150000.3.102.1 * java-11-openjdk-jmods-11.0.20.1-150000.3.102.1 * java-11-openjdk-11.0.20.1-150000.3.102.1 * openSUSE Leap 15.4 (noarch) * java-11-openjdk-javadoc-11.0.20.1-150000.3.102.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-demo-11.0.20.1-150000.3.102.1 * java-11-openjdk-src-11.0.20.1-150000.3.102.1 * java-11-openjdk-devel-11.0.20.1-150000.3.102.1 * java-11-openjdk-headless-11.0.20.1-150000.3.102.1 * java-11-openjdk-jmods-11.0.20.1-150000.3.102.1 * java-11-openjdk-11.0.20.1-150000.3.102.1 * openSUSE Leap 15.5 (noarch) * java-11-openjdk-javadoc-11.0.20.1-150000.3.102.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-11.0.20.1-150000.3.102.1 * java-11-openjdk-headless-11.0.20.1-150000.3.102.1 * java-11-openjdk-demo-11.0.20.1-150000.3.102.1 * java-11-openjdk-devel-11.0.20.1-150000.3.102.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-11.0.20.1-150000.3.102.1 * java-11-openjdk-headless-11.0.20.1-150000.3.102.1 * java-11-openjdk-demo-11.0.20.1-150000.3.102.1 * java-11-openjdk-devel-11.0.20.1-150000.3.102.1 * SUSE Package Hub 15 15-SP4 (noarch) * java-11-openjdk-javadoc-11.0.20.1-150000.3.102.1 * SUSE Package Hub 15 15-SP5 (noarch) * java-11-openjdk-javadoc-11.0.20.1-150000.3.102.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * java-11-openjdk-11.0.20.1-150000.3.102.1 * java-11-openjdk-headless-11.0.20.1-150000.3.102.1 * java-11-openjdk-demo-11.0.20.1-150000.3.102.1 * java-11-openjdk-devel-11.0.20.1-150000.3.102.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * java-11-openjdk-11.0.20.1-150000.3.102.1 * java-11-openjdk-headless-11.0.20.1-150000.3.102.1 * java-11-openjdk-demo-11.0.20.1-150000.3.102.1 * java-11-openjdk-devel-11.0.20.1-150000.3.102.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * java-11-openjdk-11.0.20.1-150000.3.102.1 * java-11-openjdk-headless-11.0.20.1-150000.3.102.1 * java-11-openjdk-demo-11.0.20.1-150000.3.102.1 * java-11-openjdk-devel-11.0.20.1-150000.3.102.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * java-11-openjdk-11.0.20.1-150000.3.102.1 * java-11-openjdk-headless-11.0.20.1-150000.3.102.1 * java-11-openjdk-demo-11.0.20.1-150000.3.102.1 * java-11-openjdk-devel-11.0.20.1-150000.3.102.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-11.0.20.1-150000.3.102.1 * java-11-openjdk-headless-11.0.20.1-150000.3.102.1 * java-11-openjdk-demo-11.0.20.1-150000.3.102.1 * java-11-openjdk-devel-11.0.20.1-150000.3.102.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-11.0.20.1-150000.3.102.1 * java-11-openjdk-headless-11.0.20.1-150000.3.102.1 * java-11-openjdk-demo-11.0.20.1-150000.3.102.1 * java-11-openjdk-devel-11.0.20.1-150000.3.102.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-11.0.20.1-150000.3.102.1 * java-11-openjdk-headless-11.0.20.1-150000.3.102.1 * java-11-openjdk-demo-11.0.20.1-150000.3.102.1 * java-11-openjdk-devel-11.0.20.1-150000.3.102.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * java-11-openjdk-11.0.20.1-150000.3.102.1 * java-11-openjdk-headless-11.0.20.1-150000.3.102.1 * java-11-openjdk-demo-11.0.20.1-150000.3.102.1 * java-11-openjdk-devel-11.0.20.1-150000.3.102.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-11-openjdk-11.0.20.1-150000.3.102.1 * java-11-openjdk-headless-11.0.20.1-150000.3.102.1 * java-11-openjdk-demo-11.0.20.1-150000.3.102.1 * java-11-openjdk-devel-11.0.20.1-150000.3.102.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-11-openjdk-11.0.20.1-150000.3.102.1 * java-11-openjdk-headless-11.0.20.1-150000.3.102.1 * java-11-openjdk-demo-11.0.20.1-150000.3.102.1 * java-11-openjdk-devel-11.0.20.1-150000.3.102.1 * SUSE Manager Proxy 4.2 (x86_64) * java-11-openjdk-11.0.20.1-150000.3.102.1 * java-11-openjdk-headless-11.0.20.1-150000.3.102.1 * java-11-openjdk-demo-11.0.20.1-150000.3.102.1 * java-11-openjdk-devel-11.0.20.1-150000.3.102.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * java-11-openjdk-11.0.20.1-150000.3.102.1 * java-11-openjdk-headless-11.0.20.1-150000.3.102.1 * java-11-openjdk-demo-11.0.20.1-150000.3.102.1 * java-11-openjdk-devel-11.0.20.1-150000.3.102.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * java-11-openjdk-11.0.20.1-150000.3.102.1 * java-11-openjdk-headless-11.0.20.1-150000.3.102.1 * java-11-openjdk-demo-11.0.20.1-150000.3.102.1 * java-11-openjdk-devel-11.0.20.1-150000.3.102.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * java-11-openjdk-11.0.20.1-150000.3.102.1 * java-11-openjdk-headless-11.0.20.1-150000.3.102.1 * java-11-openjdk-demo-11.0.20.1-150000.3.102.1 * java-11-openjdk-devel-11.0.20.1-150000.3.102.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * java-11-openjdk-11.0.20.1-150000.3.102.1 * java-11-openjdk-headless-11.0.20.1-150000.3.102.1 * java-11-openjdk-demo-11.0.20.1-150000.3.102.1 * java-11-openjdk-devel-11.0.20.1-150000.3.102.1 * SUSE CaaS Platform 4.0 (x86_64) * java-11-openjdk-11.0.20.1-150000.3.102.1 * java-11-openjdk-headless-11.0.20.1-150000.3.102.1 * java-11-openjdk-demo-11.0.20.1-150000.3.102.1 * java-11-openjdk-devel-11.0.20.1-150000.3.102.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 16:30:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 16:30:52 -0000 Subject: SUSE-SU-2023:3640-1: important: Security update for gcc12 Message-ID: <169505465228.11580.14931189375105872051@smelt2.suse.de> # Security update for gcc12 Announcement ID: SUSE-SU-2023:3640-1 Rating: important References: * #1214052 Cross-References: * CVE-2023-4039 CVSS scores: * CVE-2023-4039 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4039 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * Toolchain Module 12 An update that solves one vulnerability can now be installed. ## Description: This update for gcc12 fixes the following issues: * CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Toolchain Module 12 zypper in -t patch SUSE-SLE-Module-Toolchain-12-2023-3640=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3640=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3640=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3640=1 ## Package List: * Toolchain Module 12 (aarch64 ppc64le s390x x86_64) * gcc12-PIE-12.3.0+git1204-1.13.1 * libstdc++6-devel-gcc12-12.3.0+git1204-1.13.1 * gcc12-c++-debuginfo-12.3.0+git1204-1.13.1 * gcc12-debugsource-12.3.0+git1204-1.13.1 * cpp12-debuginfo-12.3.0+git1204-1.13.1 * gcc12-debuginfo-12.3.0+git1204-1.13.1 * gcc12-fortran-12.3.0+git1204-1.13.1 * gcc12-c++-12.3.0+git1204-1.13.1 * cpp12-12.3.0+git1204-1.13.1 * gcc12-fortran-debuginfo-12.3.0+git1204-1.13.1 * gcc12-12.3.0+git1204-1.13.1 * gcc12-locale-12.3.0+git1204-1.13.1 * Toolchain Module 12 (noarch) * gcc12-info-12.3.0+git1204-1.13.1 * Toolchain Module 12 (s390x x86_64) * gcc12-32bit-12.3.0+git1204-1.13.1 * gcc12-c++-32bit-12.3.0+git1204-1.13.1 * gcc12-fortran-32bit-12.3.0+git1204-1.13.1 * libstdc++6-devel-gcc12-32bit-12.3.0+git1204-1.13.1 * Toolchain Module 12 (x86_64) * cross-nvptx-newlib12-devel-12.3.0+git1204-1.13.1 * cross-nvptx-gcc12-12.3.0+git1204-1.13.1 * cross-nvptx-gcc12-debuginfo-12.3.0+git1204-1.13.1 * cross-nvptx-gcc12-debugsource-12.3.0+git1204-1.13.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libasan8-debuginfo-12.3.0+git1204-1.13.1 * libstdc++6-locale-12.3.0+git1204-1.13.1 * libatomic1-debuginfo-12.3.0+git1204-1.13.1 * libgcc_s1-12.3.0+git1204-1.13.1 * libgomp1-debuginfo-12.3.0+git1204-1.13.1 * libstdc++6-debuginfo-12.3.0+git1204-1.13.1 * liblsan0-12.3.0+git1204-1.13.1 * libasan8-12.3.0+git1204-1.13.1 * libobjc4-12.3.0+git1204-1.13.1 * liblsan0-debuginfo-12.3.0+git1204-1.13.1 * libobjc4-debuginfo-12.3.0+git1204-1.13.1 * libgcc_s1-debuginfo-12.3.0+git1204-1.13.1 * libgfortran5-debuginfo-12.3.0+git1204-1.13.1 * libstdc++6-12.3.0+git1204-1.13.1 * libgomp1-12.3.0+git1204-1.13.1 * libatomic1-12.3.0+git1204-1.13.1 * libubsan1-12.3.0+git1204-1.13.1 * libgfortran5-12.3.0+git1204-1.13.1 * libitm1-12.3.0+git1204-1.13.1 * libtsan2-12.3.0+git1204-1.13.1 * libubsan1-debuginfo-12.3.0+git1204-1.13.1 * libtsan2-debuginfo-12.3.0+git1204-1.13.1 * libstdc++6-pp-12.3.0+git1204-1.13.1 * libitm1-debuginfo-12.3.0+git1204-1.13.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64) * libhwasan0-12.3.0+git1204-1.13.1 * libhwasan0-debuginfo-12.3.0+git1204-1.13.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libgomp1-32bit-12.3.0+git1204-1.13.1 * libitm1-32bit-12.3.0+git1204-1.13.1 * libobjc4-32bit-12.3.0+git1204-1.13.1 * libquadmath0-12.3.0+git1204-1.13.1 * libgcc_s1-32bit-12.3.0+git1204-1.13.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-1.13.1 * libasan8-32bit-12.3.0+git1204-1.13.1 * libitm1-32bit-debuginfo-12.3.0+git1204-1.13.1 * libasan8-32bit-debuginfo-12.3.0+git1204-1.13.1 * libquadmath0-32bit-debuginfo-12.3.0+git1204-1.13.1 * libquadmath0-32bit-12.3.0+git1204-1.13.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-1.13.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-1.13.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-1.13.1 * libstdc++6-pp-32bit-12.3.0+git1204-1.13.1 * libatomic1-32bit-12.3.0+git1204-1.13.1 * libstdc++6-32bit-12.3.0+git1204-1.13.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-1.13.1 * libubsan1-32bit-12.3.0+git1204-1.13.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-1.13.1 * libgfortran5-32bit-12.3.0+git1204-1.13.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-1.13.1 * libquadmath0-debuginfo-12.3.0+git1204-1.13.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libasan8-debuginfo-12.3.0+git1204-1.13.1 * libstdc++6-locale-12.3.0+git1204-1.13.1 * libatomic1-debuginfo-12.3.0+git1204-1.13.1 * libgcc_s1-12.3.0+git1204-1.13.1 * libgomp1-debuginfo-12.3.0+git1204-1.13.1 * libstdc++6-debuginfo-12.3.0+git1204-1.13.1 * liblsan0-12.3.0+git1204-1.13.1 * libasan8-12.3.0+git1204-1.13.1 * libobjc4-12.3.0+git1204-1.13.1 * liblsan0-debuginfo-12.3.0+git1204-1.13.1 * libobjc4-debuginfo-12.3.0+git1204-1.13.1 * libgcc_s1-debuginfo-12.3.0+git1204-1.13.1 * libgfortran5-debuginfo-12.3.0+git1204-1.13.1 * libstdc++6-12.3.0+git1204-1.13.1 * libgomp1-12.3.0+git1204-1.13.1 * libatomic1-12.3.0+git1204-1.13.1 * libubsan1-12.3.0+git1204-1.13.1 * libgfortran5-12.3.0+git1204-1.13.1 * libitm1-12.3.0+git1204-1.13.1 * libtsan2-12.3.0+git1204-1.13.1 * libubsan1-debuginfo-12.3.0+git1204-1.13.1 * libtsan2-debuginfo-12.3.0+git1204-1.13.1 * libstdc++6-pp-12.3.0+git1204-1.13.1 * libitm1-debuginfo-12.3.0+git1204-1.13.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64) * libhwasan0-12.3.0+git1204-1.13.1 * libhwasan0-debuginfo-12.3.0+git1204-1.13.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le x86_64) * libquadmath0-debuginfo-12.3.0+git1204-1.13.1 * libquadmath0-12.3.0+git1204-1.13.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libatomic1-32bit-debuginfo-12.3.0+git1204-1.13.1 * libgomp1-32bit-12.3.0+git1204-1.13.1 * libubsan1-32bit-12.3.0+git1204-1.13.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-1.13.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-1.13.1 * libstdc++6-pp-32bit-12.3.0+git1204-1.13.1 * libstdc++6-32bit-12.3.0+git1204-1.13.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-1.13.1 * libitm1-32bit-12.3.0+git1204-1.13.1 * libatomic1-32bit-12.3.0+git1204-1.13.1 * libobjc4-32bit-12.3.0+git1204-1.13.1 * libgfortran5-32bit-12.3.0+git1204-1.13.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-1.13.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-1.13.1 * libgcc_s1-32bit-12.3.0+git1204-1.13.1 * libasan8-32bit-12.3.0+git1204-1.13.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-1.13.1 * libitm1-32bit-debuginfo-12.3.0+git1204-1.13.1 * libasan8-32bit-debuginfo-12.3.0+git1204-1.13.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * libquadmath0-32bit-12.3.0+git1204-1.13.1 * libquadmath0-32bit-debuginfo-12.3.0+git1204-1.13.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libasan8-debuginfo-12.3.0+git1204-1.13.1 * libstdc++6-locale-12.3.0+git1204-1.13.1 * libatomic1-debuginfo-12.3.0+git1204-1.13.1 * libgcc_s1-12.3.0+git1204-1.13.1 * libquadmath0-12.3.0+git1204-1.13.1 * libgomp1-debuginfo-12.3.0+git1204-1.13.1 * libstdc++6-debuginfo-12.3.0+git1204-1.13.1 * liblsan0-12.3.0+git1204-1.13.1 * libasan8-12.3.0+git1204-1.13.1 * libobjc4-12.3.0+git1204-1.13.1 * liblsan0-debuginfo-12.3.0+git1204-1.13.1 * libobjc4-debuginfo-12.3.0+git1204-1.13.1 * libgcc_s1-debuginfo-12.3.0+git1204-1.13.1 * libgfortran5-debuginfo-12.3.0+git1204-1.13.1 * libstdc++6-12.3.0+git1204-1.13.1 * libgomp1-12.3.0+git1204-1.13.1 * libatomic1-12.3.0+git1204-1.13.1 * libubsan1-12.3.0+git1204-1.13.1 * libgfortran5-12.3.0+git1204-1.13.1 * libitm1-12.3.0+git1204-1.13.1 * libtsan2-12.3.0+git1204-1.13.1 * libubsan1-debuginfo-12.3.0+git1204-1.13.1 * libtsan2-debuginfo-12.3.0+git1204-1.13.1 * libstdc++6-pp-12.3.0+git1204-1.13.1 * libquadmath0-debuginfo-12.3.0+git1204-1.13.1 * libitm1-debuginfo-12.3.0+git1204-1.13.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libgomp1-32bit-12.3.0+git1204-1.13.1 * libitm1-32bit-12.3.0+git1204-1.13.1 * libobjc4-32bit-12.3.0+git1204-1.13.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-1.13.1 * libgcc_s1-32bit-12.3.0+git1204-1.13.1 * libasan8-32bit-12.3.0+git1204-1.13.1 * libitm1-32bit-debuginfo-12.3.0+git1204-1.13.1 * libasan8-32bit-debuginfo-12.3.0+git1204-1.13.1 * libquadmath0-32bit-debuginfo-12.3.0+git1204-1.13.1 * libquadmath0-32bit-12.3.0+git1204-1.13.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-1.13.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-1.13.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-1.13.1 * libstdc++6-pp-32bit-12.3.0+git1204-1.13.1 * libatomic1-32bit-12.3.0+git1204-1.13.1 * libstdc++6-32bit-12.3.0+git1204-1.13.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-1.13.1 * libubsan1-32bit-12.3.0+git1204-1.13.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-1.13.1 * libgfortran5-32bit-12.3.0+git1204-1.13.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-1.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4039.html * https://bugzilla.suse.com/show_bug.cgi?id=1214052 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 20:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 20:30:03 -0000 Subject: SUSE-SU-2023:3659-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP5) Message-ID: <169506900319.15173.14551352395413662829@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:3659-1 Rating: important References: * #1211395 * #1213063 Cross-References: * CVE-2023-2156 * CVE-2023-35001 CVSS scores: * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_7 fixes several issues. The following security issues were fixed: * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3659=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3659=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_1-debugsource-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_7-default-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_7-default-debuginfo-2-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_1-debugsource-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_7-default-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_7-default-debuginfo-2-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://bugzilla.suse.com/show_bug.cgi?id=1211395 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 20:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 20:30:05 -0000 Subject: SUSE-SU-2023:3658-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP5) Message-ID: <169506900538.15173.5546313873479451384@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:3658-1 Rating: important References: * #1211395 Cross-References: * CVE-2023-2156 CVSS scores: * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_12 fixes one issue. The following security issue was fixed: * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3658=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3658=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3660=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3660=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_15-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_74-default-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_74-default-debuginfo-2-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_15-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_74-default-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_74-default-debuginfo-2-150400.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_12-default-debuginfo-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_12-default-2-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_2-debugsource-2-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_12-default-debuginfo-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_12-default-2-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_2-debugsource-2-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2156.html * https://bugzilla.suse.com/show_bug.cgi?id=1211395 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 20:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 20:30:08 -0000 Subject: SUSE-SU-2023:3657-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP4) Message-ID: <169506900816.15173.16365585117414778290@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:3657-1 Rating: important References: * #1208839 * #1211395 * #1212849 * #1213063 Cross-References: * CVE-2023-1077 * CVE-2023-2156 * CVE-2023-3090 * CVE-2023-35001 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_66 fixes several issues. The following security issues were fixed: * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3657=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3657=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_66-default-3-150400.2.1 * kernel-livepatch-5_14_21-150400_24_66-default-debuginfo-3-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_13-debugsource-3-150400.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_66-default-3-150400.2.1 * kernel-livepatch-5_14_21-150400_24_66-default-debuginfo-3-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_13-debugsource-3-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1211395 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 20:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 20:30:10 -0000 Subject: SUSE-SU-2023:3666-1: important: Security update for libxml2 Message-ID: <169506901024.15173.8239685558415635193@smelt2.suse.de> # Security update for libxml2 Announcement ID: SUSE-SU-2023:3666-1 Rating: important References: * #1214768 Cross-References: * CVE-2023-39615 CVSS scores: * CVE-2023-39615 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-39615 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Python 3 Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libxml2 fixes the following issues: * CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3666=1 openSUSE-SLE-15.5-2023-3666=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3666=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2023-3666=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * python3-libxml2-debuginfo-2.10.3-150500.5.8.1 * libxml2-devel-2.10.3-150500.5.8.1 * libxml2-2-debuginfo-2.10.3-150500.5.8.1 * python3-libxml2-2.10.3-150500.5.8.1 * libxml2-debugsource-2.10.3-150500.5.8.1 * libxml2-tools-2.10.3-150500.5.8.1 * python311-libxml2-debuginfo-2.10.3-150500.5.8.1 * libxml2-python-debugsource-2.10.3-150500.5.8.1 * libxml2-tools-debuginfo-2.10.3-150500.5.8.1 * libxml2-2-2.10.3-150500.5.8.1 * python311-libxml2-2.10.3-150500.5.8.1 * openSUSE Leap 15.5 (x86_64) * libxml2-devel-32bit-2.10.3-150500.5.8.1 * libxml2-2-32bit-2.10.3-150500.5.8.1 * libxml2-2-32bit-debuginfo-2.10.3-150500.5.8.1 * openSUSE Leap 15.5 (noarch) * libxml2-doc-2.10.3-150500.5.8.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libxml2-devel-64bit-2.10.3-150500.5.8.1 * libxml2-2-64bit-2.10.3-150500.5.8.1 * libxml2-2-64bit-debuginfo-2.10.3-150500.5.8.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-libxml2-debuginfo-2.10.3-150500.5.8.1 * libxml2-devel-2.10.3-150500.5.8.1 * libxml2-2-debuginfo-2.10.3-150500.5.8.1 * python3-libxml2-2.10.3-150500.5.8.1 * libxml2-debugsource-2.10.3-150500.5.8.1 * libxml2-tools-2.10.3-150500.5.8.1 * libxml2-python-debugsource-2.10.3-150500.5.8.1 * libxml2-tools-debuginfo-2.10.3-150500.5.8.1 * libxml2-2-2.10.3-150500.5.8.1 * Basesystem Module 15-SP5 (x86_64) * libxml2-2-32bit-2.10.3-150500.5.8.1 * libxml2-2-32bit-debuginfo-2.10.3-150500.5.8.1 * Python 3 Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python311-libxml2-debuginfo-2.10.3-150500.5.8.1 * python311-libxml2-2.10.3-150500.5.8.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39615.html * https://bugzilla.suse.com/show_bug.cgi?id=1214768 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 20:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 20:30:12 -0000 Subject: SUSE-SU-2023:3665-1: important: Security update for libxml2 Message-ID: <169506901297.15173.12681968647388545674@smelt2.suse.de> # Security update for libxml2 Announcement ID: SUSE-SU-2023:3665-1 Rating: important References: * #1201978 * #1210411 * #1210412 * #1214768 Cross-References: * CVE-2016-3709 * CVE-2023-28484 * CVE-2023-29469 * CVE-2023-39615 CVSS scores: * CVE-2016-3709 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2016-3709 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-28484 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28484 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-29469 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-29469 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-39615 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-39615 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for libxml2 fixes the following issues: * CVE-2023-29469: Fixed not deterministic hashing of empty dict strings (bsc#1210412). * CVE-2023-28484: Fixed NULL dereference in xmlSchemaFixupComplexType (bsc#1210411). * CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). * CVE-2016-3709: Fixed cross-site scripting vulnerability in libxml (bsc#1201978). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3665=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3665=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3665=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3665=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libxml2-devel-2.9.4-46.65.1 * libxml2-debugsource-2.9.4-46.65.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libxml2-tools-debuginfo-2.9.4-46.65.1 * libxml2-2-2.9.4-46.65.1 * libxml2-tools-2.9.4-46.65.1 * python-libxml2-debuginfo-2.9.4-46.65.1 * libxml2-debugsource-2.9.4-46.65.1 * python-libxml2-debugsource-2.9.4-46.65.1 * python-libxml2-2.9.4-46.65.1 * libxml2-2-debuginfo-2.9.4-46.65.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * libxml2-doc-2.9.4-46.65.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libxml2-2-32bit-2.9.4-46.65.1 * libxml2-2-debuginfo-32bit-2.9.4-46.65.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libxml2-tools-debuginfo-2.9.4-46.65.1 * libxml2-2-2.9.4-46.65.1 * libxml2-tools-2.9.4-46.65.1 * python-libxml2-debuginfo-2.9.4-46.65.1 * libxml2-debugsource-2.9.4-46.65.1 * python-libxml2-debugsource-2.9.4-46.65.1 * python-libxml2-2.9.4-46.65.1 * libxml2-2-debuginfo-2.9.4-46.65.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * libxml2-doc-2.9.4-46.65.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libxml2-2-32bit-2.9.4-46.65.1 * libxml2-2-debuginfo-32bit-2.9.4-46.65.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libxml2-tools-debuginfo-2.9.4-46.65.1 * libxml2-2-2.9.4-46.65.1 * libxml2-tools-2.9.4-46.65.1 * python-libxml2-debuginfo-2.9.4-46.65.1 * libxml2-debugsource-2.9.4-46.65.1 * python-libxml2-debugsource-2.9.4-46.65.1 * python-libxml2-2.9.4-46.65.1 * libxml2-2-debuginfo-2.9.4-46.65.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * libxml2-doc-2.9.4-46.65.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libxml2-2-32bit-2.9.4-46.65.1 * libxml2-2-debuginfo-32bit-2.9.4-46.65.1 ## References: * https://www.suse.com/security/cve/CVE-2016-3709.html * https://www.suse.com/security/cve/CVE-2023-28484.html * https://www.suse.com/security/cve/CVE-2023-29469.html * https://www.suse.com/security/cve/CVE-2023-39615.html * https://bugzilla.suse.com/show_bug.cgi?id=1201978 * https://bugzilla.suse.com/show_bug.cgi?id=1210411 * https://bugzilla.suse.com/show_bug.cgi?id=1210412 * https://bugzilla.suse.com/show_bug.cgi?id=1214768 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 20:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 20:30:16 -0000 Subject: SUSE-SU-2023:3664-1: critical: Security update for MozillaThunderbird Message-ID: <169506901656.15173.9409710054623262720@smelt2.suse.de> # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2023:3664-1 Rating: critical References: * #1214606 * #1215231 * #1215245 Cross-References: * CVE-2023-4051 * CVE-2023-4053 * CVE-2023-4573 * CVE-2023-4574 * CVE-2023-4575 * CVE-2023-4576 * CVE-2023-4577 * CVE-2023-4578 * CVE-2023-4580 * CVE-2023-4581 * CVE-2023-4582 * CVE-2023-4583 * CVE-2023-4584 * CVE-2023-4585 * CVE-2023-4863 CVSS scores: * CVE-2023-4051 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4053 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-4573 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-4574 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-4575 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-4576 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2023-4577 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-4578 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-4580 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-4581 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2023-4582 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4583 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4584 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4585 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4863 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4863 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves 15 vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: Security fixes: * Mozilla Thunderbird 115.2.2 (MFSA 2023-40, bsc#1215245) * CVE-2023-4863: Fixed heap buffer overflow in libwebp (bmo#1852649). * Mozilla Thunderbird 115.2 (MFSA 2023-38, bsc#1214606) * CVE-2023-4573: Memory corruption in IPC CanvasTranslator (bmo#1846687) * CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback (bmo#1846688) * CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback (bmo#1846689) * CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation (bmo#1846694) * CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics (bmo#1847397) * CVE-2023-4051: Full screen notification obscured by file open dialog (bmo#1821884) * CVE-2023-4578: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception (bmo#1839007) * CVE-2023-4053: Full screen notification obscured by external program (bmo#1839079) * CVE-2023-4580: Push notifications saved to disk unencrypted (bmo#1843046) * CVE-2023-4581: XLL file extensions were downloadable without warnings (bmo#1843758) * CVE-2023-4582: Buffer Overflow in WebGL glGetProgramiv (bmo#1773874) * CVE-2023-4583: Browsing Context potentially not cleared when closing Private Window (bmo#1842030) * CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (bmo#1843968, bmo#1845205, bmo#1846080, bmo#1846526, bmo#1847529) * CVE-2023-4585: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 (bmo#1751583, bmo#1833504, bmo#1841082, bmo#1847904, bmo#1848999) Other fixes: Mozilla Thunderbird 115.2.1 * new: Column separators are now shown between all columns in tree view (bmo#1847441) * fixed: Crash reporter did not work in Thunderbird Flatpak (bmo#1843102) * fixed: New mail notification always opened message in message pane, even if pane was disabled (bmo#1840092) * fixed: After moving an IMAP message to another folder, the incorrect message was selected in the message list (bmo#1845376) * fixed: Adding a tag to an IMAP message opened in a tab failed (bmo#1844452) * fixed: Junk/Spam folders were not always shown in Unified Folders mode (bmo#1838672) * fixed: Middle-clicking a folder or message did not open it in a background tab, as in previous versions (bmo#1842482) * fixed: Settings tab visual improvements: Advanced Fonts dialog, Section headers hidden behind search box (bmo#1717382,bmo#1846751) * fixed: Various visual and style fixes (bmo#1843707,bmo#1849823) Mozilla Thunderbird 115.2 * new: Thunderbird MSIX packages are now published on archive.mozilla.org (bmo#1817657) * changed: Size, Unread, and Total columns are now right- aligned (bmo#1848604) * changed: Newsgroup names in message list header are now abbreviated (bmo#1833298) * fixed: Message compose window did not apply theme colors to menus (bmo#1845699) * fixed: Reading the second new message in a folder cleared the unread indicator of all other new messages (bmo#1839805) * fixed: Displayed counts of unread or flagged messages could become out-of-sync (bmo#1846860) * fixed: Deleting a message from the context menu with messages sorted in chronological order and smooth scroll enabled caused message list to scroll to top (bmo#1843462) * fixed: Repeatedly switching accounts in Subscribe dialog caused tree view to stop updating (bmo#1845593) * fixed: "Ignore thread" caused message cards to display incorrectly in message list (bmo#1847966) * fixed: Creating tags from unified toolbar failed (bmo#1846336) * fixed: Cross-folder navigation using F and N did not work (bmo#1845011) * fixed: Account Manager did not resize to fit content, causing "Close" button to become hidden outside bounds of dialog when too many accounts were listed (bmo#1847555) * fixed: Remote content exceptions could not be added in Settings (bmo#1847576) * fixed: Newsgroup list file did not get updated after adding a new NNTP server (bmo#1845464) * fixed: "Download all headers" option in NNTP "Download Headers" dialog was incorrectly selected by default (bmo#1845457) * fixed: "Convert to event/task" was missing from mail context menu (bmo#1817705) * fixed: Events and tasks were not shown in some cases despite being present on remote server (bmo#1827100) * fixed: Various visual and UX improvements (bmo#1844244,bmo#1845645) * Mozilla Thunderbird 115.1.1 * fixed: Some HTML emails printed headers on first page and message on subsequent pages (bmo#1843628) * fixed: Deleting messages from message list sometimes scrolled list to bottom, selecting bottommost message (bmo#1835173) * fixed: Width of icon columns (like Junk or Starred) in message list did not adjust when UI density was changed (bmo#1843014) * fixed: Old OpenPGP secret keys could not be used to decrypt messages under certain circumstances (bmo#1835786) * fixed: When multiple folder modes were active, tab focus navigated through all folder mode options before reaching message list (bmo#1842060) * fixed: Unread message count badge was not displayed on parent folders of subfolder containing unread messages (bmo#1844534) * fixed: "Undo archive" (via Ctrl-Z) did not un-archive previously archived messages (bmo#1829340) * fixed: "New" button dropdown menu in "Message Filters" dialog could not be opened via keyboard navigation (bmo#1843511) * fixed: "Show New Mail Alert for" input field in "Customize New Mail Alert" dialog had zero width when using certain language packs (bmo#1845832) * fixed: "Account Wizard" dialog was too narrow when adding a news server, partially hiding confirmation buttons (bmo#1846588) * fixed: Link Properties and Image Properties dialogs in the composer were too wide (bmo#1816850) * fixed: Thunderbird version number and details in "About" dialog were not automatically read by screen readers when first opening dialog (bmo#1847078) * fixed: Flatpak improvements and bug fixes (bmo#1825399,bmo#1843094,bmo#1843097) * fixed: Various visual and UX improvements (bmo#1846262) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-3664=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3664=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3664=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3664=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3664=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-3664=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * MozillaThunderbird-debuginfo-115.2.2-150200.8.130.1 * MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 * MozillaThunderbird-115.2.2-150200.8.130.1 * MozillaThunderbird-debugsource-115.2.2-150200.8.130.1 * MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debuginfo-115.2.2-150200.8.130.1 * MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 * MozillaThunderbird-115.2.2-150200.8.130.1 * MozillaThunderbird-debugsource-115.2.2-150200.8.130.1 * MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debuginfo-115.2.2-150200.8.130.1 * MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 * MozillaThunderbird-115.2.2-150200.8.130.1 * MozillaThunderbird-debugsource-115.2.2-150200.8.130.1 * MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x) * MozillaThunderbird-debuginfo-115.2.2-150200.8.130.1 * MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 * MozillaThunderbird-115.2.2-150200.8.130.1 * MozillaThunderbird-debugsource-115.2.2-150200.8.130.1 * MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * MozillaThunderbird-debuginfo-115.2.2-150200.8.130.1 * MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 * MozillaThunderbird-115.2.2-150200.8.130.1 * MozillaThunderbird-debugsource-115.2.2-150200.8.130.1 * MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * MozillaThunderbird-debuginfo-115.2.2-150200.8.130.1 * MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 * MozillaThunderbird-115.2.2-150200.8.130.1 * MozillaThunderbird-debugsource-115.2.2-150200.8.130.1 * MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4051.html * https://www.suse.com/security/cve/CVE-2023-4053.html * https://www.suse.com/security/cve/CVE-2023-4573.html * https://www.suse.com/security/cve/CVE-2023-4574.html * https://www.suse.com/security/cve/CVE-2023-4575.html * https://www.suse.com/security/cve/CVE-2023-4576.html * https://www.suse.com/security/cve/CVE-2023-4577.html * https://www.suse.com/security/cve/CVE-2023-4578.html * https://www.suse.com/security/cve/CVE-2023-4580.html * https://www.suse.com/security/cve/CVE-2023-4581.html * https://www.suse.com/security/cve/CVE-2023-4582.html * https://www.suse.com/security/cve/CVE-2023-4583.html * https://www.suse.com/security/cve/CVE-2023-4584.html * https://www.suse.com/security/cve/CVE-2023-4585.html * https://www.suse.com/security/cve/CVE-2023-4863.html * https://bugzilla.suse.com/show_bug.cgi?id=1214606 * https://bugzilla.suse.com/show_bug.cgi?id=1215231 * https://bugzilla.suse.com/show_bug.cgi?id=1215245 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Sep 18 20:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Sep 2023 20:30:20 -0000 Subject: SUSE-RU-2023:3663-1: important: Recommended update for perl-Bootloader Message-ID: <169506902003.15173.4282066827633678598@smelt2.suse.de> # Recommended update for perl-Bootloader Announcement ID: SUSE-RU-2023:3663-1 Rating: important References: * #1215064 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for perl-Bootloader fixes the following issues: * bootloader_entry script can have an optional 'force-default' argument (bsc#1215064) * skip warning about unsupported options when in compat mode ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3663=1 openSUSE-SLE-15.4-2023-3663=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3663=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3663=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3663=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3663=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3663=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3663=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3663=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3663=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3663=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * perl-Bootloader-YAML-0.945-150400.3.9.1 * perl-Bootloader-0.945-150400.3.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * perl-Bootloader-YAML-0.945-150400.3.9.1 * perl-Bootloader-0.945-150400.3.9.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * perl-Bootloader-0.945-150400.3.9.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * perl-Bootloader-0.945-150400.3.9.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * perl-Bootloader-0.945-150400.3.9.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * perl-Bootloader-0.945-150400.3.9.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * perl-Bootloader-0.945-150400.3.9.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * perl-Bootloader-0.945-150400.3.9.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * perl-Bootloader-YAML-0.945-150400.3.9.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * perl-Bootloader-YAML-0.945-150400.3.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215064 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 19 07:01:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 09:01:57 +0200 (CEST) Subject: SUSE-IU-2023:615-1: Security update of suse-sles-15-sp5-chost-byos-v20230915-x86_64-gen2 Message-ID: <20230919070157.D157EFCEE@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20230915-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:615-1 Image Tags : suse-sles-15-sp5-chost-byos-v20230915-x86_64-gen2:20230915 Image Release : Severity : critical Type : security References : 1027519 1158763 1182142 1186606 1193412 1194609 1195391 1201519 1204844 1205161 1207778 1208194 1208574 1209741 1209998 1210070 1210419 1210702 1210740 1210797 1210996 1211256 1211257 1211461 1211576 1211757 1212368 1212434 1212684 1213120 1213185 1213212 1213229 1213231 1213240 1213500 1213557 1213575 1213582 1213607 1213616 1213673 1213826 1213873 1213940 1213951 1214006 1214025 1214071 1214081 1214082 1214083 1214107 1214108 1214109 1214140 1214248 1214290 CVE-2021-30560 CVE-2022-40982 CVE-2023-2004 CVE-2023-20569 CVE-2023-20593 CVE-2023-2426 CVE-2023-2609 CVE-2023-2610 CVE-2023-26112 CVE-2023-28840 CVE-2023-28841 CVE-2023-28842 CVE-2023-4016 CVE-2023-4156 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20230915-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2548-1 Released: Tue Jul 26 13:48:28 2022 Summary: Critical update for python-cssselect Type: recommended Severity: critical References: This update for python-cssselect implements packages to the unrestrictied repository. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:557-1 Released: Tue Feb 28 09:29:15 2023 Summary: Security update for libxslt Type: security Severity: important References: 1208574,CVE-2021-30560 This update for libxslt fixes the following issues: - CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2898-1 Released: Thu Jul 20 09:15:33 2023 Summary: Recommended update for python-instance-billing-flavor-check Type: feature Severity: critical References: This update for python-instance-billing-flavor-check fixes the following issues: - Include PAYG checker package in SLE (jsc#PED-4791) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3369-1 Released: Tue Aug 22 11:12:02 2023 Summary: Security update for python-configobj Type: security Severity: low References: 1210070,CVE-2023-26112 This update for python-configobj fixes the following issues: - CVE-2023-26112: Fixed regular expression denial of service vulnerability in validate.py (bsc#1210070). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3371-1 Released: Tue Aug 22 13:30:18 2023 Summary: Recommended update for liblognorm Type: recommended Severity: moderate References: This update for liblognorm fixes the following issues: - Update to liblognorm v2.0.6 (jsc#PED-4883) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3372-1 Released: Tue Aug 22 13:44:38 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1211757,1213212 This update for rsyslog fixes the following issues: - Fix removal of imfile state files (bsc#1213212) - Fix segfaults in modExit() of imklog.c (bsc#1211757) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3393-1 Released: Wed Aug 23 17:41:55 2023 Summary: Recommended update for dracut Type: recommended Severity: important References: 1214081 This update for dracut fixes the following issues: - Protect against broken links pointing to themselves - Exit if resolving executable dependencies fails (bsc#1214081) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3447-1 Released: Mon Aug 28 10:57:05 2023 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1212684,1213616,1214082,1214083,CVE-2022-40982,CVE-2023-20569,CVE-2023-20593 This update for xen fixes the following issues: - CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434) - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435) - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3452-1 Released: Mon Aug 28 12:41:11 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1213951 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update from version 1.0.7 to 1.0.8 (bsc#1213951) - Capture CSP billing adapter config and log - Accept upper case Amazon string in DMI table ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3461-1 Released: Mon Aug 28 17:25:09 2023 Summary: Security update for freetype2 Type: security Severity: moderate References: 1210419,CVE-2023-2004 This update for freetype2 fixes the following issues: - CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3465-1 Released: Tue Aug 29 07:30:00 2023 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1213607,1213826,1213940 This update for samba fixes the following issues: - Fix DFS not working with widelinks enabled; (bsc#1213607) - Move libcluster-samba4.so from samba-libs to samba-client-libs (bsc#1213940) - net ads lookup with unspecified realm fails (bsc#1213826) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3468-1 Released: Tue Aug 29 09:22:18 2023 Summary: Recommended update for python3 Type: recommended Severity: low References: This update for python3 fixes the following issue: - Rename sources in preparation of python3.11 (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3470-1 Released: Tue Aug 29 10:49:33 2023 Summary: Recommended update for parted Type: recommended Severity: low References: 1182142,1193412 This update for parted fixes the following issues: - fix null pointer dereference (bsc#1193412) - update mkpart options in manpage (bsc#1182142) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3485-1 Released: Tue Aug 29 14:20:56 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3497-1 Released: Wed Aug 30 21:25:05 2023 Summary: Security update for vim Type: security Severity: important References: 1210996,1211256,1211257,1211461,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610 This update for vim fixes the following issues: Updated to version 9.0 with patch level 1572. - CVE-2023-2426: Fixed Out-of-range Pointer Offset use (bsc#1210996). - CVE-2023-2609: Fixed NULL Pointer Dereference (bsc#1211256). - CVE-2023-2610: Fixed nteger Overflow or Wraparound (bsc#1211257). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3514-1 Released: Fri Sep 1 15:48:52 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3521-1 Released: Tue Sep 5 08:56:45 2023 Summary: Recommended update for python-iniconfig Type: recommended Severity: moderate References: 1213582 This update for python-iniconfig provides python3-iniconfig to SUSE Linux Enterprise Micro 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3536-1 Released: Tue Sep 5 15:00:27 2023 Summary: Security update for docker Type: security Severity: moderate References: 1210797,1212368,1213120,1213229,1213500,1214107,1214108,1214109,CVE-2023-28840,CVE-2023-28841,CVE-2023-28842 This update for docker fixes the following issues: - Update to Docker 24.0.5-ce. See upstream changelong online at bsc#1213229 - Update to Docker 24.0.4-ce. See upstream changelog online at . bsc#1213500 - Update to Docker 24.0.3-ce. See upstream changelog online at . bsc#1213120 - Recommend docker-rootless-extras instead of Require(ing) it, given it's an additional functionality and not inherently required for docker to function. - Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless) - Update to Docker 24.0.2-ce. See upstream changelog online at . bsc#1212368 * Includes the upstreamed fix for the mount table pollution issue. bsc#1210797 - Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as being provided by this package. - was rebuilt against current GO compiler. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3543-1 Released: Wed Sep 6 08:27:22 2023 Summary: Recommended update for protobuf-c Type: recommended Severity: moderate References: 1214006 This update for protobuf-c fixes the following issues: - Add missing Provides/Obsoletes after package merge (bsc#1214006) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low References: 1209998 This update for crypto-policies fixes the following issues: - Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - audit-3.0.6-150400.4.13.1 updated - ca-certificates-mozilla-2.62-150200.30.1 updated - crypto-policies-20210917.c9d86d1-150400.3.3.1 updated - docker-24.0.5_ce-150000.185.1 updated - dracut-055+suse.369.gde6c81bf-150500.3.9.1 updated - gawk-4.2.1-150000.3.3.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libauparse0-3.0.6-150400.4.13.1 updated - libdevmapper1_03-2.03.16_1.02.185-150500.7.6.1 updated - libfreetype6-2.10.4-150000.4.15.1 updated - liblognorm5-2.0.6-150000.3.3.1 updated - libparted0-3.2-150300.21.3.1 updated - libprocps7-3.3.15-150000.7.34.1 updated - libprotobuf-c1-1.3.2-150200.3.9.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libudev1-249.16-150400.8.33.1 updated - libxslt1-1.1.34-150400.3.3.1 added - libzypp-17.31.20-150400.3.40.1 updated - parted-3.2-150300.21.3.1 updated - procps-3.3.15-150000.7.34.1 updated - python-instance-billing-flavor-check-0.0.2-150000.1.3.1 added - python3-configobj-5.0.6-150000.3.3.1 updated - python3-cssselect-1.0.3-150000.3.3.1 added - python3-iniconfig-1.1.1-150000.1.11.1 updated - python3-lxml-4.9.1-150500.1.2 added - python3-more-itertools-8.10.0-150400.5.69 updated - python3-ordered-set-4.0.2-150400.8.34 updated - python3-pyOpenSSL-21.0.0-150400.7.62 updated - rsyslog-module-relp-8.2306.0-150400.5.18.1 updated - rsyslog-8.2306.0-150400.5.18.1 updated - samba-client-libs-4.17.9+git.387.ca59f91f61-150500.3.8.1 updated - supportutils-plugin-suse-public-cloud-1.0.8-150000.3.17.1 updated - system-group-audit-3.0.6-150400.4.13.1 updated - systemd-sysvinit-249.16-150400.8.33.1 updated - systemd-249.16-150400.8.33.1 updated - sysuser-shadow-3.2-150400.3.5.3 updated - udev-249.16-150400.8.33.1 updated - vim-data-common-9.0.1632-150500.20.3.1 updated - vim-9.0.1632-150500.20.3.1 updated - xen-libs-4.17.2_02-150500.3.6.1 updated - zypper-1.14.63-150400.3.29.1 updated - samba-libs-4.17.9+git.367.dae41ffdd1f-150500.3.5.1 removed From sle-updates at lists.suse.com Tue Sep 19 07:03:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 09:03:57 +0200 (CEST) Subject: SUSE-CU-2023:3009-1: Recommended update of bci/bci-busybox Message-ID: <20230919070357.7AD25FCEE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3009-1 Container Tags : bci/bci-busybox:15.4 , bci/bci-busybox:15.4.19.4 Container Release : 19.4 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated From sle-updates at lists.suse.com Tue Sep 19 07:05:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 09:05:17 +0200 (CEST) Subject: SUSE-CU-2023:3010-1: Recommended update of bci/bci-init Message-ID: <20230919070517.7A29FFCEE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3010-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.29.52 Container Release : 29.52 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated - container:sles15-image-15.0.0-27.14.97 updated From sle-updates at lists.suse.com Tue Sep 19 07:06:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 09:06:57 +0200 (CEST) Subject: SUSE-CU-2023:3011-1: Recommended update of suse/pcp Message-ID: <20230919070657.5DB01FCEE@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3011-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.110 , suse/pcp:5.2 , suse/pcp:5.2-17.110 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.110 Container Release : 17.110 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated - container:bci-bci-init-15.4-15.4-29.52 updated From sle-updates at lists.suse.com Tue Sep 19 07:07:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 09:07:18 +0200 (CEST) Subject: SUSE-CU-2023:3012-1: Recommended update of suse/postgres Message-ID: <20230919070718.14212FCEE@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3012-1 Container Tags : suse/postgres:14 , suse/postgres:14-22.58 , suse/postgres:14.9 , suse/postgres:14.9-22.58 Container Release : 22.58 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated - container:sles15-image-15.0.0-27.14.97 updated From sle-updates at lists.suse.com Tue Sep 19 07:08:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 09:08:17 +0200 (CEST) Subject: SUSE-CU-2023:3013-1: Recommended update of bci/python Message-ID: <20230919070817.376ADFCEE@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3013-1 Container Tags : bci/python:3 , bci/python:3-15.49 , bci/python:3.10 , bci/python:3.10-15.49 Container Release : 15.49 Severity : moderate Type : recommended References : 1195391 1205161 1207778 1213240 1214140 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) The following package changes have been done: - sysuser-shadow-3.2-150400.3.5.3 updated - container:sles15-image-15.0.0-27.14.97 updated From sle-updates at lists.suse.com Tue Sep 19 07:08:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 09:08:34 +0200 (CEST) Subject: SUSE-CU-2023:3014-1: Security update of bci/dotnet-aspnet Message-ID: <20230919070834.AD8D7FCEE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3014-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-13.2 , bci/dotnet-aspnet:7.0.11 , bci/dotnet-aspnet:7.0.11-13.2 , bci/dotnet-aspnet:latest Container Release : 13.2 Severity : moderate Type : security References : 1030253 1095425 1103893 1112183 1146907 1158955 1159131 1161007 1162882 1166844 1167603 1182252 1182645 1192935 1193951 354372 437293 824262 CVE-2020-10531 CVE-2020-21913 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3563-1 Released: Fri Sep 8 15:28:17 2023 Summary: Security update for icu73_2 Type: security Severity: moderate References: 1030253,1095425,1103893,1112183,1146907,1158955,1159131,1161007,1162882,1166844,1167603,1182252,1182645,1192935,1193951,354372,437293,824262,CVE-2020-10531,CVE-2020-21913 This update for icu73_2 fixes the following issues: - Update to release 73.2 * CLDR extends the support for ???short??? Chinese sort orders to cover some additional, required characters for Level 2. This is carried over into ICU collation. * ICU has a modified character conversion table, mapping some GB18030 characters to Unicode characters that were encoded after GB18030-2005. - fixes builds where UCHAR_TYPE is re-defined such as libqt5-qtwebengine - Update to release 73.1 * Improved Japanese and Korean short-text line breaking * Reduction of C++ memory use in date formatting - Update to release 72.1 * Support for Unicode 15, including new characters, scripts, emoji, and corresponding API constants. * Support for CLDR 42 locale data with various additions and corrections. * Shift to tzdb 2022e. Pre-1970 data for a number of timezones has been removed. - bump library packagename to libicu71 to match the version. - update to 71.1: * updates to CLDR 41 locale data with various additions and corrections. * phrase-based line breaking for Japanese. Existing line breaking methods follow standards and conventions for body text but do not work well for short Japanese text, such as in titles and headings. This new feature is optimized for these use cases. * support for Hindi written in Latin letters (hi_Latn). The CLDR data for this increasingly popular locale has been significantly revised and expanded. Note that based on user expectations, hi_Latn incorporates a large amount of English, and can also be referred to as ???Hinglish???. * time zone data updated to version 2022a. Note that pre-1970 data for a number of time zones has been removed, as has been the case in the upstream tzdata release since 2021b. - ICU-21793 Fix ucptrietest golden diff [bsc#1192935] - Update to release 70.1: * Unicode 14 (new characters, scripts, emoji, and API constants) * CLDR 40 (many additions and corrections) * Fixes for measurement unit formatting * Can now be built with up to C++20 compilers - ICU-21613 Fix undefined behaviour in ComplexUnitsConverter::applyRounder - Update to release 69.1 * CLDR 39 * For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as equivalent. This aligns handling of Norwegian with other macro language codes. * Binary prefixes in measurement units (KiB, MiB, etc.) * Time zone offsets from local time: New APIs BasicTimeZone::getOffsetFromLocal() (C++) and ucal_getTimeZoneOffsetFromLocal() - Backport ICU-21366 (bsc#1182645) - Update to release 68.2 * Fix memory problem in FormattedStringBuilder * Fix assertion when setKeywordValue w/ long value. * Fix UBSan breakage on 8bit of rbbi * fix int32_t overflow in listFormat * Fix memory handling in MemoryPool::operator=() * Fix memory leak in AliasReplacer - Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361 - Update to release 68.1 * CLDR 38 * Measurement unit preferences * PluralRules selection for ranges of numbers * Locale ID canonicalization now conforms to the CLDR spec including edge cases * DateIntervalFormat supports output options such as capitalization * Measurement units are normalized in skeleton string output * Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) - Update to version 67.1 * Unicode 13 (ICU-20893, same as in ICU 66) + Total of 5930 new characters + 4 new scripts + 55 new emoji characters, plus additional new sequences + New CJK extension, first characters in plane 3: U+30000..U+3134A * CLDR 37 + New language at Modern coverage: Nigerian Pidgin + New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese + Region containment: EU no longer includes GB + Unicode 13 root collation data and Chinese data for collation and transliteration * DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier (ICU-20442) * Various other improvements for ECMA-402 conformance * Number skeletons have a new 'concise' form that can be used in MessageFormat strings (ICU-20418) * Currency formatting options for formal and other currency display name variants (ICU-20854) * ListFormatter: new public API to select the style & type (ICU-12863) * ListFormatter now selects the proper ???and???/???or??? form for Spanish & Hebrew (ICU-21016) * Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272) * LocaleMatcher: New option to ignore one-way matches (ICU-20936), and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR) * acceptLanguage() reimplemented via LocaleMatcher (ICU-20700) * Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category (ICU-21073) * Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type (ICU-20972), * and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984). * Support for manipulating CLDR 37 unit identifiers in MeasureUnit. * Fix potential integer overflow in UnicodeString:doAppend (bsc#1166844, CVE-2020-10531). - Update to version 66.1 * Unicode 13 support * Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type. (ICU-20972) * use LocalMemory for cmd to prevent use after free (bsc#1193951 CVE-2020-21913). - Remove /usr/lib(64)/icu/current [bsc#1158955]. - Update to release 65.1 (jsc#SLE-11118). * Updated to CLDR 36 locale data with many additions and corrections, and some new measurement units. * The Java LocaleMatcher API is improved, and ported to C++. The following package changes have been done: - libicu73_2-ledata-73.2-150000.1.3.1 added - libicu73_2-73.2-150000.1.3.1 added - libicu-suse65_1-65.1-150200.4.8.1 removed - libicu65_1-ledata-65.1-150200.4.8.1 removed From sle-updates at lists.suse.com Tue Sep 19 07:08:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 09:08:54 +0200 (CEST) Subject: SUSE-CU-2023:3015-1: Security update of bci/dotnet-sdk Message-ID: <20230919070854.961A2FCEE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3015-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-12.2 , bci/dotnet-sdk:6.0.22 , bci/dotnet-sdk:6.0.22-12.2 Container Release : 12.2 Severity : moderate Type : security References : 1030253 1095425 1103893 1112183 1146907 1158955 1159131 1161007 1162882 1166844 1167603 1182252 1182645 1192935 1193951 354372 437293 824262 CVE-2020-10531 CVE-2020-21913 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3563-1 Released: Fri Sep 8 15:28:17 2023 Summary: Security update for icu73_2 Type: security Severity: moderate References: 1030253,1095425,1103893,1112183,1146907,1158955,1159131,1161007,1162882,1166844,1167603,1182252,1182645,1192935,1193951,354372,437293,824262,CVE-2020-10531,CVE-2020-21913 This update for icu73_2 fixes the following issues: - Update to release 73.2 * CLDR extends the support for ???short??? Chinese sort orders to cover some additional, required characters for Level 2. This is carried over into ICU collation. * ICU has a modified character conversion table, mapping some GB18030 characters to Unicode characters that were encoded after GB18030-2005. - fixes builds where UCHAR_TYPE is re-defined such as libqt5-qtwebengine - Update to release 73.1 * Improved Japanese and Korean short-text line breaking * Reduction of C++ memory use in date formatting - Update to release 72.1 * Support for Unicode 15, including new characters, scripts, emoji, and corresponding API constants. * Support for CLDR 42 locale data with various additions and corrections. * Shift to tzdb 2022e. Pre-1970 data for a number of timezones has been removed. - bump library packagename to libicu71 to match the version. - update to 71.1: * updates to CLDR 41 locale data with various additions and corrections. * phrase-based line breaking for Japanese. Existing line breaking methods follow standards and conventions for body text but do not work well for short Japanese text, such as in titles and headings. This new feature is optimized for these use cases. * support for Hindi written in Latin letters (hi_Latn). The CLDR data for this increasingly popular locale has been significantly revised and expanded. Note that based on user expectations, hi_Latn incorporates a large amount of English, and can also be referred to as ???Hinglish???. * time zone data updated to version 2022a. Note that pre-1970 data for a number of time zones has been removed, as has been the case in the upstream tzdata release since 2021b. - ICU-21793 Fix ucptrietest golden diff [bsc#1192935] - Update to release 70.1: * Unicode 14 (new characters, scripts, emoji, and API constants) * CLDR 40 (many additions and corrections) * Fixes for measurement unit formatting * Can now be built with up to C++20 compilers - ICU-21613 Fix undefined behaviour in ComplexUnitsConverter::applyRounder - Update to release 69.1 * CLDR 39 * For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as equivalent. This aligns handling of Norwegian with other macro language codes. * Binary prefixes in measurement units (KiB, MiB, etc.) * Time zone offsets from local time: New APIs BasicTimeZone::getOffsetFromLocal() (C++) and ucal_getTimeZoneOffsetFromLocal() - Backport ICU-21366 (bsc#1182645) - Update to release 68.2 * Fix memory problem in FormattedStringBuilder * Fix assertion when setKeywordValue w/ long value. * Fix UBSan breakage on 8bit of rbbi * fix int32_t overflow in listFormat * Fix memory handling in MemoryPool::operator=() * Fix memory leak in AliasReplacer - Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361 - Update to release 68.1 * CLDR 38 * Measurement unit preferences * PluralRules selection for ranges of numbers * Locale ID canonicalization now conforms to the CLDR spec including edge cases * DateIntervalFormat supports output options such as capitalization * Measurement units are normalized in skeleton string output * Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) - Update to version 67.1 * Unicode 13 (ICU-20893, same as in ICU 66) + Total of 5930 new characters + 4 new scripts + 55 new emoji characters, plus additional new sequences + New CJK extension, first characters in plane 3: U+30000..U+3134A * CLDR 37 + New language at Modern coverage: Nigerian Pidgin + New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese + Region containment: EU no longer includes GB + Unicode 13 root collation data and Chinese data for collation and transliteration * DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier (ICU-20442) * Various other improvements for ECMA-402 conformance * Number skeletons have a new 'concise' form that can be used in MessageFormat strings (ICU-20418) * Currency formatting options for formal and other currency display name variants (ICU-20854) * ListFormatter: new public API to select the style & type (ICU-12863) * ListFormatter now selects the proper ???and???/???or??? form for Spanish & Hebrew (ICU-21016) * Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272) * LocaleMatcher: New option to ignore one-way matches (ICU-20936), and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR) * acceptLanguage() reimplemented via LocaleMatcher (ICU-20700) * Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category (ICU-21073) * Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type (ICU-20972), * and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984). * Support for manipulating CLDR 37 unit identifiers in MeasureUnit. * Fix potential integer overflow in UnicodeString:doAppend (bsc#1166844, CVE-2020-10531). - Update to version 66.1 * Unicode 13 support * Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type. (ICU-20972) * use LocalMemory for cmd to prevent use after free (bsc#1193951 CVE-2020-21913). - Remove /usr/lib(64)/icu/current [bsc#1158955]. - Update to release 65.1 (jsc#SLE-11118). * Updated to CLDR 36 locale data with many additions and corrections, and some new measurement units. * The Java LocaleMatcher API is improved, and ported to C++. The following package changes have been done: - libicu73_2-ledata-73.2-150000.1.3.1 added - libicu73_2-73.2-150000.1.3.1 added - libicu-suse65_1-65.1-150200.4.8.1 removed - libicu65_1-ledata-65.1-150200.4.8.1 removed From sle-updates at lists.suse.com Tue Sep 19 07:09:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 09:09:14 +0200 (CEST) Subject: SUSE-CU-2023:3016-1: Security update of bci/dotnet-sdk Message-ID: <20230919070914.77C1EFCEE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3016-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-14.2 , bci/dotnet-sdk:7.0.11 , bci/dotnet-sdk:7.0.11-14.2 , bci/dotnet-sdk:latest Container Release : 14.2 Severity : moderate Type : security References : 1030253 1095425 1103893 1112183 1146907 1158955 1159131 1161007 1162882 1166844 1167603 1182252 1182645 1192935 1193951 354372 437293 824262 CVE-2020-10531 CVE-2020-21913 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3563-1 Released: Fri Sep 8 15:28:17 2023 Summary: Security update for icu73_2 Type: security Severity: moderate References: 1030253,1095425,1103893,1112183,1146907,1158955,1159131,1161007,1162882,1166844,1167603,1182252,1182645,1192935,1193951,354372,437293,824262,CVE-2020-10531,CVE-2020-21913 This update for icu73_2 fixes the following issues: - Update to release 73.2 * CLDR extends the support for ???short??? Chinese sort orders to cover some additional, required characters for Level 2. This is carried over into ICU collation. * ICU has a modified character conversion table, mapping some GB18030 characters to Unicode characters that were encoded after GB18030-2005. - fixes builds where UCHAR_TYPE is re-defined such as libqt5-qtwebengine - Update to release 73.1 * Improved Japanese and Korean short-text line breaking * Reduction of C++ memory use in date formatting - Update to release 72.1 * Support for Unicode 15, including new characters, scripts, emoji, and corresponding API constants. * Support for CLDR 42 locale data with various additions and corrections. * Shift to tzdb 2022e. Pre-1970 data for a number of timezones has been removed. - bump library packagename to libicu71 to match the version. - update to 71.1: * updates to CLDR 41 locale data with various additions and corrections. * phrase-based line breaking for Japanese. Existing line breaking methods follow standards and conventions for body text but do not work well for short Japanese text, such as in titles and headings. This new feature is optimized for these use cases. * support for Hindi written in Latin letters (hi_Latn). The CLDR data for this increasingly popular locale has been significantly revised and expanded. Note that based on user expectations, hi_Latn incorporates a large amount of English, and can also be referred to as ???Hinglish???. * time zone data updated to version 2022a. Note that pre-1970 data for a number of time zones has been removed, as has been the case in the upstream tzdata release since 2021b. - ICU-21793 Fix ucptrietest golden diff [bsc#1192935] - Update to release 70.1: * Unicode 14 (new characters, scripts, emoji, and API constants) * CLDR 40 (many additions and corrections) * Fixes for measurement unit formatting * Can now be built with up to C++20 compilers - ICU-21613 Fix undefined behaviour in ComplexUnitsConverter::applyRounder - Update to release 69.1 * CLDR 39 * For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as equivalent. This aligns handling of Norwegian with other macro language codes. * Binary prefixes in measurement units (KiB, MiB, etc.) * Time zone offsets from local time: New APIs BasicTimeZone::getOffsetFromLocal() (C++) and ucal_getTimeZoneOffsetFromLocal() - Backport ICU-21366 (bsc#1182645) - Update to release 68.2 * Fix memory problem in FormattedStringBuilder * Fix assertion when setKeywordValue w/ long value. * Fix UBSan breakage on 8bit of rbbi * fix int32_t overflow in listFormat * Fix memory handling in MemoryPool::operator=() * Fix memory leak in AliasReplacer - Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361 - Update to release 68.1 * CLDR 38 * Measurement unit preferences * PluralRules selection for ranges of numbers * Locale ID canonicalization now conforms to the CLDR spec including edge cases * DateIntervalFormat supports output options such as capitalization * Measurement units are normalized in skeleton string output * Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) - Update to version 67.1 * Unicode 13 (ICU-20893, same as in ICU 66) + Total of 5930 new characters + 4 new scripts + 55 new emoji characters, plus additional new sequences + New CJK extension, first characters in plane 3: U+30000..U+3134A * CLDR 37 + New language at Modern coverage: Nigerian Pidgin + New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese + Region containment: EU no longer includes GB + Unicode 13 root collation data and Chinese data for collation and transliteration * DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier (ICU-20442) * Various other improvements for ECMA-402 conformance * Number skeletons have a new 'concise' form that can be used in MessageFormat strings (ICU-20418) * Currency formatting options for formal and other currency display name variants (ICU-20854) * ListFormatter: new public API to select the style & type (ICU-12863) * ListFormatter now selects the proper ???and???/???or??? form for Spanish & Hebrew (ICU-21016) * Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272) * LocaleMatcher: New option to ignore one-way matches (ICU-20936), and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR) * acceptLanguage() reimplemented via LocaleMatcher (ICU-20700) * Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category (ICU-21073) * Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type (ICU-20972), * and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984). * Support for manipulating CLDR 37 unit identifiers in MeasureUnit. * Fix potential integer overflow in UnicodeString:doAppend (bsc#1166844, CVE-2020-10531). - Update to version 66.1 * Unicode 13 support * Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type. (ICU-20972) * use LocalMemory for cmd to prevent use after free (bsc#1193951 CVE-2020-21913). - Remove /usr/lib(64)/icu/current [bsc#1158955]. - Update to release 65.1 (jsc#SLE-11118). * Updated to CLDR 36 locale data with many additions and corrections, and some new measurement units. * The Java LocaleMatcher API is improved, and ported to C++. The following package changes have been done: - libicu73_2-ledata-73.2-150000.1.3.1 added - libicu73_2-73.2-150000.1.3.1 added - libicu-suse65_1-65.1-150200.4.8.1 removed - libicu65_1-ledata-65.1-150200.4.8.1 removed From sle-updates at lists.suse.com Tue Sep 19 07:09:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 09:09:31 +0200 (CEST) Subject: SUSE-CU-2023:3017-1: Security update of bci/dotnet-runtime Message-ID: <20230919070931.2C31AFCEE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3017-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-14.2 , bci/dotnet-runtime:7.0.11 , bci/dotnet-runtime:7.0.11-14.2 , bci/dotnet-runtime:latest Container Release : 14.2 Severity : moderate Type : security References : 1030253 1095425 1103893 1112183 1146907 1158955 1159131 1161007 1162882 1166844 1167603 1182252 1182645 1192935 1193951 354372 437293 824262 CVE-2020-10531 CVE-2020-21913 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3563-1 Released: Fri Sep 8 15:28:17 2023 Summary: Security update for icu73_2 Type: security Severity: moderate References: 1030253,1095425,1103893,1112183,1146907,1158955,1159131,1161007,1162882,1166844,1167603,1182252,1182645,1192935,1193951,354372,437293,824262,CVE-2020-10531,CVE-2020-21913 This update for icu73_2 fixes the following issues: - Update to release 73.2 * CLDR extends the support for ???short??? Chinese sort orders to cover some additional, required characters for Level 2. This is carried over into ICU collation. * ICU has a modified character conversion table, mapping some GB18030 characters to Unicode characters that were encoded after GB18030-2005. - fixes builds where UCHAR_TYPE is re-defined such as libqt5-qtwebengine - Update to release 73.1 * Improved Japanese and Korean short-text line breaking * Reduction of C++ memory use in date formatting - Update to release 72.1 * Support for Unicode 15, including new characters, scripts, emoji, and corresponding API constants. * Support for CLDR 42 locale data with various additions and corrections. * Shift to tzdb 2022e. Pre-1970 data for a number of timezones has been removed. - bump library packagename to libicu71 to match the version. - update to 71.1: * updates to CLDR 41 locale data with various additions and corrections. * phrase-based line breaking for Japanese. Existing line breaking methods follow standards and conventions for body text but do not work well for short Japanese text, such as in titles and headings. This new feature is optimized for these use cases. * support for Hindi written in Latin letters (hi_Latn). The CLDR data for this increasingly popular locale has been significantly revised and expanded. Note that based on user expectations, hi_Latn incorporates a large amount of English, and can also be referred to as ???Hinglish???. * time zone data updated to version 2022a. Note that pre-1970 data for a number of time zones has been removed, as has been the case in the upstream tzdata release since 2021b. - ICU-21793 Fix ucptrietest golden diff [bsc#1192935] - Update to release 70.1: * Unicode 14 (new characters, scripts, emoji, and API constants) * CLDR 40 (many additions and corrections) * Fixes for measurement unit formatting * Can now be built with up to C++20 compilers - ICU-21613 Fix undefined behaviour in ComplexUnitsConverter::applyRounder - Update to release 69.1 * CLDR 39 * For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as equivalent. This aligns handling of Norwegian with other macro language codes. * Binary prefixes in measurement units (KiB, MiB, etc.) * Time zone offsets from local time: New APIs BasicTimeZone::getOffsetFromLocal() (C++) and ucal_getTimeZoneOffsetFromLocal() - Backport ICU-21366 (bsc#1182645) - Update to release 68.2 * Fix memory problem in FormattedStringBuilder * Fix assertion when setKeywordValue w/ long value. * Fix UBSan breakage on 8bit of rbbi * fix int32_t overflow in listFormat * Fix memory handling in MemoryPool::operator=() * Fix memory leak in AliasReplacer - Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361 - Update to release 68.1 * CLDR 38 * Measurement unit preferences * PluralRules selection for ranges of numbers * Locale ID canonicalization now conforms to the CLDR spec including edge cases * DateIntervalFormat supports output options such as capitalization * Measurement units are normalized in skeleton string output * Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) - Update to version 67.1 * Unicode 13 (ICU-20893, same as in ICU 66) + Total of 5930 new characters + 4 new scripts + 55 new emoji characters, plus additional new sequences + New CJK extension, first characters in plane 3: U+30000..U+3134A * CLDR 37 + New language at Modern coverage: Nigerian Pidgin + New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese + Region containment: EU no longer includes GB + Unicode 13 root collation data and Chinese data for collation and transliteration * DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier (ICU-20442) * Various other improvements for ECMA-402 conformance * Number skeletons have a new 'concise' form that can be used in MessageFormat strings (ICU-20418) * Currency formatting options for formal and other currency display name variants (ICU-20854) * ListFormatter: new public API to select the style & type (ICU-12863) * ListFormatter now selects the proper ???and???/???or??? form for Spanish & Hebrew (ICU-21016) * Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272) * LocaleMatcher: New option to ignore one-way matches (ICU-20936), and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR) * acceptLanguage() reimplemented via LocaleMatcher (ICU-20700) * Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category (ICU-21073) * Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type (ICU-20972), * and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984). * Support for manipulating CLDR 37 unit identifiers in MeasureUnit. * Fix potential integer overflow in UnicodeString:doAppend (bsc#1166844, CVE-2020-10531). - Update to version 66.1 * Unicode 13 support * Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type. (ICU-20972) * use LocalMemory for cmd to prevent use after free (bsc#1193951 CVE-2020-21913). - Remove /usr/lib(64)/icu/current [bsc#1158955]. - Update to release 65.1 (jsc#SLE-11118). * Updated to CLDR 36 locale data with many additions and corrections, and some new measurement units. * The Java LocaleMatcher API is improved, and ported to C++. The following package changes have been done: - libicu73_2-ledata-73.2-150000.1.3.1 added - libicu73_2-73.2-150000.1.3.1 added - libicu-suse65_1-65.1-150200.4.8.1 removed - libicu65_1-ledata-65.1-150200.4.8.1 removed From sle-updates at lists.suse.com Tue Sep 19 13:18:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 15:18:28 +0200 (CEST) Subject: SUSE-CU-2023:3021-1: Security update of suse/389-ds Message-ID: <20230919131828.B151BFCEE@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3021-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-14.62 , suse/389-ds:latest Container Release : 14.62 Severity : important Type : security References : 1214052 1214768 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - container:sles15-image-15.0.0-36.5.34 updated From sle-updates at lists.suse.com Tue Sep 19 13:18:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 15:18:43 +0200 (CEST) Subject: SUSE-CU-2023:3022-1: Security update of bci/dotnet-aspnet Message-ID: <20230919131843.ADAD1FCEE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3022-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-13.4 , bci/dotnet-aspnet:6.0.22 , bci/dotnet-aspnet:6.0.22-13.4 Container Release : 13.4 Severity : important Type : security References : 1214052 1214768 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - container:sles15-image-15.0.0-36.5.34 updated From sle-updates at lists.suse.com Tue Sep 19 13:18:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 15:18:58 +0200 (CEST) Subject: SUSE-CU-2023:3023-1: Security update of bci/dotnet-aspnet Message-ID: <20230919131858.73CFDFCEE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3023-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-13.4 , bci/dotnet-aspnet:7.0.11 , bci/dotnet-aspnet:7.0.11-13.4 , bci/dotnet-aspnet:latest Container Release : 13.4 Severity : important Type : security References : 1214052 1214768 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - container:sles15-image-15.0.0-36.5.34 updated From sle-updates at lists.suse.com Tue Sep 19 13:19:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 15:19:08 +0200 (CEST) Subject: SUSE-CU-2023:3024-1: Security update of suse/registry Message-ID: <20230919131908.4ECB3FCEE@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3024-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-14.24 , suse/registry:latest Container Release : 14.24 Severity : important Type : security References : 1214052 CVE-2023-4039 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - container:micro-image-15.5.0-11.4 updated From sle-updates at lists.suse.com Tue Sep 19 13:19:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 15:19:26 +0200 (CEST) Subject: SUSE-CU-2023:3025-1: Security update of bci/dotnet-sdk Message-ID: <20230919131926.C91F1FCEE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3025-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-12.4 , bci/dotnet-sdk:6.0.22 , bci/dotnet-sdk:6.0.22-12.4 Container Release : 12.4 Severity : important Type : security References : 1214052 1214768 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - container:sles15-image-15.0.0-36.5.34 updated From sle-updates at lists.suse.com Tue Sep 19 13:19:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 15:19:46 +0200 (CEST) Subject: SUSE-CU-2023:3026-1: Security update of bci/dotnet-sdk Message-ID: <20230919131946.A728BFCEE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3026-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-14.4 , bci/dotnet-sdk:7.0.11 , bci/dotnet-sdk:7.0.11-14.4 , bci/dotnet-sdk:latest Container Release : 14.4 Severity : important Type : security References : 1214052 1214768 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - container:sles15-image-15.0.0-36.5.34 updated From sle-updates at lists.suse.com Tue Sep 19 13:20:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 15:20:01 +0200 (CEST) Subject: SUSE-CU-2023:3027-1: Security update of bci/dotnet-runtime Message-ID: <20230919132001.8924DFCEE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3027-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-12.4 , bci/dotnet-runtime:6.0.22 , bci/dotnet-runtime:6.0.22-12.4 Container Release : 12.4 Severity : important Type : security References : 1030253 1095425 1103893 1112183 1146907 1158955 1159131 1161007 1162882 1166844 1167603 1182252 1182645 1192935 1193951 1214052 1214768 354372 437293 824262 CVE-2020-10531 CVE-2020-21913 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3563-1 Released: Fri Sep 8 15:28:17 2023 Summary: Security update for icu73_2 Type: security Severity: moderate References: 1030253,1095425,1103893,1112183,1146907,1158955,1159131,1161007,1162882,1166844,1167603,1182252,1182645,1192935,1193951,354372,437293,824262,CVE-2020-10531,CVE-2020-21913 This update for icu73_2 fixes the following issues: - Update to release 73.2 * CLDR extends the support for ???short??? Chinese sort orders to cover some additional, required characters for Level 2. This is carried over into ICU collation. * ICU has a modified character conversion table, mapping some GB18030 characters to Unicode characters that were encoded after GB18030-2005. - fixes builds where UCHAR_TYPE is re-defined such as libqt5-qtwebengine - Update to release 73.1 * Improved Japanese and Korean short-text line breaking * Reduction of C++ memory use in date formatting - Update to release 72.1 * Support for Unicode 15, including new characters, scripts, emoji, and corresponding API constants. * Support for CLDR 42 locale data with various additions and corrections. * Shift to tzdb 2022e. Pre-1970 data for a number of timezones has been removed. - bump library packagename to libicu71 to match the version. - update to 71.1: * updates to CLDR 41 locale data with various additions and corrections. * phrase-based line breaking for Japanese. Existing line breaking methods follow standards and conventions for body text but do not work well for short Japanese text, such as in titles and headings. This new feature is optimized for these use cases. * support for Hindi written in Latin letters (hi_Latn). The CLDR data for this increasingly popular locale has been significantly revised and expanded. Note that based on user expectations, hi_Latn incorporates a large amount of English, and can also be referred to as ???Hinglish???. * time zone data updated to version 2022a. Note that pre-1970 data for a number of time zones has been removed, as has been the case in the upstream tzdata release since 2021b. - ICU-21793 Fix ucptrietest golden diff [bsc#1192935] - Update to release 70.1: * Unicode 14 (new characters, scripts, emoji, and API constants) * CLDR 40 (many additions and corrections) * Fixes for measurement unit formatting * Can now be built with up to C++20 compilers - ICU-21613 Fix undefined behaviour in ComplexUnitsConverter::applyRounder - Update to release 69.1 * CLDR 39 * For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as equivalent. This aligns handling of Norwegian with other macro language codes. * Binary prefixes in measurement units (KiB, MiB, etc.) * Time zone offsets from local time: New APIs BasicTimeZone::getOffsetFromLocal() (C++) and ucal_getTimeZoneOffsetFromLocal() - Backport ICU-21366 (bsc#1182645) - Update to release 68.2 * Fix memory problem in FormattedStringBuilder * Fix assertion when setKeywordValue w/ long value. * Fix UBSan breakage on 8bit of rbbi * fix int32_t overflow in listFormat * Fix memory handling in MemoryPool::operator=() * Fix memory leak in AliasReplacer - Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361 - Update to release 68.1 * CLDR 38 * Measurement unit preferences * PluralRules selection for ranges of numbers * Locale ID canonicalization now conforms to the CLDR spec including edge cases * DateIntervalFormat supports output options such as capitalization * Measurement units are normalized in skeleton string output * Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) - Update to version 67.1 * Unicode 13 (ICU-20893, same as in ICU 66) + Total of 5930 new characters + 4 new scripts + 55 new emoji characters, plus additional new sequences + New CJK extension, first characters in plane 3: U+30000..U+3134A * CLDR 37 + New language at Modern coverage: Nigerian Pidgin + New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese + Region containment: EU no longer includes GB + Unicode 13 root collation data and Chinese data for collation and transliteration * DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier (ICU-20442) * Various other improvements for ECMA-402 conformance * Number skeletons have a new 'concise' form that can be used in MessageFormat strings (ICU-20418) * Currency formatting options for formal and other currency display name variants (ICU-20854) * ListFormatter: new public API to select the style & type (ICU-12863) * ListFormatter now selects the proper ???and???/???or??? form for Spanish & Hebrew (ICU-21016) * Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272) * LocaleMatcher: New option to ignore one-way matches (ICU-20936), and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR) * acceptLanguage() reimplemented via LocaleMatcher (ICU-20700) * Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category (ICU-21073) * Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type (ICU-20972), * and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984). * Support for manipulating CLDR 37 unit identifiers in MeasureUnit. * Fix potential integer overflow in UnicodeString:doAppend (bsc#1166844, CVE-2020-10531). - Update to version 66.1 * Unicode 13 support * Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type. (ICU-20972) * use LocalMemory for cmd to prevent use after free (bsc#1193951 CVE-2020-21913). - Remove /usr/lib(64)/icu/current [bsc#1158955]. - Update to release 65.1 (jsc#SLE-11118). * Updated to CLDR 36 locale data with many additions and corrections, and some new measurement units. * The Java LocaleMatcher API is improved, and ported to C++. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - libicu73_2-ledata-73.2-150000.1.3.1 added - libicu73_2-73.2-150000.1.3.1 added - container:sles15-image-15.0.0-36.5.34 updated - libicu-suse65_1-65.1-150200.4.8.1 removed - libicu65_1-ledata-65.1-150200.4.8.1 removed From sle-updates at lists.suse.com Tue Sep 19 13:20:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 15:20:16 +0200 (CEST) Subject: SUSE-CU-2023:3028-1: Security update of bci/dotnet-runtime Message-ID: <20230919132016.E4EACFCEE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3028-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-14.3 , bci/dotnet-runtime:7.0.11 , bci/dotnet-runtime:7.0.11-14.3 , bci/dotnet-runtime:latest Container Release : 14.3 Severity : important Type : security References : 1214052 1214768 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated From sle-updates at lists.suse.com Tue Sep 19 13:20:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 15:20:18 +0200 (CEST) Subject: SUSE-CU-2023:3029-1: Security update of suse/helm Message-ID: <20230919132018.A7508FCEE@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3029-1 Container Tags : suse/helm:3.11 , suse/helm:3.11-2.9 , suse/helm:latest Container Release : 2.9 Severity : important Type : security References : 1214052 CVE-2023-4039 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - container:micro-image-15.5.0-11.4 updated From sle-updates at lists.suse.com Tue Sep 19 13:20:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 15:20:23 +0200 (CEST) Subject: SUSE-CU-2023:3030-1: Security update of bci/bci-micro Message-ID: <20230919132023.872E4FCEE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3030-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.11.4 , bci/bci-micro:latest Container Release : 11.4 Severity : important Type : security References : 1214052 CVE-2023-4039 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated From sle-updates at lists.suse.com Tue Sep 19 13:20:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 15:20:29 +0200 (CEST) Subject: SUSE-CU-2023:3031-1: Security update of bci/bci-minimal Message-ID: <20230919132029.B619BFCEE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3031-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.12.3 , bci/bci-minimal:latest Container Release : 12.3 Severity : important Type : security References : 1214052 CVE-2023-4039 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated From sle-updates at lists.suse.com Tue Sep 19 13:20:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 15:20:45 +0200 (CEST) Subject: SUSE-CU-2023:3032-1: Security update of bci/nodejs Message-ID: <20230919132045.B0618FCEE@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3032-1 Container Tags : bci/node:18 , bci/node:18-9.32 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-9.32 , bci/nodejs:latest Container Release : 9.32 Severity : important Type : security References : 1214052 1214768 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - container:sles15-image-15.0.0-36.5.33 updated From sle-updates at lists.suse.com Tue Sep 19 13:21:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 15:21:00 +0200 (CEST) Subject: SUSE-CU-2023:3033-1: Security update of bci/python Message-ID: <20230919132100.47B0BFCEE@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3033-1 Container Tags : bci/python:3 , bci/python:3-10.51 , bci/python:3.6 , bci/python:3.6-10.51 Container Release : 10.51 Severity : important Type : security References : 1214052 1214768 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - container:sles15-image-15.0.0-36.5.33 updated From sle-updates at lists.suse.com Tue Sep 19 13:21:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 15:21:14 +0200 (CEST) Subject: SUSE-CU-2023:3035-1: Security update of suse/sle15 Message-ID: <20230919132114.2F938FCEE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3035-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.34 , suse/sle15:15.5 , suse/sle15:15.5.36.5.34 Container Release : 36.5.34 Severity : important Type : security References : 1214052 1214768 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated From sle-updates at lists.suse.com Tue Sep 19 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 16:30:05 -0000 Subject: SUSE-SU-2023:3680-1: important: Security update for the Linux Kernel Message-ID: <169514100547.13167.4779552488511634013@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3680-1 Rating: important References: * #1203517 * #1210448 * #1213543 * #1213601 * #1213666 * #1213927 * #1213969 * #1213971 * #1214149 * #1214348 * #1214350 * #1214451 Cross-References: * CVE-2022-36402 * CVE-2023-2007 * CVE-2023-20588 * CVE-2023-3772 * CVE-2023-3812 * CVE-2023-3863 * CVE-2023-4128 * CVE-2023-4132 * CVE-2023-4134 * CVE-2023-4385 * CVE-2023-4387 * CVE-2023-4459 CVSS scores: * CVE-2022-36402 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36402 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2007 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2007 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-3772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4132 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4132 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4134 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4385 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4385 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4387 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4387 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-4459 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that solves 12 vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517). * CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). * CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). * CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). * CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). * CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). * CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). * CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969). * CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). * CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348). * CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). * CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). The following non-security bugs were fixed: * kabi/severities: Ignore newly added SRSO mitigation functions * x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). * x86/cpu: Cleanup the untrain mess (git-fixes). * x86/cpu: Fix __x86_return_thunk symbol type (git-fixes). * x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). * x86/cpu: Rename original retbleed methods (git-fixes). * x86/cpu: Rename srso_(.*) _alias to srso_alias_ \1 (git-fixes). * x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes). * x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes). * x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). * x86/speculation: Add cpu_show_gds() prototype (git-fixes). * x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). * x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). * x86/srso: Disable the mitigation on unaffected configurations (git-fixes). * x86/srso: Explain the untraining sequences a bit more (git-fixes). * x86/srso: Fix build breakage with the LLVM linker (git-fixes). * x86: Move gds_ucode_mitigated() declaration to header (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3680=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3680=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-3680=1 * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-3680=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3680=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3680=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3680=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (nosrc) * kernel-kvmsmall-4.12.14-150100.197.157.1 * kernel-default-4.12.14-150100.197.157.1 * kernel-zfcpdump-4.12.14-150100.197.157.1 * kernel-debug-4.12.14-150100.197.157.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-base-debuginfo-4.12.14-150100.197.157.1 * kernel-debug-base-4.12.14-150100.197.157.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kernel-vanilla-livepatch-devel-4.12.14-150100.197.157.1 * kernel-vanilla-base-4.12.14-150100.197.157.1 * kernel-vanilla-debuginfo-4.12.14-150100.197.157.1 * kernel-vanilla-debugsource-4.12.14-150100.197.157.1 * kernel-default-base-debuginfo-4.12.14-150100.197.157.1 * kernel-vanilla-base-debuginfo-4.12.14-150100.197.157.1 * kernel-vanilla-devel-debuginfo-4.12.14-150100.197.157.1 * kernel-vanilla-devel-4.12.14-150100.197.157.1 * openSUSE Leap 15.4 (x86_64) * kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.157.1 * kernel-kvmsmall-base-4.12.14-150100.197.157.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-vanilla-4.12.14-150100.197.157.1 * openSUSE Leap 15.4 (s390x) * kernel-default-man-4.12.14-150100.197.157.1 * kernel-zfcpdump-man-4.12.14-150100.197.157.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-vanilla-4.12.14-150100.197.157.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kernel-vanilla-livepatch-devel-4.12.14-150100.197.157.1 * kernel-vanilla-base-4.12.14-150100.197.157.1 * kernel-vanilla-debuginfo-4.12.14-150100.197.157.1 * kernel-vanilla-debugsource-4.12.14-150100.197.157.1 * kernel-vanilla-base-debuginfo-4.12.14-150100.197.157.1 * kernel-vanilla-devel-debuginfo-4.12.14-150100.197.157.1 * kernel-vanilla-devel-4.12.14-150100.197.157.1 * SUSE Linux Enterprise Live Patching 15-SP1 (nosrc) * kernel-default-4.12.14-150100.197.157.1 * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-default-debuginfo-4.12.14-150100.197.157.1 * kernel-livepatch-4_12_14-150100_197_157-default-1-150100.3.3.1 * kernel-default-livepatch-4.12.14-150100.197.157.1 * kernel-default-debugsource-4.12.14-150100.197.157.1 * kernel-default-livepatch-devel-4.12.14-150100.197.157.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * gfs2-kmp-default-4.12.14-150100.197.157.1 * ocfs2-kmp-default-debuginfo-4.12.14-150100.197.157.1 * dlm-kmp-default-debuginfo-4.12.14-150100.197.157.1 * ocfs2-kmp-default-4.12.14-150100.197.157.1 * kernel-default-debuginfo-4.12.14-150100.197.157.1 * dlm-kmp-default-4.12.14-150100.197.157.1 * kernel-default-debugsource-4.12.14-150100.197.157.1 * cluster-md-kmp-default-4.12.14-150100.197.157.1 * gfs2-kmp-default-debuginfo-4.12.14-150100.197.157.1 * cluster-md-kmp-default-debuginfo-4.12.14-150100.197.157.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (nosrc) * kernel-default-4.12.14-150100.197.157.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 nosrc x86_64) * kernel-default-4.12.14-150100.197.157.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * kernel-default-devel-debuginfo-4.12.14-150100.197.157.1 * kernel-obs-build-4.12.14-150100.197.157.1 * kernel-default-debuginfo-4.12.14-150100.197.157.1 * kernel-default-base-debuginfo-4.12.14-150100.197.157.1 * kernel-default-debugsource-4.12.14-150100.197.157.1 * kernel-default-base-4.12.14-150100.197.157.1 * kernel-default-devel-4.12.14-150100.197.157.1 * kernel-obs-build-debugsource-4.12.14-150100.197.157.1 * kernel-syms-4.12.14-150100.197.157.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * kernel-devel-4.12.14-150100.197.157.1 * kernel-macros-4.12.14-150100.197.157.1 * kernel-source-4.12.14-150100.197.157.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.157.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-150100.197.157.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-debuginfo-4.12.14-150100.197.157.1 * kernel-obs-build-4.12.14-150100.197.157.1 * kernel-default-debuginfo-4.12.14-150100.197.157.1 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.157.1 * reiserfs-kmp-default-4.12.14-150100.197.157.1 * kernel-default-base-debuginfo-4.12.14-150100.197.157.1 * kernel-default-debugsource-4.12.14-150100.197.157.1 * kernel-default-base-4.12.14-150100.197.157.1 * kernel-default-devel-4.12.14-150100.197.157.1 * kernel-obs-build-debugsource-4.12.14-150100.197.157.1 * kernel-syms-4.12.14-150100.197.157.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * kernel-devel-4.12.14-150100.197.157.1 * kernel-macros-4.12.14-150100.197.157.1 * kernel-source-4.12.14-150100.197.157.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.157.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x) * kernel-zfcpdump-debuginfo-4.12.14-150100.197.157.1 * kernel-zfcpdump-debugsource-4.12.14-150100.197.157.1 * kernel-default-man-4.12.14-150100.197.157.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc) * kernel-zfcpdump-4.12.14-150100.197.157.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le x86_64) * kernel-default-4.12.14-150100.197.157.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * kernel-default-devel-debuginfo-4.12.14-150100.197.157.1 * kernel-obs-build-4.12.14-150100.197.157.1 * kernel-default-debuginfo-4.12.14-150100.197.157.1 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.157.1 * reiserfs-kmp-default-4.12.14-150100.197.157.1 * kernel-default-base-debuginfo-4.12.14-150100.197.157.1 * kernel-default-debugsource-4.12.14-150100.197.157.1 * kernel-default-base-4.12.14-150100.197.157.1 * kernel-default-devel-4.12.14-150100.197.157.1 * kernel-obs-build-debugsource-4.12.14-150100.197.157.1 * kernel-syms-4.12.14-150100.197.157.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * kernel-devel-4.12.14-150100.197.157.1 * kernel-macros-4.12.14-150100.197.157.1 * kernel-source-4.12.14-150100.197.157.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.157.1 * SUSE CaaS Platform 4.0 (nosrc x86_64) * kernel-default-4.12.14-150100.197.157.1 * SUSE CaaS Platform 4.0 (x86_64) * kernel-default-devel-debuginfo-4.12.14-150100.197.157.1 * kernel-obs-build-4.12.14-150100.197.157.1 * kernel-default-debuginfo-4.12.14-150100.197.157.1 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.157.1 * reiserfs-kmp-default-4.12.14-150100.197.157.1 * kernel-default-base-debuginfo-4.12.14-150100.197.157.1 * kernel-default-debugsource-4.12.14-150100.197.157.1 * kernel-default-base-4.12.14-150100.197.157.1 * kernel-default-devel-4.12.14-150100.197.157.1 * kernel-obs-build-debugsource-4.12.14-150100.197.157.1 * kernel-syms-4.12.14-150100.197.157.1 * SUSE CaaS Platform 4.0 (noarch) * kernel-devel-4.12.14-150100.197.157.1 * kernel-macros-4.12.14-150100.197.157.1 * kernel-source-4.12.14-150100.197.157.1 * SUSE CaaS Platform 4.0 (noarch nosrc) * kernel-docs-4.12.14-150100.197.157.1 ## References: * https://www.suse.com/security/cve/CVE-2022-36402.html * https://www.suse.com/security/cve/CVE-2023-2007.html * https://www.suse.com/security/cve/CVE-2023-20588.html * https://www.suse.com/security/cve/CVE-2023-3772.html * https://www.suse.com/security/cve/CVE-2023-3812.html * https://www.suse.com/security/cve/CVE-2023-3863.html * https://www.suse.com/security/cve/CVE-2023-4128.html * https://www.suse.com/security/cve/CVE-2023-4132.html * https://www.suse.com/security/cve/CVE-2023-4134.html * https://www.suse.com/security/cve/CVE-2023-4385.html * https://www.suse.com/security/cve/CVE-2023-4387.html * https://www.suse.com/security/cve/CVE-2023-4459.html * https://bugzilla.suse.com/show_bug.cgi?id=1203517 * https://bugzilla.suse.com/show_bug.cgi?id=1210448 * https://bugzilla.suse.com/show_bug.cgi?id=1213543 * https://bugzilla.suse.com/show_bug.cgi?id=1213601 * https://bugzilla.suse.com/show_bug.cgi?id=1213666 * https://bugzilla.suse.com/show_bug.cgi?id=1213927 * https://bugzilla.suse.com/show_bug.cgi?id=1213969 * https://bugzilla.suse.com/show_bug.cgi?id=1213971 * https://bugzilla.suse.com/show_bug.cgi?id=1214149 * https://bugzilla.suse.com/show_bug.cgi?id=1214348 * https://bugzilla.suse.com/show_bug.cgi?id=1214350 * https://bugzilla.suse.com/show_bug.cgi?id=1214451 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 19 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 16:30:09 -0000 Subject: SUSE-SU-2023:3688-1: important: Security update for gstreamer-plugins-good Message-ID: <169514100988.13167.8322872209770678399@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-good Announcement ID: SUSE-SU-2023:3688-1 Rating: important References: * #1184739 * #1201688 * #1201693 * #1201702 * #1201704 * #1201706 * #1201707 * #1201708 * #1213128 Cross-References: * CVE-2021-3497 * CVE-2022-1920 * CVE-2022-1921 * CVE-2022-1922 * CVE-2022-1923 * CVE-2022-1924 * CVE-2022-1925 * CVE-2022-2122 * CVE-2023-37327 CVSS scores: * CVE-2021-3497 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-3497 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-1920 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2022-1920 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-1921 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2022-1921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-1922 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H * CVE-2022-1922 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-1923 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H * CVE-2022-1923 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-1924 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H * CVE-2022-1924 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-1925 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H * CVE-2022-1925 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-2122 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H * CVE-2022-2122 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37327 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves nine vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-good fixes the following issues: * CVE-2021-3497: Matroskademux: Fix extraction of multichannel WavPack (bsc#1184739). * CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688). * CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693). * CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702). * CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704). * CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706). * CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707). * CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708). * CVE-2023-37327: Fixed GStreamer FLAC File Parsing Integer Overflow (bsc#1213128). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3688=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3688=1 ## Package List: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x) * gstreamer-plugins-good-1.12.5-150000.3.7.2 * gstreamer-plugins-good-debuginfo-1.12.5-150000.3.7.2 * gstreamer-plugins-good-debugsource-1.12.5-150000.3.7.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * gstreamer-plugins-good-lang-1.12.5-150000.3.7.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le) * gstreamer-plugins-good-1.12.5-150000.3.7.2 * gstreamer-plugins-good-debuginfo-1.12.5-150000.3.7.2 * gstreamer-plugins-good-debugsource-1.12.5-150000.3.7.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * gstreamer-plugins-good-lang-1.12.5-150000.3.7.2 ## References: * https://www.suse.com/security/cve/CVE-2021-3497.html * https://www.suse.com/security/cve/CVE-2022-1920.html * https://www.suse.com/security/cve/CVE-2022-1921.html * https://www.suse.com/security/cve/CVE-2022-1922.html * https://www.suse.com/security/cve/CVE-2022-1923.html * https://www.suse.com/security/cve/CVE-2022-1924.html * https://www.suse.com/security/cve/CVE-2022-1925.html * https://www.suse.com/security/cve/CVE-2022-2122.html * https://www.suse.com/security/cve/CVE-2023-37327.html * https://bugzilla.suse.com/show_bug.cgi?id=1184739 * https://bugzilla.suse.com/show_bug.cgi?id=1201688 * https://bugzilla.suse.com/show_bug.cgi?id=1201693 * https://bugzilla.suse.com/show_bug.cgi?id=1201702 * https://bugzilla.suse.com/show_bug.cgi?id=1201704 * https://bugzilla.suse.com/show_bug.cgi?id=1201706 * https://bugzilla.suse.com/show_bug.cgi?id=1201707 * https://bugzilla.suse.com/show_bug.cgi?id=1201708 * https://bugzilla.suse.com/show_bug.cgi?id=1213128 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 19 16:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 16:30:11 -0000 Subject: SUSE-RU-2023:2922-2: moderate: Recommended update for libfido2 Message-ID: <169514101196.13167.15292211251062971691@smelt2.prg2.suse.org> # Recommended update for libfido2 Announcement ID: SUSE-RU-2023:2922-2 Rating: moderate References: * PED-4521 Affected Products: * Basesystem Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains one feature can now be installed. ## Description: This update for libfido2 fixes the following issues: * Use openssl 1.1 still on SUSE Linux Enterprise 15 to avoid pulling unneeded openssl-3 dependency. (jsc#PED-4521) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2922=1 ## Package List: * Basesystem Module 15-SP5 (s390x) * libfido2-debuginfo-1.13.0-150400.5.6.1 * libfido2-1-debuginfo-1.13.0-150400.5.6.1 * libfido2-debugsource-1.13.0-150400.5.6.1 * libfido2-devel-1.13.0-150400.5.6.1 * libfido2-1-1.13.0-150400.5.6.1 * Basesystem Module 15-SP5 (noarch) * libfido2-udev-1.13.0-150400.5.6.1 ## References: * https://jira.suse.com/browse/PED-4521 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 19 16:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 16:30:14 -0000 Subject: SUSE-SU-2023:3686-1: important: Security update for gcc7 Message-ID: <169514101437.13167.14305025820836525470@smelt2.prg2.suse.org> # Security update for gcc7 Announcement ID: SUSE-SU-2023:3686-1 Rating: important References: * #1195517 * #1196861 * #1204505 * #1205145 * #1214052 Cross-References: * CVE-2023-4039 CVSS scores: * CVE-2023-4039 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4039 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has four security fixes can now be installed. ## Description: This update for gcc7 fixes the following issues: Security issue fixed: * CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). Other fixes: * Fixed KASAN kernel compile. [bsc#1205145] * Fixed ICE with C++17 code as reported in [bsc#1204505] * Fixed altivec.h redefining bool in C++ which makes bool unusable (bsc#1195517): * Adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3686=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3686=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le) * gcc7-objc-debuginfo-7.5.0+r278197-150000.4.35.1 * libada7-debuginfo-7.5.0+r278197-150000.4.35.1 * gcc7-objc-7.5.0+r278197-150000.4.35.1 * libasan4-debuginfo-7.5.0+r278197-150000.4.35.1 * gcc7-locale-7.5.0+r278197-150000.4.35.1 * libada7-7.5.0+r278197-150000.4.35.1 * gcc7-c++-debuginfo-7.5.0+r278197-150000.4.35.1 * gcc7-debuginfo-7.5.0+r278197-150000.4.35.1 * gcc7-c++-7.5.0+r278197-150000.4.35.1 * gcc7-ada-7.5.0+r278197-150000.4.35.1 * cpp7-7.5.0+r278197-150000.4.35.1 * gcc7-fortran-debuginfo-7.5.0+r278197-150000.4.35.1 * cpp7-debuginfo-7.5.0+r278197-150000.4.35.1 * libubsan0-debuginfo-7.5.0+r278197-150000.4.35.1 * libgfortran4-7.5.0+r278197-150000.4.35.1 * gcc7-fortran-7.5.0+r278197-150000.4.35.1 * gcc7-7.5.0+r278197-150000.4.35.1 * libasan4-7.5.0+r278197-150000.4.35.1 * libgfortran4-debuginfo-7.5.0+r278197-150000.4.35.1 * libstdc++6-devel-gcc7-7.5.0+r278197-150000.4.35.1 * gcc7-debugsource-7.5.0+r278197-150000.4.35.1 * gcc7-ada-debuginfo-7.5.0+r278197-150000.4.35.1 * libubsan0-7.5.0+r278197-150000.4.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * gcc7-info-7.5.0+r278197-150000.4.35.1 * Basesystem Module 15-SP4 (ppc64le) * gcc7-debuginfo-7.5.0+r278197-150000.4.35.1 * cpp7-7.5.0+r278197-150000.4.35.1 * libgfortran4-7.5.0+r278197-150000.4.35.1 * gcc7-fortran-7.5.0+r278197-150000.4.35.1 * gcc7-7.5.0+r278197-150000.4.35.1 * gcc7-fortran-debuginfo-7.5.0+r278197-150000.4.35.1 * libasan4-7.5.0+r278197-150000.4.35.1 * gcc7-c++-debuginfo-7.5.0+r278197-150000.4.35.1 * cpp7-debuginfo-7.5.0+r278197-150000.4.35.1 * libgfortran4-debuginfo-7.5.0+r278197-150000.4.35.1 * gcc7-debugsource-7.5.0+r278197-150000.4.35.1 * libstdc++6-devel-gcc7-7.5.0+r278197-150000.4.35.1 * libubsan0-debuginfo-7.5.0+r278197-150000.4.35.1 * libasan4-debuginfo-7.5.0+r278197-150000.4.35.1 * gcc7-c++-7.5.0+r278197-150000.4.35.1 * libubsan0-7.5.0+r278197-150000.4.35.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4039.html * https://bugzilla.suse.com/show_bug.cgi?id=1195517 * https://bugzilla.suse.com/show_bug.cgi?id=1196861 * https://bugzilla.suse.com/show_bug.cgi?id=1204505 * https://bugzilla.suse.com/show_bug.cgi?id=1205145 * https://bugzilla.suse.com/show_bug.cgi?id=1214052 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 19 16:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 16:30:16 -0000 Subject: SUSE-RU-2023:3685-1: important: Recommended update for kiwi-templates-Minimal-s390x Message-ID: <169514101634.13167.8616057545639462425@smelt2.prg2.suse.org> # Recommended update for kiwi-templates-Minimal-s390x Announcement ID: SUSE-RU-2023:3685-1 Rating: important References: * #1215074 Affected Products: * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for kiwi-templates-Minimal-s390x contains the following fixes: * Remove pam_pwquality * Add salt-minion to the image. (bsc#1215074) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3685=1 openSUSE-SLE-15.5-2023-3685=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3685=1 ## Package List: * openSUSE Leap 15.5 (noarch) * kiwi-templates-Minimal-s390x-15.5-150500.5.3.1 * Development Tools Module 15-SP5 (noarch) * kiwi-templates-Minimal-s390x-15.5-150500.5.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215074 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 19 16:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 16:30:24 -0000 Subject: SUSE-SU-2023:3684-1: important: Security update for the Linux Kernel Message-ID: <169514102424.13167.18068758775320650844@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3684-1 Rating: important References: * #1023051 * #1203517 * #1210448 * #1213272 * #1213546 * #1213601 * #1213666 * #1213916 * #1213927 * #1213968 * #1213969 * #1213970 * #1213971 * #1214019 * #1214120 * #1214149 * #1214275 * #1214297 * #1214348 * #1214350 * #1214451 * PED-4579 * PED-5738 Cross-References: * CVE-2022-36402 * CVE-2023-2007 * CVE-2023-20588 * CVE-2023-21400 * CVE-2023-34319 * CVE-2023-3772 * CVE-2023-3863 * CVE-2023-4128 * CVE-2023-4132 * CVE-2023-4133 * CVE-2023-4134 * CVE-2023-4147 * CVE-2023-4194 * CVE-2023-4273 * CVE-2023-4385 * CVE-2023-4387 * CVE-2023-4459 CVSS scores: * CVE-2022-36402 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36402 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2007 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2007 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-21400 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-21400 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34319 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-3772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4132 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4132 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4133 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4134 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-4194 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4273 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4273 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-4385 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4385 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4387 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4387 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-4459 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves 17 vulnerabilities, contains two features and has four security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517). * CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). * CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). * CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). * CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). * CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969). * CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). * CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). * CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). * CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). * CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348). * CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). * CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). * CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). * CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). * CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). The following non-security bugs were fixed: * ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970). * Do not add and remove genksyms ifdefs * clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970). * clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970). * e1000: Fix fall-through warnings for Clang (jsc#PED-5738). * e1000: Fix typos in comments (jsc#PED-5738). * e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738). * e1000: drop unneeded assignment in e1000_set_itr() (jsc#PED-5738). * e1000: switch to napi_consume_skb() (jsc#PED-5738). * intel/e1000:fix repeated words in comments (jsc#PED-5738). * intel: remove checker warning (jsc#PED-5738). * kabi/severities: Ignore newly added SRSO mitigation functions * md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916). * md/raid0: Fix performance regression for large sequential writes (bsc#1213916). * net: e1000: remove repeated word "slot" for e1000_main.c (jsc#PED-5738). * net: e1000: remove repeated words for e1000_hw.c (jsc#PED-5738). * powerpc/rtas: block error injection when locked down (bsc#1023051). * powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). * powerpc/rtas: move syscall filter setup into separate function (bsc#1023051). * powerpc/rtas: remove ibm_suspend_me_token (bsc#1023051). * powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503). * pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). * timers: Add shutdown mechanism to the internal functions (bsc#1213970). * timers: Provide timer_shutdown_sync (bsc#1213970). * timers: Rename del_timer() to timer_delete() (bsc#1213970). * timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970). * timers: Replace BUG_ON()s (bsc#1213970). * timers: Silently ignore timers with a NULL function (bsc#1213970). * timers: Split [try_to_]del_timer_sync to prepare for shutdown mode (bsc#1213970). * timers: Update kernel-doc for various functions (bsc#1213970). * timers: Use del_timer_sync() even on UP (bsc#1213970). * x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). * x86/cpu: Cleanup the untrain mess (git-fixes). * x86/cpu: Rename original retbleed methods (git-fixes). * x86/cpu: Rename srso_(.*) _alias to srso_alias_ \1 (git-fixes). * x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). * x86/speculation: Add cpu_show_gds() prototype (git-fixes). * x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). * x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). * x86/srso: Disable the mitigation on unaffected configurations (git-fixes). * x86/srso: Explain the untraining sequences a bit more (git-fixes). * x86: Move gds_ucode_mitigated() declaration to header (git-fixes). * xfs: fix sb write verify for lazysbcount (bsc#1214275). * xfs: gut error handling in xfs_trans_unreserve_and_mod_sb() (bsc#1214275). * xfs: update superblock counters correctly for !lazysbcount (bsc#1214275). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3684=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-3684=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-3684=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3684=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3684=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3684=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3684=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3684=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3684=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3684=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3684=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3684=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3684=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3684=1 ## Package List: * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.3.18-150300.59.133.1 * openSUSE Leap 15.4 (aarch64) * dtb-zte-5.3.18-150300.59.133.1 * dtb-al-5.3.18-150300.59.133.1 * SUSE Linux Enterprise Live Patching 15-SP3 (nosrc) * kernel-default-5.3.18-150300.59.133.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-default-livepatch-5.3.18-150300.59.133.1 * kernel-default-debuginfo-5.3.18-150300.59.133.1 * kernel-default-debugsource-5.3.18-150300.59.133.1 * kernel-livepatch-5_3_18-150300_59_133-default-1-150300.7.3.1 * kernel-default-livepatch-devel-5.3.18-150300.59.133.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * gfs2-kmp-default-5.3.18-150300.59.133.1 * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.133.1 * dlm-kmp-default-debuginfo-5.3.18-150300.59.133.1 * cluster-md-kmp-default-5.3.18-150300.59.133.1 * ocfs2-kmp-default-5.3.18-150300.59.133.1 * kernel-default-debuginfo-5.3.18-150300.59.133.1 * kernel-default-debugsource-5.3.18-150300.59.133.1 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.133.1 * gfs2-kmp-default-debuginfo-5.3.18-150300.59.133.1 * dlm-kmp-default-5.3.18-150300.59.133.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc) * kernel-default-5.3.18-150300.59.133.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.133.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.133.1 * kernel-64kb-debuginfo-5.3.18-150300.59.133.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.133.1 * kernel-64kb-devel-5.3.18-150300.59.133.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150300.59.133.1 * kernel-preempt-5.3.18-150300.59.133.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * kernel-obs-build-debugsource-5.3.18-150300.59.133.1 * kernel-preempt-debugsource-5.3.18-150300.59.133.1 * kernel-preempt-debuginfo-5.3.18-150300.59.133.1 * kernel-default-base-5.3.18-150300.59.133.1.150300.18.78.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.133.1 * kernel-default-devel-5.3.18-150300.59.133.1 * kernel-obs-build-5.3.18-150300.59.133.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.133.1 * kernel-default-debugsource-5.3.18-150300.59.133.1 * kernel-default-debuginfo-5.3.18-150300.59.133.1 * kernel-preempt-devel-5.3.18-150300.59.133.1 * kernel-syms-5.3.18-150300.59.133.1 * reiserfs-kmp-default-5.3.18-150300.59.133.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.133.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * kernel-source-5.3.18-150300.59.133.1 * kernel-devel-5.3.18-150300.59.133.1 * kernel-macros-5.3.18-150300.59.133.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.133.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.133.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.133.1 * kernel-64kb-debuginfo-5.3.18-150300.59.133.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.133.1 * kernel-64kb-devel-5.3.18-150300.59.133.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150300.59.133.1 * kernel-preempt-5.3.18-150300.59.133.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * kernel-obs-build-debugsource-5.3.18-150300.59.133.1 * kernel-preempt-debugsource-5.3.18-150300.59.133.1 * kernel-preempt-debuginfo-5.3.18-150300.59.133.1 * kernel-default-base-5.3.18-150300.59.133.1.150300.18.78.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.133.1 * kernel-default-devel-5.3.18-150300.59.133.1 * kernel-obs-build-5.3.18-150300.59.133.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.133.1 * kernel-default-debugsource-5.3.18-150300.59.133.1 * kernel-default-debuginfo-5.3.18-150300.59.133.1 * kernel-preempt-devel-5.3.18-150300.59.133.1 * kernel-syms-5.3.18-150300.59.133.1 * reiserfs-kmp-default-5.3.18-150300.59.133.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.133.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * kernel-source-5.3.18-150300.59.133.1 * kernel-devel-5.3.18-150300.59.133.1 * kernel-macros-5.3.18-150300.59.133.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.133.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.133.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.133.1 * kernel-64kb-debuginfo-5.3.18-150300.59.133.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.133.1 * kernel-64kb-devel-5.3.18-150300.59.133.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.133.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-5.3.18-150300.59.133.1 * kernel-default-base-5.3.18-150300.59.133.1.150300.18.78.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.133.1 * kernel-default-devel-5.3.18-150300.59.133.1 * kernel-obs-build-5.3.18-150300.59.133.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.133.1 * kernel-default-debugsource-5.3.18-150300.59.133.1 * kernel-default-debuginfo-5.3.18-150300.59.133.1 * kernel-syms-5.3.18-150300.59.133.1 * reiserfs-kmp-default-5.3.18-150300.59.133.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * kernel-source-5.3.18-150300.59.133.1 * kernel-devel-5.3.18-150300.59.133.1 * kernel-macros-5.3.18-150300.59.133.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.133.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.133.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * kernel-preempt-devel-5.3.18-150300.59.133.1 * kernel-preempt-debugsource-5.3.18-150300.59.133.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.133.1 * kernel-preempt-debuginfo-5.3.18-150300.59.133.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.133.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * kernel-zfcpdump-debugsource-5.3.18-150300.59.133.1 * kernel-zfcpdump-debuginfo-5.3.18-150300.59.133.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150300.59.133.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * kernel-obs-build-debugsource-5.3.18-150300.59.133.1 * kernel-default-base-5.3.18-150300.59.133.1.150300.18.78.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.133.1 * kernel-default-devel-5.3.18-150300.59.133.1 * kernel-obs-build-5.3.18-150300.59.133.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.133.1 * kernel-default-debugsource-5.3.18-150300.59.133.1 * kernel-default-debuginfo-5.3.18-150300.59.133.1 * kernel-syms-5.3.18-150300.59.133.1 * reiserfs-kmp-default-5.3.18-150300.59.133.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * kernel-source-5.3.18-150300.59.133.1 * kernel-devel-5.3.18-150300.59.133.1 * kernel-macros-5.3.18-150300.59.133.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.133.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.133.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * kernel-preempt-devel-5.3.18-150300.59.133.1 * kernel-preempt-debugsource-5.3.18-150300.59.133.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.133.1 * kernel-preempt-debuginfo-5.3.18-150300.59.133.1 * SUSE Manager Proxy 4.2 (nosrc x86_64) * kernel-default-5.3.18-150300.59.133.1 * kernel-preempt-5.3.18-150300.59.133.1 * SUSE Manager Proxy 4.2 (x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.133.1 * kernel-preempt-debuginfo-5.3.18-150300.59.133.1 * kernel-default-base-5.3.18-150300.59.133.1.150300.18.78.1 * kernel-default-devel-5.3.18-150300.59.133.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.133.1 * kernel-default-debugsource-5.3.18-150300.59.133.1 * kernel-default-debuginfo-5.3.18-150300.59.133.1 * SUSE Manager Proxy 4.2 (noarch) * kernel-devel-5.3.18-150300.59.133.1 * kernel-macros-5.3.18-150300.59.133.1 * SUSE Manager Retail Branch Server 4.2 (nosrc x86_64) * kernel-default-5.3.18-150300.59.133.1 * kernel-preempt-5.3.18-150300.59.133.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.133.1 * kernel-preempt-debuginfo-5.3.18-150300.59.133.1 * kernel-default-base-5.3.18-150300.59.133.1.150300.18.78.1 * kernel-default-devel-5.3.18-150300.59.133.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.133.1 * kernel-default-debugsource-5.3.18-150300.59.133.1 * kernel-default-debuginfo-5.3.18-150300.59.133.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * kernel-devel-5.3.18-150300.59.133.1 * kernel-macros-5.3.18-150300.59.133.1 * SUSE Manager Server 4.2 (nosrc ppc64le s390x x86_64) * kernel-default-5.3.18-150300.59.133.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * kernel-default-base-5.3.18-150300.59.133.1.150300.18.78.1 * kernel-default-devel-5.3.18-150300.59.133.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.133.1 * kernel-default-debugsource-5.3.18-150300.59.133.1 * kernel-default-debuginfo-5.3.18-150300.59.133.1 * SUSE Manager Server 4.2 (noarch) * kernel-devel-5.3.18-150300.59.133.1 * kernel-macros-5.3.18-150300.59.133.1 * SUSE Manager Server 4.2 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.133.1 * SUSE Manager Server 4.2 (s390x) * kernel-zfcpdump-debugsource-5.3.18-150300.59.133.1 * kernel-zfcpdump-debuginfo-5.3.18-150300.59.133.1 * SUSE Manager Server 4.2 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.133.1 * SUSE Manager Server 4.2 (x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.133.1 * kernel-preempt-debuginfo-5.3.18-150300.59.133.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.133.1 * SUSE Enterprise Storage 7.1 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.133.1 * kernel-64kb-debuginfo-5.3.18-150300.59.133.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.133.1 * kernel-64kb-devel-5.3.18-150300.59.133.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150300.59.133.1 * kernel-preempt-5.3.18-150300.59.133.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * kernel-obs-build-debugsource-5.3.18-150300.59.133.1 * kernel-preempt-debugsource-5.3.18-150300.59.133.1 * kernel-preempt-debuginfo-5.3.18-150300.59.133.1 * kernel-default-base-5.3.18-150300.59.133.1.150300.18.78.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.133.1 * kernel-default-devel-5.3.18-150300.59.133.1 * kernel-obs-build-5.3.18-150300.59.133.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.133.1 * kernel-default-debugsource-5.3.18-150300.59.133.1 * kernel-default-debuginfo-5.3.18-150300.59.133.1 * kernel-preempt-devel-5.3.18-150300.59.133.1 * kernel-syms-5.3.18-150300.59.133.1 * reiserfs-kmp-default-5.3.18-150300.59.133.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.133.1 * SUSE Enterprise Storage 7.1 (noarch) * kernel-source-5.3.18-150300.59.133.1 * kernel-devel-5.3.18-150300.59.133.1 * kernel-macros-5.3.18-150300.59.133.1 * SUSE Enterprise Storage 7.1 (noarch nosrc) * kernel-docs-5.3.18-150300.59.133.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.133.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * kernel-default-base-5.3.18-150300.59.133.1.150300.18.78.1 * kernel-default-debugsource-5.3.18-150300.59.133.1 * kernel-default-debuginfo-5.3.18-150300.59.133.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.133.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.133.1.150300.18.78.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.133.1 * kernel-default-debugsource-5.3.18-150300.59.133.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.133.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.133.1.150300.18.78.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.133.1 * kernel-default-debugsource-5.3.18-150300.59.133.1 ## References: * https://www.suse.com/security/cve/CVE-2022-36402.html * https://www.suse.com/security/cve/CVE-2023-2007.html * https://www.suse.com/security/cve/CVE-2023-20588.html * https://www.suse.com/security/cve/CVE-2023-21400.html * https://www.suse.com/security/cve/CVE-2023-34319.html * https://www.suse.com/security/cve/CVE-2023-3772.html * https://www.suse.com/security/cve/CVE-2023-3863.html * https://www.suse.com/security/cve/CVE-2023-4128.html * https://www.suse.com/security/cve/CVE-2023-4132.html * https://www.suse.com/security/cve/CVE-2023-4133.html * https://www.suse.com/security/cve/CVE-2023-4134.html * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4194.html * https://www.suse.com/security/cve/CVE-2023-4273.html * https://www.suse.com/security/cve/CVE-2023-4385.html * https://www.suse.com/security/cve/CVE-2023-4387.html * https://www.suse.com/security/cve/CVE-2023-4459.html * https://bugzilla.suse.com/show_bug.cgi?id=1023051 * https://bugzilla.suse.com/show_bug.cgi?id=1203517 * https://bugzilla.suse.com/show_bug.cgi?id=1210448 * https://bugzilla.suse.com/show_bug.cgi?id=1213272 * https://bugzilla.suse.com/show_bug.cgi?id=1213546 * https://bugzilla.suse.com/show_bug.cgi?id=1213601 * https://bugzilla.suse.com/show_bug.cgi?id=1213666 * https://bugzilla.suse.com/show_bug.cgi?id=1213916 * https://bugzilla.suse.com/show_bug.cgi?id=1213927 * https://bugzilla.suse.com/show_bug.cgi?id=1213968 * https://bugzilla.suse.com/show_bug.cgi?id=1213969 * https://bugzilla.suse.com/show_bug.cgi?id=1213970 * https://bugzilla.suse.com/show_bug.cgi?id=1213971 * https://bugzilla.suse.com/show_bug.cgi?id=1214019 * https://bugzilla.suse.com/show_bug.cgi?id=1214120 * https://bugzilla.suse.com/show_bug.cgi?id=1214149 * https://bugzilla.suse.com/show_bug.cgi?id=1214275 * https://bugzilla.suse.com/show_bug.cgi?id=1214297 * https://bugzilla.suse.com/show_bug.cgi?id=1214348 * https://bugzilla.suse.com/show_bug.cgi?id=1214350 * https://bugzilla.suse.com/show_bug.cgi?id=1214451 * https://jira.suse.com/browse/PED-4579 * https://jira.suse.com/browse/PED-5738 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 19 16:30:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 16:30:45 -0000 Subject: SUSE-SU-2023:3683-1: important: Security update for the Linux Kernel Message-ID: <169514104556.13167.3716851667514283696@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3683-1 Rating: important References: * #1023051 * #1120059 * #1177719 * #1188885 * #1193629 * #1194869 * #1205462 * #1208902 * #1208949 * #1209284 * #1209799 * #1210048 * #1210448 * #1212091 * #1212142 * #1212526 * #1212857 * #1212873 * #1213026 * #1213123 * #1213546 * #1213580 * #1213601 * #1213666 * #1213757 * #1213759 * #1213916 * #1213921 * #1213927 * #1213946 * #1213968 * #1213970 * #1213971 * #1214000 * #1214019 * #1214120 * #1214149 * #1214180 * #1214238 * #1214285 * #1214297 * #1214299 * #1214350 * #1214368 * #1214370 * #1214371 * #1214372 * #1214380 * #1214386 * #1214392 * #1214393 * #1214397 * #1214428 * #1214451 * #1214659 * #1214661 * #1214729 * #1214742 * #1214743 * #1214756 * PED-4579 * PED-4759 * PED-4927 * PED-4929 * PED-5738 * PED-6003 * PED-6004 Cross-References: * CVE-2023-2007 * CVE-2023-20588 * CVE-2023-34319 * CVE-2023-3610 * CVE-2023-37453 * CVE-2023-3772 * CVE-2023-3863 * CVE-2023-4128 * CVE-2023-4133 * CVE-2023-4134 * CVE-2023-4147 * CVE-2023-4194 * CVE-2023-4273 * CVE-2023-4387 * CVE-2023-4459 * CVE-2023-4569 CVSS scores: * CVE-2023-2007 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2007 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34319 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-37453 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37453 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4133 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4134 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-4194 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4273 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4273 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-4387 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4387 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-4459 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4569 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-4569 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * Legacy Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 16 vulnerabilities, contains seven features and has 44 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). * CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). * CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). * CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). * CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). * CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). * CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). * CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). * CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). * CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). * CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). * CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). * CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). * CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). * CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). The following non-security bugs were fixed: * acpi: processor: perflib: avoid updating frequency qos unnecessarily (git- fixes). * acpi: processor: perflib: use the "no limit" frequency qos (git-fixes). * acpi: x86: s2idle: fix a logic error parsing amd constraints table (git- fixes). * alsa: ac97: fix possible error value of *rac97 (git-fixes). * alsa: hda/cs8409: support new dell dolphin variants (git-fixes). * alsa: hda/realtek - remodified 3k pull low procedure (git-fixes). * alsa: hda/realtek: add quirk for hp victus 16-d1xxx to enable mute led (git- fixes). * alsa: hda/realtek: add quirk for mute leds on hp envy x360 15-eu0xxx (git- fixes). * alsa: hda/realtek: add quirks for hp g11 laptops (git-fixes). * alsa: hda/realtek: switch dell oasis models to use spi (git-fixes). * alsa: pcm: fix missing fixup call in compat hw_refine ioctl (git-fixes). * alsa: usb-audio: add support for mythware xa001au capture and playback interfaces (git-fixes). * alsa: usb-audio: fix init call orders for uac1 (git-fixes). * alsa: ymfpci: fix the missing snd_card_free() call at probe error (git- fixes). * amba: bus: fix refcount leak (git-fixes). * arm64: dts: imx8mn-var-som: add missing pull-up for onboard phy reset pinmux (git-fixes). * arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). * arm64: dts: rockchip: disable hs400 for emmc on rock pi 4 (git-fixes). * arm: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix usb related warnings (git-fixes). * arm: dts: imx6sll: fixup of operating points (git-fixes). * arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970). * asoc: lower "no backend dais enabled for ... port" log severity (git-fixes). * asoc: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). * asoc: rt5665: add missed regulator_bulk_disable (git-fixes). * asoc: sof: intel: fix soundwire/hdaudio mutual exclusion (git-fixes). * asoc: stac9766: fix build errors with regmap_ac97 (git-fixes). * asoc: tegra: fix sfc conversion for few rates (git-fixes). * audit: fix possible soft lockup in __audit_inode_child() (git-fixes). * backlight/bd6107: compare against struct fb_info.device (git-fixes). * backlight/gpio_backlight: compare against struct fb_info.device (git-fixes). * backlight/lv5207lp: compare against struct fb_info.device (git-fixes). * batman-adv: do not get eth header before batadv_check_management_packet (git-fixes). * batman-adv: do not increase mtu when set by user (git-fixes). * batman-adv: fix batadv_v_ogm_aggr_send memory leak (git-fixes). * batman-adv: fix tt global entry leak when client roamed back (git-fixes). * batman-adv: trigger events for auto adjusted mtu (git-fixes). * bluetooth: btusb: add mt7922 bluetooth id for the asus ally (git-fixes). * bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git- fixes). * bluetooth: fix potential use-after-free when clear keys (git-fixes). * bluetooth: l2cap: fix use-after-free (git-fixes). * bluetooth: l2cap: fix use-after-free in l2cap_sock_ready_cb (git-fixes). * bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git- fixes). * bluetooth: remove unused declaration amp_read_loc_info() (git-fixes). * bnx2x: fix page fault following eeh recovery (bsc#1214299). * bpf: disable preemption in bpf_event_output (git-fixes). * bus: ti-sysc: fix build warning for 64-bit build (git-fixes). * bus: ti-sysc: fix cast to enum warning (git-fixes). * bus: ti-sysc: flush posted write on enable before reset (git-fixes). * can: gs_usb: gs_usb_receive_bulk_callback(): count rx overflow errors also in case of oom (git-fixes). * ceph: defer stopping mdsc delayed_work (bsc#1214392). * ceph: do not check for quotas on mds stray dirs (bsc#1214238). * ceph: never send metrics if disable_send_metrics is set (bsc#1214180). * check-for-config-changes: ignore builtin_return_address_strips_pac (bsc#1214380). gcc7 on sle 15 does not support this while later gcc does. * cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). * cifs: allow dumping keys for directories too (bsc#1193629). * cifs: fix mid leak during reconnection after timeout threshold (git-fixes). * cifs: if deferred close is disabled then close files immediately (git- fixes). * cifs: is_network_name_deleted should return a bool (bsc#1193629). * cifs: update internal module version number for cifs.ko (bsc#1193629). * clk: fix slab-out-of-bounds error in devm_clk_release() (git-fixes). * clk: fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). * clk: imx8mp: fix sai4 clock (git-fixes). * clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). * clk: imx: pll14xx: dynamically configure pll for 393216000/361267200hz (git- fixes). * clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). * clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). * clk: qcom: gcc-sc7180: fix up gcc_sdcc2_apps_clk_src (git-fixes). * clk: qcom: gcc-sm8250: fix gcc_sdcc2_apps_clk_src (git-fixes). * clk: sunxi-ng: modify mismatched function name (git-fixes). * clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970). * clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970). * config_nvme_verbose_errors=y gone with a82baa8083b * config_printk_safe_log_buf_shift=13 gone with 7e152d55123 * cpu/smt: allow enabling partial smt states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: move smt prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpufreq: fix the race condition while updating the transition_task of policy (git-fixes). * cpufreq: intel_pstate: adjust balance_performance epp for sapphire rapids (bsc#1214659). * cpufreq: intel_pstate: enable hwp io boost for all servers (bsc#1208949 jsc#ped-6003 jsc#ped-6004). * cpufreq: intel_pstate: fix scaling for hybrid-capable systems with disabled e-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * cpufreq: intel_pstate: hybrid: rework hwp calibration (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * cpufreq: intel_pstate: hybrid: use known scaling factor for p-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * cpufreq: intel_pstate: read all msrs on the target cpu (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * created new preempt kernel flavor configs are cloned from the respective $arch/default configs. all changed configs appart from config_preempt->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. tree_rcu has been also changed to preempt_rcu which is the default implementation for preempt kernel. * crypto: caam - fix unchecked return value error (git-fixes). * crypto: stm32 - properly handle pm_runtime_get failing (git-fixes). * dma-buf/sw_sync: avoid recursive lock during fence signal (git-fixes). * dma-buf/sync_file: fix docs syntax (git-fixes). * dmaengine: idxd: modify the dependence of attribute pasid_enabled (git- fixes). * dmaengine: mcf-edma: fix a potential un-allocated memory access (git-fixes). * dmaengine: pl330: return dma_paused when transaction is paused (git-fixes). * dmaengine: ste_dma40: add missing irq check in d40_probe (git-fixes). * docs/process/howto: replace c89 with c11 (bsc#1214756). * docs: kernel-parameters: refer to the correct bitmap function (git-fixes). * docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). * docs: printk-formats: fix hex printing of signed values (git-fixes). * documentation: devices.txt: fix minors for ttycpm* (git-fixes). * documentation: devices.txt: remove ttyioc* (git-fixes). * documentation: devices.txt: remove ttysioc* (git-fixes). * driver core: test_async: fix an error code (git-fixes). * drivers: clk: keystone: fix parameter judgment in _of_pll_clk_init() (git- fixes). * drivers: usb: smsusb: fix error handling code in smsusb_init_device (git- fixes). * drm/amd/display: check attr flag before set cursor degamma on dcn3+ (git- fixes). * drm/amd/display: check tg is non-null before checking if enabled (git- fixes). * drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). * drm/amd/display: fix access hdcp_workqueue assert (git-fixes). * drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). * drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). * drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). * drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). * drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). * drm/amdgpu: fix potential fence use-after-free v2 (git-fixes). * drm/amdgpu: install stub fence into potential unused fence pointers (git- fixes). * drm/amdgpu: use rmw accessors for changing lnkctl (git-fixes). * drm/armada: fix off-by-one error in armada_overlay_get_property() (git- fixes). * drm/ast: fix dram init on ast2200 (git-fixes). * drm/bridge: anx7625: drop device lock before drm_helper_hpd_irq_event() (git-fixes). * drm/bridge: fix -wunused-const-variable= warning (git-fixes). * drm/bridge: tc358764: fix debug print parameter order (git-fixes). * drm/etnaviv: fix dumping of active mmu context (git-fixes). * drm/mediatek: fix dereference before null check (git-fixes). * drm/mediatek: fix potential memory leak if vmap() fail (git-fixes). * drm/msm/a2xx: call adreno_gpu_init() earlier (git-fixes). * drm/msm/mdp5: do not leak some plane state (git-fixes). * drm/nouveau/disp: revert a null check inside nouveau_connector_get_modes (git-fixes). * drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). * drm/panel: simple: add missing connector type and pixel format for auo t215hvn01 (git-fixes). * drm/panel: simple: fix auo g121ean01 panel timings according to the docs (git-fixes). * drm/qxl: fix uaf on handle creation (git-fixes). * drm/radeon: use rmw accessors for changing lnkctl (git-fixes). * drm/rockchip: do not spam logs in atomic check (git-fixes). * drm/shmem-helper: reset vma->vm_ops before calling dma_buf_mmap() (git- fixes). * drm/tegra: dpaux: fix incorrect return value of platform_get_irq (git- fixes). * drm/ttm: check null pointer before accessing when swapping (git-fixes). * drm/ttm: never consider pinned bos for eviction&swap (git-fixes). * drm/vmwgfx: fix shader stage validation (git-fixes). * drm: xlnx: zynqmp_dpsub: add missing check for dma_set_mask (git-fixes). * drop cfg80211 lock fix patches that caused a regression (bsc#1213757) * drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) * dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). * dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). * dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). * e1000: fix typos in comments (jsc#ped-5738). * e1000: remove unnecessary use of kmap_atomic() (jsc#ped-5738). * e1000: switch to napi_build_skb() (jsc#ped-5738). * e1000: switch to napi_consume_skb() (jsc#ped-5738). * enable analog devices industrial ethernet phy driver (jsc#ped-4759) * exfat: fix unexpected eof while reading dir (bsc#1214000). * exfat: release s_lock before calling dir_emit() (bsc#1214000). * exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). * fbdev/ep93xx-fb: do not assign to struct fb_info.dev (git-fixes). * fbdev: fix potential oob read in fast_imageblit() (git-fixes). * fbdev: fix sys_imageblit() for arbitrary image widths (git-fixes). * fbdev: improve performance of sys_imageblit() (git-fixes). * fbdev: mmp: fix value check in mmphw_probe() (git-fixes). * file: reinstate f_pos locking optimization for regular files (bsc#1213759). * firmware: arm_scmi: drop of node reference in the transport channel setup (git-fixes). * firmware: cs_dsp: fix new control name check (git-fixes). * firmware: meson_sm: fix to avoid potential null pointer dereference (git- fixes). * firmware: stratix10-svc: fix an null vs is_err() bug in probe (git-fixes). * fs/sysv: null check to prevent null-ptr-deref bug (git-fixes). * ftrace: fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). * gpio: mvebu: fix irq domain leak (git-fixes). * gpio: mvebu: make use of devm_pwmchip_add (git-fixes). * gpio: tps68470: make tps68470_gpio_output() always set the initial value (git-fixes). * hid: add quirk for 03f0:464a hp elite presenter mouse (git-fixes). * hid: logitech-dj: fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). * hid: logitech-hidpp: add usb and bluetooth ids for the logitech g915 tkl keyboard (git-fixes). * hid: multitouch: correct devm device reference for hidinput input_dev name (git-fixes). * hid: wacom: remove the battery when the ekr is off (git-fixes). * hwmon: (pmbus/bel-pfe) enable pmbus_skip_status_check for pfe1100 (git- fixes). * hwmon: (tmp513) fix the channel number in tmp51x_is_visible() (git-fixes). * hwpoison: offline support: fix spelling in documentation/abi/ (git-fixes). * hwrng: iproc-rng200 - implement suspend and resume calls (git-fixes). * hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). * hwrng: pic32 - use devm_clk_get_enabled (git-fixes). * i2c: bcm-iproc: fix bcm_iproc_i2c_isr deadlock issue (git-fixes). * i2c: designware: correct length byte validation logic (git-fixes). * i2c: designware: handle invalid smbus block data response length value (git- fixes). * i2c: hisi: only handle the interrupt of the driver's transfer (git-fixes). * i2c: improve size determinations (git-fixes). * i2c: nomadik: remove a useless call in the remove function (git-fixes). * i2c: nomadik: remove unnecessary goto label (git-fixes). * i2c: nomadik: use devm_clk_get_enabled() (git-fixes). * i40e: fix an null vs is_err() bug for debugfs_create_dir() (git-fixes). * iavf: fix potential races for fdir filters (git-fixes). * ib/hfi1: fix possible panic during hotplug remove (git-fixes) * ib/uverbs: fix an potential error pointer dereference (git-fixes) * ice: fix max_rate check while configuring tx rate limits (git-fixes). * ice: fix memory management in ice_ethtool_fdir.c (git-fixes). * ice: fix rdma vsi removal during queue rebuild (git-fixes). * iio: adc: ina2xx: avoid null pointer dereference on of device match (git- fixes). * iio: adc: stx104: implement and utilize register structures (git-fixes). * iio: adc: stx104: utilize iomap interface (git-fixes). * iio: cros_ec: fix the allocation size for cros_ec_command (git-fixes). * input: exc3000 - properly stop timer on shutdown (git-fixes). * intel/e1000:fix repeated words in comments (jsc#ped-5738). * intel: remove unused macros (jsc#ped-5738). * iommu/amd: add pci segment support for ivrs_ commands (git-fixes). * iommu/amd: fix compile warning in init code (git-fixes). * iommu/amd: fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). * iommu/amd: fix ivrs_acpihid cmdline parsing code (git-fixes). * iommu/amd: fix pci device refcount leak in ppr_notifier() (git-fixes). * iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). * iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). * iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). * iommu/arm-smmu-v3: make default domain type of hisilicon ptt device to identity (git-fixes). * iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git- fixes). * iommu/dart: initialize dart_streams_enable (git-fixes). * iommu/dma: fix incorrect error return on iommu deferred attach (git-fixes). * iommu/dma: fix iova map result check bug (git-fixes). * iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). * iommu/fsl_pamu: fix resource leak in fsl_pamu_probe() (git-fixes). * iommu/io-pgtable-arm-v7s: add a quirk to allow pgtable pa up to 35bit (git- fixes). * iommu/iova: fix module config properly (git-fixes). * iommu/omap: fix buffer overflow in debugfs (git-fixes). * iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). * iommu/sun50i: consider all fault sources for reset (git-fixes). * iommu/sun50i: fix flush size (git-fixes). * iommu/sun50i: fix r/w permission check (git-fixes). * iommu/sun50i: fix reset release (git-fixes). * iommu/sun50i: implement .iotlb_sync_map (git-fixes). * iommu/sun50i: remove iommu_domain_identity (git-fixes). * iommu/vt-d: add rpls to quirk list to skip te disabling (git-fixes). * iommu/vt-d: check correct capability for sagaw determination (git-fixes). * iommu/vt-d: clean up si_domain in the init_dmars() error path (git-fixes). * iommu/vt-d: correctly calculate sagaw value of iommu (git-fixes). * iommu/vt-d: fix kdump kernels boot failure with scalable mode (git-fixes). * iommu/vt-d: fix pci device refcount leak in dmar_dev_scope_init() (git- fixes). * iommu/vt-d: fix pci device refcount leak in has_external_pci() (git-fixes). * iommu/vt-d: preset access bit for iova in fl non-leaf paging entries (git- fixes). * iommu/vt-d: set sre bit only when hardware has srs cap (git-fixes). * ipmi:ssif: add check for kstrdup (git-fixes). * ipmi:ssif: fix a memory leak when scanning for an adapter (git-fixes). * ipmi_si: fix a memleak in try_smi_init() (git-fixes). * jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). * kabi/severities: ignore newly added srso mitigation functions * kabi: allow extra bugsints (bsc#1213927). * kbuild: add -wno-shift-negative-value where -wextra is used (bsc#1214756). * kbuild: move to -std=gnu11 (bsc#1214756). * kernel-binary: common dependencies cleanup common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. * kernel-binary: drop code for kerntypes support kerntypes was a suse-specific feature dropped before sle 12. * kunit: make kunit_test_timeout compatible with comment (git-fixes). * kvm: s390: fix sthyi error handling (git-fixes bsc#1214370). * leds: fix bug_on check for led_color_id_multi that is always false (git- fixes). * leds: multicolor: use rounded division when calculating color components (git-fixes). * leds: pwm: fix error code in led_pwm_create_fwnode() (git-fixes). * leds: trigger: tty: do not use led_on/off constants, use led_blink_set_oneshot instead (git-fixes). * leds: turris-omnia: drop unnecessary mutex locking (git-fixes). * lib/test_meminit: allocate pages up to order max_order (git-fixes). * lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). * libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). * md/raid0: factor out helper for mapping and submitting a bio (bsc#1213916). * md/raid0: fix performance regression for large sequential writes (bsc#1213916). * media: ad5820: drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). * media: cx24120: add retval check for cx24120_message_send() (git-fixes). * media: dib7000p: fix potential division by zero (git-fixes). * media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git- fixes). * media: go7007: remove redundant if statement (git-fixes). * media: i2c: ccs: check rules is non-null (git-fixes). * media: i2c: rdacm21: fix uninitialized value (git-fixes). * media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). * media: ov2680: add ov2680_fill_format() helper function (git-fixes). * media: ov2680: do not take the lock for try_fmt calls (git-fixes). * media: ov2680: fix ov2680_bayer_order() (git-fixes). * media: ov2680: fix ov2680_set_fmt() which == v4l2_subdev_format_try not working (git-fixes). * media: ov2680: fix regulators being left enabled on ov2680_power_on() errors (git-fixes). * media: ov2680: fix vflip / hflip set functions (git-fixes). * media: ov2680: remove video_v4l2_subdev_api ifdef-s (git-fixes). * media: ov5640: enable mipi interface in ov5640_set_power_mipi() (git-fixes). * media: rkvdec: increase max supported height for h.264 (git-fixes). * media: v4l2-core: fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). * media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). * media: venus: hfi_venus: only consider sys_idle_indicator on v1 (git-fixes). * media: venus: hfi_venus: write to vidc_ctrl_init after unmasking interrupts (git-fixes). * misc: rtsx: judge aspm mode to set petxcfg reg (git-fixes). * mkspec: allow unsupported kmps (bsc#1214386) * mlxsw: pci: add shutdown method in pci driver (git-fixes). * mmc: block: fix in_flight[issue_type] value error (git-fixes). * mmc: moxart: read scr register without changing byte order (git-fixes). * mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). * module: avoid allocation if module is already present and ready (bsc#1213921). * module: extract patient module check into helper (bsc#1213921). * module: move check_modinfo() early to early_mod_check() (bsc#1213921). * module: move early sanity checks into a helper (bsc#1213921). * move upstreamed hid patch into sorted section * move upstreamed powerpc patches into sorted section * mtd: rawnand: brcmnand: fix crash during the panic_write (git-fixes). * mtd: rawnand: brcmnand: fix mtd oobsize (git-fixes). * mtd: rawnand: brcmnand: fix potential false time out warning (git-fixes). * mtd: rawnand: brcmnand: fix potential out-of-bounds access in oob write (git-fixes). * mtd: rawnand: fsl_upm: fix an off-by one test in fun_exec_op() (git-fixes). * mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git- fixes). * mtd: rawnand: omap_elm: fix incorrect type in assignment (git-fixes). * mtd: rawnand: rockchip: align hwecc vs. raw page helper layouts (git-fixes). * mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). * mtd: spi-nor: check bus width while setting qe bit (git-fixes). * mtd: spinand: toshiba: fix ecc_get_status (git-fixes). * n_tty: rename tail to old_tail in n_tty_read() (git-fixes). * net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). * net: ieee802154: at86rf230: stop leaking skb's (git-fixes). * net: mana: fix mana vf unload when hardware is unresponsive (git-fixes). * net: phy: at803x: remove set/get wol callbacks for ar8032 (git-fixes). * net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). * net: phy: fix irq-based wake-on-lan over hibernate / power off (git-fixes). * net: usb: lan78xx: reorder cleanup operations to avoid uaf bugs (git-fixes). * net: usbnet: fix warning in usbnet_start_xmit/usb_submit_urb (git-fixes). * netfs: fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). * netfs: fix missing xas_retry() calls in xarray iteration (bsc#1213946). * netfs: fix parameter of cleanup() (bsc#1214743). * nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes). * nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git- fixes). * nilfs2: fix warning in mark_buffer_dirty due to discarded buffer reuse (git- fixes). * nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). * nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). * objtool/x86: fix srso mess (git-fixes). * objtool/x86: fixup frame-pointer vs rethunk (git-fixes). * objtool: union instruction::{call_dest,jump_table} (git-fixes). * old-flavors: drop 2.6 kernels. 2.6 based kernels are eol, upgrading from them is no longer suported. * pci/aspm: avoid link retraining race (git-fixes). * pci/aspm: factor out pcie_wait_for_retrain() (git-fixes). * pci/aspm: return 0 or -etimedout from pcie_retrain_link() (git-fixes). * pci: acpiphp: reassign resources on bridge if necessary (git-fixes). * pci: acpiphp: use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). * pci: mark nvidia t4 gpus to avoid bus reset (git-fixes). * pci: meson: remove cast between incompatible function type (git-fixes). * pci: microchip: correct the ded and sec interrupt bit offsets (git-fixes). * pci: microchip: remove cast between incompatible function type (git-fixes). * pci: pciehp: use rmw accessors for changing lnkctl (git-fixes). * pci: rockchip: remove writes to unused registers (git-fixes). * pci: s390: fix use-after-free of pci resources with per-function hotplug (git-fixes). * pci: tegra194: fix possible array out of bounds access (git-fixes). * pcmcia: rsrc_nonstatic: fix memory leak in nonstatic_release_resource_db() (git-fixes). * phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git- fixes). * phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git- fixes). * phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). * phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). * phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). * phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). * phy: qcom-snps: use dev_err_probe() to simplify code (git-fixes). * pinctrl: cherryview: fix address_space_handler() argument (git-fixes). * pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). * pinctrl: renesas: rza2: add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). * platform/x86: dell-sysman: fix reference leak (git-fixes). * pm / devfreq: fix leak in devfreq_dev_release() (git-fixes). * powerpc/64e: fix kexec build error (bsc#1212091 ltc#199106). * powerpc/iommu: do not set failed sg dma_address to dma_mapping_error (bsc#1212091 ltc#199106). * powerpc/iommu: fix iommu_table_in_use for a small default dma window case (bsc#1212091 ltc#199106). * powerpc/iommu: incorrect ddw table is referenced for sr-iov device (bsc#1212091 ltc#199106). * powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). * powerpc/iommu: tces are incorrectly manipulated with dlpar add/remove of memory (bsc#1212091 ltc#199106). * powerpc/kernel/iommu: add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). * powerpc/kexec: fix build failure from uninitialised variable (bsc#1212091 ltc#199106). * powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes). * powerpc/pseries/ddw: do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). * powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: add of_node_put() before break (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: allow ddw windows starting at 0x00 (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: check if the default window in use before removing it (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: create huge dma window if no mmio32 is present (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: find existing ddw with given property name (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: make use of ddw for indirect mapping (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: rename "direct window" to "dma window" (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: replace hard-coded page shift (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: use correct vfree for it_map (bsc#1212091 ltc#199106). * powerpc/pseries: add __init attribute to eligible functions (bsc#1212091 ltc#199106). * powerpc/pseries: honour current smt state when dlpar onlining cpus (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc/pseries: initialise cpu hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc/rtas: block error injection when locked down (bsc#1023051). * powerpc/rtas: enture rtas_call is called with mmu enabled (bsc#1023051). * powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). * powerpc/security: fix speculation_store_bypass reporting on power10 (bsc#1188885 ltc#193722 git-fixes). * powerpc: add hotplug_smt support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). update config files. * powerpc: fix typos in comments (bsc#1212091 ltc#199106). * powerpc: move dma64_propname define to a header (bsc#1214297 ltc#197503). * pseries/iommu/ddw: fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). * pstore/ram: check start of empty przs during init (git-fixes). * pwm: add a stub for devm_pwmchip_add() (git-fixes). * pwm: meson: fix handling of period/duty if greater than uint_max (git- fixes). * pwm: meson: simplify duplicated per-channel tracking (git-fixes). * qed: fix scheduling in a tasklet while getting stats (git-fixes). * rdma/bnxt_re: fix error handling in probe failure path (git-fixes) * rdma/bnxt_re: fix max_qp count for virtual functions (git-fixes) * rdma/efa: fix wrong resources deallocation order (git-fixes) * rdma/hns: fix cq and qp cache affinity (git-fixes) * rdma/hns: fix incorrect post-send with direct wqe of wr-list (git-fixes) * rdma/hns: fix port active speed (git-fixes) * rdma/irdma: prevent zero-length stag registration (git-fixes) * rdma/irdma: replace one-element array with flexible-array member (git-fixes) * rdma/mlx5: return the firmware result upon destroying qp/rq (git-fixes) * rdma/qedr: remove a duplicate assignment in irdma_query_ah() (git-fixes) * rdma/siw: balance the reference of cep->kref in the error path (git-fixes) * rdma/siw: correct wrong debug message (git-fixes) * rdma/umem: set iova in odp flow (git-fixes) * readme.branch: add miroslav franc as a sle15-sp4 co-maintainer. * regmap: rbtree: use alloc_flags for memory allocations (git-fixes). * revert "ib/isert: fix incorrect release of isert connection" (git-fixes) * revert "tracing: add "(fault)" name injection to kernel probes" (git-fixes). * ring-buffer: do not swap cpu_buffer during resize process (git-fixes). * ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes). * ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes). * rpmsg: glink: add check for kstrdup (git-fixes). * s390/purgatory: disable branch profiling (git-fixes bsc#1214372). * sched/fair: fix inaccurate tally of ttwu_move_affine (git fixes). * sched/fair: use recent_used_cpu to test p->cpus_ptr (git fixes). * sched/psi: use kernfs polling functions for psi trigger polling (bsc#1209799). * scsi: bsg: increase number of devices (bsc#1210048). * scsi: core: do not wait for quiesce in scsi_device_block() (bsc#1209284). * scsi: core: do not wait for quiesce in scsi_stop_queue() (bsc#1209284). * scsi: core: improve warning message in scsi_device_block() (bsc#1209284). * scsi: core: merge scsi_internal_device_block() and device_block() (bsc#1209284). * scsi: rdma/srp: fix residual handling (git-fixes) * scsi: sg: increase number of devices (bsc#1210048). * scsi: storvsc: always set no_report_opcodes (git-fixes). * scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes). * scsi: storvsc: handle srb status value 0x30 (git-fixes). * scsi: storvsc: limit max_sectors for virtual fibre channel devices (git- fixes). * scsi: zfcp: defer fc_rport blocking until after adisc response (git-fixes bsc#1214371). * selftests/futex: order calls to futex_lock_pi (git-fixes). * selftests/harness: actually report skip for signal tests (git-fixes). * selftests/resctrl: close perf value read fd on errors (git-fixes). * selftests/resctrl: do not leak buffer in fill_cache() (git-fixes). * selftests/resctrl: unmount resctrl fs if child fails to run benchmark (git- fixes). * selftests/rseq: check if libc rseq support is registered (git-fixes). * selftests: forwarding: add a helper to skip test when using veth pairs (git- fixes). * selftests: forwarding: ethtool: skip when using veth pairs (git-fixes). * selftests: forwarding: ethtool_extended_state: skip when using veth pairs (git-fixes). * selftests: forwarding: skip test when no interfaces are specified (git- fixes). * selftests: forwarding: switch off timeout (git-fixes). * selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). * selftests: forwarding: tc_actions: use ncat instead of nc (git-fixes). * selftests: forwarding: tc_flower: relax success criterion (git-fixes). * selftests: mirror_gre_changes: tighten up the ttl test match (git-fixes). * serial: sc16is7xx: fix broken port 0 uart init (git-fixes). * serial: sc16is7xx: fix bug when first setting gpio direction (git-fixes). * serial: sprd: assign sprd_port after initialized to avoid wrong access (git- fixes). * serial: sprd: fix dma buffer leak issue (git-fixes). * serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). * sfc: fix crash when reading stats while nic is resetting (git-fixes). * smb3: do not send lease break acknowledgment if all file handles have been closed (git-fixes). * smb3: do not set ntlmssp_version flag for negotiate not auth request (bsc#1193629). * smb: client: fix -wstringop-overflow issues (bsc#1193629). * smb: client: fix dfs link mount against w2k8 (bsc#1212142). * smb: client: fix null auth (git-fixes). * soc: aspeed: socinfo: add kfree for kstrdup (git-fixes). * soundwire: bus: pm_runtime_request_resume on peripheral attachment (git- fixes). * soundwire: fix enumeration completion (git-fixes). * spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). * supported.conf: fix typos for -!optional markers * target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). * target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). * target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). * target_core_rbd: remove snapshot existence validation code (bsc#1212857). * thunderbolt: read retimer nvm authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). * timers: add shutdown mechanism to the internal functions (bsc#1213970). * timers: provide timer_shutdown_sync (bsc#1213970). * timers: rename del_timer() to timer_delete() (bsc#1213970). * timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970). * timers: replace bug_on()s (bsc#1213970). * timers: silently ignore timers with a null function (bsc#1213970). * timers: split [try_to_]del_timer_sync to prepare for shutdown mode (bsc#1213970). * timers: update kernel-doc for various functions (bsc#1213970). * timers: use del_timer_sync() even on up (bsc#1213970). * tracing/histograms: add histograms to hist_vars if they have referenced variables (git-fixes). * tracing/histograms: return an error if we fail to add histogram to hist_vars list (git-fixes). * tracing/probes: fix not to count error code to total length (git-fixes). * tracing/probes: fix to avoid double count of the string length on the array (git-fixes). * tracing/probes: fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). * tracing: fix cpu buffers unavailable due to 'record_disabled' missed (git- fixes). * tracing: fix memleak due to race between current_tracer and trace (git- fixes). * tracing: fix memory leak of iter->temp when reading trace_pipe (git-fixes). * tracing: fix null pointer dereference in tracing_err_log_open() (git-fixes). * tracing: fix warning in trace_buffered_event_disable() (git-fixes). * tty: fix hang on tty device with no_room set (git-fixes). * tty: n_gsm: fix the uaf caused by race condition in gsm_cleanup_mux (git- fixes). * tty: serial: fsl_lpuart: add i.mxrt1050 support (git-fixes). * tty: serial: fsl_lpuart: clear the error flags by writing 1 for lpuart32 platforms (git-fixes). * tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). * tty: serial: fsl_lpuart: reduce rx watermark to 0 on ls1028a (git-fixes). * ubifs: fix memleak when insert_old_idx() failed (git-fixes). * update cpufreq-intel_pstate-fix-cpu-pstate.turbo_freq-initi (git-fixes bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes). * usb: chipidea: imx: add missing usb phy dpdm wakeup setting (git-fixes). * usb: chipidea: imx: do not request qos for imx8ulp (git-fixes). * usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git- fixes). * usb: common: usb-conn-gpio: prevent bailing out if initial role is none (git-fixes). * usb: dwc3: fix typos in gadget.c (git-fixes). * usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git- fixes). * usb: dwc3: properly handle processing of pending events (git-fixes). * usb: gadget: f_mass_storage: fix unused variable warning (git-fixes). * usb: gadget: fix the memory leak in raw_gadget driver (git-fixes). * usb: gadget: u_serial: avoid spinlock recursion in __gs_console_push (git- fixes). * usb: ohci-at91: fix the unhandle interrupt when resume (git-fixes). * usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git- fixes). * usb: quirks: add quirk for focusrite scarlett (git-fixes). * usb: serial: option: add quectel ec200a module support (git-fixes). * usb: serial: option: support quectel em060k_128 (git-fixes). * usb: serial: simple: add kaufmann rks+can vcp (git-fixes). * usb: serial: simple: sort driver entries (git-fixes). * usb: typec: altmodes/displayport: signal hpd when configuring pin assignment (git-fixes). * usb: typec: tcpm: fix response to vsafe0v event (git-fixes). * usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). * usb: zaurus: add id for a-300/b-500/c-700 (git-fixes). * watchdog: sp5100_tco: support hygon fch/sch (server controller hub) (git- fixes). * wifi: ath10k: use rmw accessors for changing lnkctl (git-fixes). * wifi: ath11k: use rmw accessors for changing lnkctl (git-fixes). * wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git- fixes). * wifi: ath9k: protect wmi command response buffer replacement with a lock (git-fixes). * wifi: ath9k: use is_err() with debugfs_create_dir() (git-fixes). * wifi: cfg80211: fix return value in scan logic (git-fixes). * wifi: cfg80211: fix sband iftype data lookup for ap_vlan (git-fixes). * wifi: mt76: mt7615: do not advertise 5 ghz on first phy of mt7615d (dbdc) (git-fixes). * wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). * wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). * wifi: mt76: testmode: add nla_policy for mt76_tm_attr_tx_length (git-fixes). * wifi: mwifiex: avoid possible null skb pointer dereference (git-fixes). * wifi: mwifiex: fix error recovery in pcie buffer descriptor management (git- fixes). * wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). * wifi: mwifiex: fix missed return in oob checks failed path (git-fixes). * wifi: mwifiex: fix oob and integer underflow when rx packets (git-fixes). * wifi: nl80211/cfg80211: add forgotten nla_policy for bss color attribute (git-fixes). * wifi: radiotap: fix kernel-doc notation warnings (git-fixes). * wifi: rtw89: debug: fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). * x86/alternative: make custom return thunk unconditional (git-fixes). * x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes). * x86/cpu/kvm: provide untrain_ret_vm (git-fixes). * x86/cpu: clean up srso return thunk mess (git-fixes). * x86/cpu: cleanup the untrain mess (git-fixes). * x86/cpu: fix __x86_return_thunk symbol type (git-fixes). * x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). * x86/cpu: rename original retbleed methods (git-fixes). * x86/cpu: rename srso_(.*) _alias to srso_alias_ \1 (git-fixes). * x86/mce: make sure logged mces are processed after sysfs update (git-fixes). * x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes). * x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes). * x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes). * x86/speculation: add cpu_show_gds() prototype (git-fixes). * x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes). * x86/srso: correct the mitigation status when smt is disabled (git-fixes). * x86/srso: disable the mitigation on unaffected configurations (git-fixes). * x86/srso: explain the untraining sequences a bit more (git-fixes). * x86/srso: fix build breakage with the llvm linker (git-fixes). * x86/srso: fix return thunks in generated code (git-fixes). * x86/static_call: fix __static_call_fixup() (git-fixes). * xfs: fix sb write verify for lazysbcount (bsc#1214661). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3683=1 openSUSE-SLE-15.4-2023-3683=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3683=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3683=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3683=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3683=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3683=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3683=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-3683=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3683=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-3683=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-3683=1 ## Package List: * openSUSE Leap 15.4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.84.1 * openSUSE Leap 15.4 (noarch) * kernel-source-5.14.21-150400.24.84.1 * kernel-macros-5.14.21-150400.24.84.1 * kernel-docs-html-5.14.21-150400.24.84.1 * kernel-devel-5.14.21-150400.24.84.1 * kernel-source-vanilla-5.14.21-150400.24.84.1 * openSUSE Leap 15.4 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150400.24.84.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-livepatch-devel-5.14.21-150400.24.84.1 * kernel-debug-debuginfo-5.14.21-150400.24.84.1 * kernel-debug-devel-debuginfo-5.14.21-150400.24.84.1 * kernel-debug-devel-5.14.21-150400.24.84.1 * kernel-debug-debugsource-5.14.21-150400.24.84.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.84.1.150400.24.37.1 * kernel-kvmsmall-debugsource-5.14.21-150400.24.84.1 * kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.84.1 * kernel-default-base-rebuild-5.14.21-150400.24.84.1.150400.24.37.1 * kernel-kvmsmall-debuginfo-5.14.21-150400.24.84.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.84.1 * kernel-kvmsmall-devel-5.14.21-150400.24.84.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * gfs2-kmp-default-5.14.21-150400.24.84.1 * kernel-default-optional-5.14.21-150400.24.84.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.84.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.84.1 * kselftests-kmp-default-5.14.21-150400.24.84.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.84.1 * ocfs2-kmp-default-5.14.21-150400.24.84.1 * kernel-default-debuginfo-5.14.21-150400.24.84.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.84.1 * kernel-default-extra-5.14.21-150400.24.84.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.84.1 * dlm-kmp-default-5.14.21-150400.24.84.1 * kernel-obs-qa-5.14.21-150400.24.84.1 * kernel-obs-build-5.14.21-150400.24.84.1 * kselftests-kmp-default-debuginfo-5.14.21-150400.24.84.1 * reiserfs-kmp-default-5.14.21-150400.24.84.1 * kernel-default-livepatch-devel-5.14.21-150400.24.84.1 * kernel-obs-build-debugsource-5.14.21-150400.24.84.1 * cluster-md-kmp-default-5.14.21-150400.24.84.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.84.1 * kernel-syms-5.14.21-150400.24.84.1 * kernel-default-debugsource-5.14.21-150400.24.84.1 * kernel-default-livepatch-5.14.21-150400.24.84.1 * kernel-default-optional-debuginfo-5.14.21-150400.24.84.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.84.1 * kernel-default-devel-5.14.21-150400.24.84.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.84.1 * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150400.24.84.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_17-debugsource-1-150400.9.3.1 * kernel-livepatch-5_14_21-150400_24_84-default-1-150400.9.3.1 * kernel-livepatch-5_14_21-150400_24_84-default-debuginfo-1-150400.9.3.1 * openSUSE Leap 15.4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.84.1 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.84.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.84.1 * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.14.21-150400.24.84.1 * openSUSE Leap 15.4 (aarch64) * dtb-socionext-5.14.21-150400.24.84.1 * kernel-64kb-debugsource-5.14.21-150400.24.84.1 * dtb-arm-5.14.21-150400.24.84.1 * dtb-exynos-5.14.21-150400.24.84.1 * dtb-sprd-5.14.21-150400.24.84.1 * kernel-64kb-extra-debuginfo-5.14.21-150400.24.84.1 * dtb-cavium-5.14.21-150400.24.84.1 * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.84.1 * dtb-freescale-5.14.21-150400.24.84.1 * gfs2-kmp-64kb-5.14.21-150400.24.84.1 * dtb-apple-5.14.21-150400.24.84.1 * dtb-mediatek-5.14.21-150400.24.84.1 * dtb-xilinx-5.14.21-150400.24.84.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.84.1 * kselftests-kmp-64kb-5.14.21-150400.24.84.1 * dlm-kmp-64kb-5.14.21-150400.24.84.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.84.1 * kernel-64kb-optional-5.14.21-150400.24.84.1 * dtb-nvidia-5.14.21-150400.24.84.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.84.1 * dtb-rockchip-5.14.21-150400.24.84.1 * reiserfs-kmp-64kb-5.14.21-150400.24.84.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.84.1 * dtb-renesas-5.14.21-150400.24.84.1 * dtb-altera-5.14.21-150400.24.84.1 * kernel-64kb-livepatch-devel-5.14.21-150400.24.84.1 * dtb-amlogic-5.14.21-150400.24.84.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.84.1 * kernel-64kb-optional-debuginfo-5.14.21-150400.24.84.1 * dtb-amd-5.14.21-150400.24.84.1 * dtb-allwinner-5.14.21-150400.24.84.1 * dtb-broadcom-5.14.21-150400.24.84.1 * cluster-md-kmp-64kb-5.14.21-150400.24.84.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.84.1 * ocfs2-kmp-64kb-5.14.21-150400.24.84.1 * dtb-lg-5.14.21-150400.24.84.1 * dtb-marvell-5.14.21-150400.24.84.1 * kernel-64kb-devel-5.14.21-150400.24.84.1 * dtb-amazon-5.14.21-150400.24.84.1 * kernel-64kb-extra-5.14.21-150400.24.84.1 * dtb-apm-5.14.21-150400.24.84.1 * kernel-64kb-debuginfo-5.14.21-150400.24.84.1 * dtb-hisilicon-5.14.21-150400.24.84.1 * dtb-qcom-5.14.21-150400.24.84.1 * openSUSE Leap 15.4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.84.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.84.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.84.1.150400.24.37.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.84.1 * kernel-default-debuginfo-5.14.21-150400.24.84.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.84.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.84.1.150400.24.37.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.84.1 * kernel-default-debuginfo-5.14.21-150400.24.84.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.84.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.84.1.150400.24.37.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.84.1 * kernel-default-debuginfo-5.14.21-150400.24.84.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.84.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.84.1.150400.24.37.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.84.1 * kernel-default-debuginfo-5.14.21-150400.24.84.1 * Basesystem Module 15-SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.84.1 * Basesystem Module 15-SP4 (aarch64) * kernel-64kb-devel-5.14.21-150400.24.84.1 * kernel-64kb-debugsource-5.14.21-150400.24.84.1 * kernel-64kb-debuginfo-5.14.21-150400.24.84.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.84.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.84.1 * Basesystem Module 15-SP4 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.84.1.150400.24.37.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-5.14.21-150400.24.84.1 * kernel-default-debugsource-5.14.21-150400.24.84.1 * kernel-default-debuginfo-5.14.21-150400.24.84.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.84.1 * Basesystem Module 15-SP4 (noarch) * kernel-devel-5.14.21-150400.24.84.1 * kernel-macros-5.14.21-150400.24.84.1 * Basesystem Module 15-SP4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.84.1 * Basesystem Module 15-SP4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.84.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.84.1 * Development Tools Module 15-SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.84.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-syms-5.14.21-150400.24.84.1 * kernel-obs-build-5.14.21-150400.24.84.1 * kernel-obs-build-debugsource-5.14.21-150400.24.84.1 * Development Tools Module 15-SP4 (noarch) * kernel-source-5.14.21-150400.24.84.1 * Legacy Module 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.84.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.84.1 * kernel-default-debuginfo-5.14.21-150400.24.84.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.84.1 * reiserfs-kmp-default-5.14.21-150400.24.84.1 * SUSE Linux Enterprise Live Patching 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.84.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.84.1 * kernel-default-livepatch-5.14.21-150400.24.84.1 * kernel-livepatch-5_14_21-150400_24_84-default-debuginfo-1-150400.9.3.1 * kernel-default-livepatch-devel-5.14.21-150400.24.84.1 * kernel-default-debuginfo-5.14.21-150400.24.84.1 * kernel-livepatch-SLE15-SP4_Update_17-debugsource-1-150400.9.3.1 * kernel-livepatch-5_14_21-150400_24_84-default-1-150400.9.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.84.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.84.1 * gfs2-kmp-default-5.14.21-150400.24.84.1 * ocfs2-kmp-default-5.14.21-150400.24.84.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.84.1 * kernel-default-debuginfo-5.14.21-150400.24.84.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.84.1 * dlm-kmp-default-5.14.21-150400.24.84.1 * cluster-md-kmp-default-5.14.21-150400.24.84.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.84.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.84.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.84.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * kernel-default-debugsource-5.14.21-150400.24.84.1 * kernel-default-debuginfo-5.14.21-150400.24.84.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.84.1 * kernel-default-extra-5.14.21-150400.24.84.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2007.html * https://www.suse.com/security/cve/CVE-2023-20588.html * https://www.suse.com/security/cve/CVE-2023-34319.html * https://www.suse.com/security/cve/CVE-2023-3610.html * https://www.suse.com/security/cve/CVE-2023-37453.html * https://www.suse.com/security/cve/CVE-2023-3772.html * https://www.suse.com/security/cve/CVE-2023-3863.html * https://www.suse.com/security/cve/CVE-2023-4128.html * https://www.suse.com/security/cve/CVE-2023-4133.html * https://www.suse.com/security/cve/CVE-2023-4134.html * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4194.html * https://www.suse.com/security/cve/CVE-2023-4273.html * https://www.suse.com/security/cve/CVE-2023-4387.html * https://www.suse.com/security/cve/CVE-2023-4459.html * https://www.suse.com/security/cve/CVE-2023-4569.html * https://bugzilla.suse.com/show_bug.cgi?id=1023051 * https://bugzilla.suse.com/show_bug.cgi?id=1120059 * https://bugzilla.suse.com/show_bug.cgi?id=1177719 * https://bugzilla.suse.com/show_bug.cgi?id=1188885 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1205462 * https://bugzilla.suse.com/show_bug.cgi?id=1208902 * https://bugzilla.suse.com/show_bug.cgi?id=1208949 * https://bugzilla.suse.com/show_bug.cgi?id=1209284 * https://bugzilla.suse.com/show_bug.cgi?id=1209799 * https://bugzilla.suse.com/show_bug.cgi?id=1210048 * https://bugzilla.suse.com/show_bug.cgi?id=1210448 * https://bugzilla.suse.com/show_bug.cgi?id=1212091 * https://bugzilla.suse.com/show_bug.cgi?id=1212142 * https://bugzilla.suse.com/show_bug.cgi?id=1212526 * https://bugzilla.suse.com/show_bug.cgi?id=1212857 * https://bugzilla.suse.com/show_bug.cgi?id=1212873 * https://bugzilla.suse.com/show_bug.cgi?id=1213026 * https://bugzilla.suse.com/show_bug.cgi?id=1213123 * https://bugzilla.suse.com/show_bug.cgi?id=1213546 * https://bugzilla.suse.com/show_bug.cgi?id=1213580 * https://bugzilla.suse.com/show_bug.cgi?id=1213601 * https://bugzilla.suse.com/show_bug.cgi?id=1213666 * https://bugzilla.suse.com/show_bug.cgi?id=1213757 * https://bugzilla.suse.com/show_bug.cgi?id=1213759 * https://bugzilla.suse.com/show_bug.cgi?id=1213916 * https://bugzilla.suse.com/show_bug.cgi?id=1213921 * https://bugzilla.suse.com/show_bug.cgi?id=1213927 * https://bugzilla.suse.com/show_bug.cgi?id=1213946 * https://bugzilla.suse.com/show_bug.cgi?id=1213968 * https://bugzilla.suse.com/show_bug.cgi?id=1213970 * https://bugzilla.suse.com/show_bug.cgi?id=1213971 * https://bugzilla.suse.com/show_bug.cgi?id=1214000 * https://bugzilla.suse.com/show_bug.cgi?id=1214019 * https://bugzilla.suse.com/show_bug.cgi?id=1214120 * https://bugzilla.suse.com/show_bug.cgi?id=1214149 * https://bugzilla.suse.com/show_bug.cgi?id=1214180 * https://bugzilla.suse.com/show_bug.cgi?id=1214238 * https://bugzilla.suse.com/show_bug.cgi?id=1214285 * https://bugzilla.suse.com/show_bug.cgi?id=1214297 * https://bugzilla.suse.com/show_bug.cgi?id=1214299 * https://bugzilla.suse.com/show_bug.cgi?id=1214350 * https://bugzilla.suse.com/show_bug.cgi?id=1214368 * https://bugzilla.suse.com/show_bug.cgi?id=1214370 * https://bugzilla.suse.com/show_bug.cgi?id=1214371 * https://bugzilla.suse.com/show_bug.cgi?id=1214372 * https://bugzilla.suse.com/show_bug.cgi?id=1214380 * https://bugzilla.suse.com/show_bug.cgi?id=1214386 * https://bugzilla.suse.com/show_bug.cgi?id=1214392 * https://bugzilla.suse.com/show_bug.cgi?id=1214393 * https://bugzilla.suse.com/show_bug.cgi?id=1214397 * https://bugzilla.suse.com/show_bug.cgi?id=1214428 * https://bugzilla.suse.com/show_bug.cgi?id=1214451 * https://bugzilla.suse.com/show_bug.cgi?id=1214659 * https://bugzilla.suse.com/show_bug.cgi?id=1214661 * https://bugzilla.suse.com/show_bug.cgi?id=1214729 * https://bugzilla.suse.com/show_bug.cgi?id=1214742 * https://bugzilla.suse.com/show_bug.cgi?id=1214743 * https://bugzilla.suse.com/show_bug.cgi?id=1214756 * https://jira.suse.com/browse/PED-4579 * https://jira.suse.com/browse/PED-4759 * https://jira.suse.com/browse/PED-4927 * https://jira.suse.com/browse/PED-4929 * https://jira.suse.com/browse/PED-5738 * https://jira.suse.com/browse/PED-6003 * https://jira.suse.com/browse/PED-6004 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 19 16:31:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 16:31:05 -0000 Subject: SUSE-SU-2023:3682-1: important: Security update for the Linux Kernel Message-ID: <169514106592.13167.2251616767992844442@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3682-1 Rating: important References: * #1023051 * #1120059 * #1177719 * #1188885 * #1193629 * #1194869 * #1205462 * #1208902 * #1208949 * #1209284 * #1209799 * #1210048 * #1210448 * #1212091 * #1212142 * #1212526 * #1212857 * #1212873 * #1213026 * #1213123 * #1213546 * #1213580 * #1213601 * #1213666 * #1213757 * #1213759 * #1213916 * #1213921 * #1213927 * #1213946 * #1213968 * #1213970 * #1213971 * #1214000 * #1214019 * #1214120 * #1214149 * #1214180 * #1214238 * #1214285 * #1214297 * #1214299 * #1214350 * #1214368 * #1214370 * #1214371 * #1214372 * #1214380 * #1214386 * #1214392 * #1214393 * #1214397 * #1214428 * #1214451 * #1214659 * #1214661 * #1214729 * #1214742 * #1214743 * #1214756 * #1214760 * PED-4579 * PED-4759 * PED-4927 * PED-4929 * PED-5738 * PED-6003 * PED-6004 Cross-References: * CVE-2023-2007 * CVE-2023-20588 * CVE-2023-34319 * CVE-2023-3610 * CVE-2023-37453 * CVE-2023-3772 * CVE-2023-3863 * CVE-2023-4128 * CVE-2023-4133 * CVE-2023-4134 * CVE-2023-4147 * CVE-2023-4194 * CVE-2023-4273 * CVE-2023-4387 * CVE-2023-4459 * CVE-2023-4569 CVSS scores: * CVE-2023-2007 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2007 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34319 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-37453 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37453 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4133 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4134 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-4194 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4273 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4273 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-4387 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4387 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-4459 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4569 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-4569 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 16 vulnerabilities, contains seven features and has 45 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). * CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). * CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). * CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). * CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). * CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). * CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). * CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). * CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). * CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). * CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). * CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). * CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). * CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). * CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). The following non-security bugs were fixed: * acpi: processor: perflib: avoid updating frequency qos unnecessarily (git- fixes). * acpi: processor: perflib: use the "no limit" frequency qos (git-fixes). * acpi: x86: s2idle: fix a logic error parsing amd constraints table (git- fixes). * alsa: ac97: fix possible error value of *rac97 (git-fixes). * alsa: hda/cs8409: support new dell dolphin variants (git-fixes). * alsa: hda/realtek - remodified 3k pull low procedure (git-fixes). * alsa: hda/realtek: add quirk for hp victus 16-d1xxx to enable mute led (git- fixes). * alsa: hda/realtek: add quirk for mute leds on hp envy x360 15-eu0xxx (git- fixes). * alsa: hda/realtek: add quirks for hp g11 laptops (git-fixes). * alsa: hda/realtek: switch dell oasis models to use spi (git-fixes). * alsa: pcm: fix missing fixup call in compat hw_refine ioctl (git-fixes). * alsa: usb-audio: add support for mythware xa001au capture and playback interfaces (git-fixes). * alsa: usb-audio: fix init call orders for uac1 (git-fixes). * alsa: ymfpci: fix the missing snd_card_free() call at probe error (git- fixes). * amba: bus: fix refcount leak (git-fixes). * arm64: dts: imx8mn-var-som: add missing pull-up for onboard phy reset pinmux (git-fixes). * arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). * arm64: dts: rockchip: disable hs400 for emmc on rock pi 4 (git-fixes). * arm: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix usb related warnings (git-fixes). * arm: dts: imx6sll: fixup of operating points (git-fixes). * arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970). * asoc: lower "no backend dais enabled for ... port" log severity (git-fixes). * asoc: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). * asoc: rt5665: add missed regulator_bulk_disable (git-fixes). * asoc: sof: intel: fix soundwire/hdaudio mutual exclusion (git-fixes). * asoc: stac9766: fix build errors with regmap_ac97 (git-fixes). * asoc: tegra: fix sfc conversion for few rates (git-fixes). * audit: fix possible soft lockup in __audit_inode_child() (git-fixes). * backlight/bd6107: compare against struct fb_info.device (git-fixes). * backlight/gpio_backlight: compare against struct fb_info.device (git-fixes). * backlight/lv5207lp: compare against struct fb_info.device (git-fixes). * batman-adv: do not get eth header before batadv_check_management_packet (git-fixes). * batman-adv: do not increase mtu when set by user (git-fixes). * batman-adv: fix batadv_v_ogm_aggr_send memory leak (git-fixes). * batman-adv: fix tt global entry leak when client roamed back (git-fixes). * batman-adv: hold rtnl lock during mtu update via netlink (git-fixes). * batman-adv: trigger events for auto adjusted mtu (git-fixes). * bluetooth: btusb: add mt7922 bluetooth id for the asus ally (git-fixes). * bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git- fixes). * bluetooth: fix potential use-after-free when clear keys (git-fixes). * bluetooth: l2cap: fix use-after-free (git-fixes). * bluetooth: l2cap: fix use-after-free in l2cap_sock_ready_cb (git-fixes). * bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git- fixes). * bluetooth: remove unused declaration amp_read_loc_info() (git-fixes). * bnx2x: fix page fault following eeh recovery (bsc#1214299). * bpf: disable preemption in bpf_event_output (git-fixes). * bus: ti-sysc: fix build warning for 64-bit build (git-fixes). * bus: ti-sysc: fix cast to enum warning (git-fixes). * bus: ti-sysc: flush posted write on enable before reset (git-fixes). * can: gs_usb: gs_usb_receive_bulk_callback(): count rx overflow errors also in case of oom (git-fixes). * ceph: defer stopping mdsc delayed_work (bsc#1214392). * ceph: do not check for quotas on mds stray dirs (bsc#1214238). * ceph: never send metrics if disable_send_metrics is set (bsc#1214180). * check-for-config-changes: ignore builtin_return_address_strips_pac (bsc#1214380). gcc7 on sle 15 does not support this while later gcc does. * cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). * cifs: allow dumping keys for directories too (bsc#1193629). * cifs: fix mid leak during reconnection after timeout threshold (git-fixes). * cifs: if deferred close is disabled then close files immediately (git- fixes). * cifs: is_network_name_deleted should return a bool (bsc#1193629). * cifs: update internal module version number for cifs.ko (bsc#1193629). * clk: fix slab-out-of-bounds error in devm_clk_release() (git-fixes). * clk: fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). * clk: imx8mp: fix sai4 clock (git-fixes). * clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). * clk: imx: pll14xx: dynamically configure pll for 393216000/361267200hz (git- fixes). * clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). * clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). * clk: qcom: gcc-sc7180: fix up gcc_sdcc2_apps_clk_src (git-fixes). * clk: qcom: gcc-sm8250: fix gcc_sdcc2_apps_clk_src (git-fixes). * clk: sunxi-ng: modify mismatched function name (git-fixes). * clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970). * clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970). * config_nvme_verbose_errors=y gone with a82baa8083b * config_printk_safe_log_buf_shift=13 gone with 7e152d55123 * cpu/smt: allow enabling partial smt states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: move smt prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpufreq: fix the race condition while updating the transition_task of policy (git-fixes). * cpufreq: intel_pstate: adjust balance_performance epp for sapphire rapids (bsc#1214659). * cpufreq: intel_pstate: enable hwp io boost for all servers (bsc#1208949 jsc#ped-6003 jsc#ped-6004). * cpufreq: intel_pstate: fix scaling for hybrid-capable systems with disabled e-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * cpufreq: intel_pstate: hybrid: rework hwp calibration (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * cpufreq: intel_pstate: hybrid: use known scaling factor for p-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * cpufreq: intel_pstate: read all msrs on the target cpu (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * created new preempt kernel flavor configs are cloned from the respective $arch/default configs. all changed configs appart from config_preempt->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. tree_rcu has been also changed to preempt_rcu which is the default implementation for preempt kernel. * crypto: caam - fix unchecked return value error (git-fixes). * crypto: stm32 - properly handle pm_runtime_get failing (git-fixes). * dma-buf/sw_sync: avoid recursive lock during fence signal (git-fixes). * dma-buf/sync_file: fix docs syntax (git-fixes). * dmaengine: idxd: modify the dependence of attribute pasid_enabled (git- fixes). * dmaengine: mcf-edma: fix a potential un-allocated memory access (git-fixes). * dmaengine: pl330: return dma_paused when transaction is paused (git-fixes). * dmaengine: ste_dma40: add missing irq check in d40_probe (git-fixes). * docs/process/howto: replace c89 with c11 (bsc#1214756). * docs: kernel-parameters: refer to the correct bitmap function (git-fixes). * docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). * docs: printk-formats: fix hex printing of signed values (git-fixes). * documentation: devices.txt: fix minors for ttycpm* (git-fixes). * documentation: devices.txt: remove ttyioc* (git-fixes). * documentation: devices.txt: remove ttysioc* (git-fixes). * driver core: test_async: fix an error code (git-fixes). * drivers: clk: keystone: fix parameter judgment in _of_pll_clk_init() (git- fixes). * drivers: usb: smsusb: fix error handling code in smsusb_init_device (git- fixes). * drm/amd/display: check attr flag before set cursor degamma on dcn3+ (git- fixes). * drm/amd/display: check tg is non-null before checking if enabled (git- fixes). * drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). * drm/amd/display: fix access hdcp_workqueue assert (git-fixes). * drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). * drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). * drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). * drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). * drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). * drm/amdgpu: fix potential fence use-after-free v2 (git-fixes). * drm/amdgpu: install stub fence into potential unused fence pointers (git- fixes). * drm/amdgpu: use rmw accessors for changing lnkctl (git-fixes). * drm/armada: fix off-by-one error in armada_overlay_get_property() (git- fixes). * drm/ast: fix dram init on ast2200 (git-fixes). * drm/atomic-helper: update reference to drm_crtc_force_disable_all() (git- fixes). * drm/bridge: anx7625: drop device lock before drm_helper_hpd_irq_event() (git-fixes). * drm/bridge: fix -wunused-const-variable= warning (git-fixes). * drm/bridge: tc358764: fix debug print parameter order (git-fixes). * drm/etnaviv: fix dumping of active mmu context (git-fixes). * drm/mediatek: fix dereference before null check (git-fixes). * drm/mediatek: fix potential memory leak if vmap() fail (git-fixes). * drm/msm/a2xx: call adreno_gpu_init() earlier (git-fixes). * drm/msm/mdp5: do not leak some plane state (git-fixes). * drm/msm: update dev core dump to not print backwards (git-fixes). * drm/nouveau/disp: revert a null check inside nouveau_connector_get_modes (git-fixes). * drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). * drm/panel: simple: add missing connector type and pixel format for auo t215hvn01 (git-fixes). * drm/panel: simple: fix auo g121ean01 panel timings according to the docs (git-fixes). * drm/qxl: fix uaf on handle creation (git-fixes). * drm/radeon: use rmw accessors for changing lnkctl (git-fixes). * drm/rockchip: do not spam logs in atomic check (git-fixes). * drm/shmem-helper: reset vma->vm_ops before calling dma_buf_mmap() (git- fixes). * drm/tegra: dpaux: fix incorrect return value of platform_get_irq (git- fixes). * drm/ttm: check null pointer before accessing when swapping (git-fixes). * drm/ttm: never consider pinned bos for eviction&swap (git-fixes). * drm/vmwgfx: fix shader stage validation (git-fixes). * drm: adv7511: fix low refresh rate register for adv7533/5 (git-fixes). * drm: xlnx: zynqmp_dpsub: add missing check for dma_set_mask (git-fixes). * drop cfg80211 lock fix patches that caused a regression (bsc#1213757) * drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) * dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). * dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). * dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). * e1000: fix typos in comments (jsc#ped-5738). * e1000: remove unnecessary use of kmap_atomic() (jsc#ped-5738). * e1000: switch to napi_build_skb() (jsc#ped-5738). * e1000: switch to napi_consume_skb() (jsc#ped-5738). * enable analog devices industrial ethernet phy driver (jsc#ped-4759) * enable tpm in azure (bsc#1214760) * exfat: fix unexpected eof while reading dir (bsc#1214000). * exfat: release s_lock before calling dir_emit() (bsc#1214000). * exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). * fbdev/ep93xx-fb: do not assign to struct fb_info.dev (git-fixes). * fbdev: fix potential oob read in fast_imageblit() (git-fixes). * fbdev: fix sys_imageblit() for arbitrary image widths (git-fixes). * fbdev: improve performance of sys_imageblit() (git-fixes). * fbdev: mmp: fix value check in mmphw_probe() (git-fixes). * file: reinstate f_pos locking optimization for regular files (bsc#1213759). * firmware: arm_scmi: drop of node reference in the transport channel setup (git-fixes). * firmware: cs_dsp: fix new control name check (git-fixes). * firmware: meson_sm: fix to avoid potential null pointer dereference (git- fixes). * firmware: stratix10-svc: fix an null vs is_err() bug in probe (git-fixes). * fs/sysv: null check to prevent null-ptr-deref bug (git-fixes). * ftrace: fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). * gpio: mvebu: fix irq domain leak (git-fixes). * gpio: mvebu: make use of devm_pwmchip_add (git-fixes). * gpio: tps68470: make tps68470_gpio_output() always set the initial value (git-fixes). * hid: add quirk for 03f0:464a hp elite presenter mouse (git-fixes). * hid: logitech-dj: fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). * hid: logitech-hidpp: add usb and bluetooth ids for the logitech g915 tkl keyboard (git-fixes). * hid: multitouch: correct devm device reference for hidinput input_dev name (git-fixes). * hid: wacom: remove the battery when the ekr is off (git-fixes). * hwmon: (pmbus/bel-pfe) enable pmbus_skip_status_check for pfe1100 (git- fixes). * hwmon: (tmp513) fix the channel number in tmp51x_is_visible() (git-fixes). * hwpoison: offline support: fix spelling in documentation/abi/ (git-fixes). * hwrng: iproc-rng200 - implement suspend and resume calls (git-fixes). * hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). * hwrng: pic32 - use devm_clk_get_enabled (git-fixes). * i2c: bcm-iproc: fix bcm_iproc_i2c_isr deadlock issue (git-fixes). * i2c: delete error messages for failed memory allocations (git-fixes). * i2c: designware: correct length byte validation logic (git-fixes). * i2c: designware: handle invalid smbus block data response length value (git- fixes). * i2c: hisi: only handle the interrupt of the driver's transfer (git-fixes). * i2c: improve size determinations (git-fixes). * i2c: nomadik: remove a useless call in the remove function (git-fixes). * i2c: nomadik: remove unnecessary goto label (git-fixes). * i2c: nomadik: use devm_clk_get_enabled() (git-fixes). * i40e: fix an null vs is_err() bug for debugfs_create_dir() (git-fixes). * iavf: fix potential races for fdir filters (git-fixes). * ib/hfi1: fix possible panic during hotplug remove (git-fixes) * ib/uverbs: fix an potential error pointer dereference (git-fixes) * ice: fix crash by keep old cfg when update tcs more than queues (git-fixes). * ice: fix max_rate check while configuring tx rate limits (git-fixes). * ice: fix memory management in ice_ethtool_fdir.c (git-fixes). * ice: fix rdma vsi removal during queue rebuild (git-fixes). * iio: adc: ina2xx: avoid null pointer dereference on of device match (git- fixes). * iio: adc: stx104: implement and utilize register structures (git-fixes). * iio: adc: stx104: utilize iomap interface (git-fixes). * iio: cros_ec: fix the allocation size for cros_ec_command (git-fixes). * input: exc3000 - properly stop timer on shutdown (git-fixes). * intel/e1000:fix repeated words in comments (jsc#ped-5738). * intel: remove unused macros (jsc#ped-5738). * iommu/amd: add pci segment support for ivrs_ commands (git-fixes). * iommu/amd: fix compile warning in init code (git-fixes). * iommu/amd: fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). * iommu/amd: fix ivrs_acpihid cmdline parsing code (git-fixes). * iommu/amd: fix pci device refcount leak in ppr_notifier() (git-fixes). * iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). * iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). * iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). * iommu/arm-smmu-v3: make default domain type of hisilicon ptt device to identity (git-fixes). * iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git- fixes). * iommu/dart: initialize dart_streams_enable (git-fixes). * iommu/dma: fix incorrect error return on iommu deferred attach (git-fixes). * iommu/dma: fix iova map result check bug (git-fixes). * iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). * iommu/fsl_pamu: fix resource leak in fsl_pamu_probe() (git-fixes). * iommu/io-pgtable-arm-v7s: add a quirk to allow pgtable pa up to 35bit (git- fixes). * iommu/iova: fix module config properly (git-fixes). * iommu/omap: fix buffer overflow in debugfs (git-fixes). * iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). * iommu/sun50i: consider all fault sources for reset (git-fixes). * iommu/sun50i: fix flush size (git-fixes). * iommu/sun50i: fix r/w permission check (git-fixes). * iommu/sun50i: fix reset release (git-fixes). * iommu/sun50i: implement .iotlb_sync_map (git-fixes). * iommu/sun50i: remove iommu_domain_identity (git-fixes). * iommu/vt-d: add rpls to quirk list to skip te disabling (git-fixes). * iommu/vt-d: check correct capability for sagaw determination (git-fixes). * iommu/vt-d: clean up si_domain in the init_dmars() error path (git-fixes). * iommu/vt-d: correctly calculate sagaw value of iommu (git-fixes). * iommu/vt-d: fix kdump kernels boot failure with scalable mode (git-fixes). * iommu/vt-d: fix pci device refcount leak in dmar_dev_scope_init() (git- fixes). * iommu/vt-d: fix pci device refcount leak in has_external_pci() (git-fixes). * iommu/vt-d: preset access bit for iova in fl non-leaf paging entries (git- fixes). * iommu/vt-d: set sre bit only when hardware has srs cap (git-fixes). * ipmi:ssif: add check for kstrdup (git-fixes). * ipmi:ssif: fix a memory leak when scanning for an adapter (git-fixes). * ipmi_si: fix a memleak in try_smi_init() (git-fixes). * jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). * kabi/severities: ignore newly added srso mitigation functions * kabi: allow extra bugsints (bsc#1213927). * kbuild: add -wno-shift-negative-value where -wextra is used (bsc#1214756). * kbuild: move to -std=gnu11 (bsc#1214756). * kernel-binary: common dependencies cleanup common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. * kernel-binary: drop code for kerntypes support kerntypes was a suse-specific feature dropped before sle 12. * kunit: make kunit_test_timeout compatible with comment (git-fixes). * kvm: s390: fix sthyi error handling (git-fixes bsc#1214370). * leds: fix bug_on check for led_color_id_multi that is always false (git- fixes). * leds: multicolor: use rounded division when calculating color components (git-fixes). * leds: pwm: fix error code in led_pwm_create_fwnode() (git-fixes). * leds: trigger: tty: do not use led_on/off constants, use led_blink_set_oneshot instead (git-fixes). * leds: turris-omnia: drop unnecessary mutex locking (git-fixes). * lib/test_meminit: allocate pages up to order max_order (git-fixes). * lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). * libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). * md/raid0: factor out helper for mapping and submitting a bio (bsc#1213916). * md/raid0: fix performance regression for large sequential writes (bsc#1213916). * media: ad5820: drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). * media: cx24120: add retval check for cx24120_message_send() (git-fixes). * media: dib7000p: fix potential division by zero (git-fixes). * media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git- fixes). * media: go7007: remove redundant if statement (git-fixes). * media: i2c: ccs: check rules is non-null (git-fixes). * media: i2c: rdacm21: fix uninitialized value (git-fixes). * media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). * media: ov2680: add ov2680_fill_format() helper function (git-fixes). * media: ov2680: do not take the lock for try_fmt calls (git-fixes). * media: ov2680: fix ov2680_bayer_order() (git-fixes). * media: ov2680: fix ov2680_set_fmt() which == v4l2_subdev_format_try not working (git-fixes). * media: ov2680: fix regulators being left enabled on ov2680_power_on() errors (git-fixes). * media: ov2680: fix vflip / hflip set functions (git-fixes). * media: ov2680: remove video_v4l2_subdev_api ifdef-s (git-fixes). * media: ov5640: enable mipi interface in ov5640_set_power_mipi() (git-fixes). * media: rkvdec: increase max supported height for h.264 (git-fixes). * media: v4l2-core: fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). * media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). * media: venus: hfi_venus: only consider sys_idle_indicator on v1 (git-fixes). * media: venus: hfi_venus: write to vidc_ctrl_init after unmasking interrupts (git-fixes). * misc: rtsx: judge aspm mode to set petxcfg reg (git-fixes). * mkspec: allow unsupported kmps (bsc#1214386) * mlxsw: pci: add shutdown method in pci driver (git-fixes). * mmc: block: fix in_flight[issue_type] value error (git-fixes). * mmc: moxart: read scr register without changing byte order (git-fixes). * mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). * module: avoid allocation if module is already present and ready (bsc#1213921). * module: extract patient module check into helper (bsc#1213921). * module: move check_modinfo() early to early_mod_check() (bsc#1213921). * module: move early sanity checks into a helper (bsc#1213921). * move upstreamed powerpc patches into sorted section * mtd: rawnand: brcmnand: fix crash during the panic_write (git-fixes). * mtd: rawnand: brcmnand: fix mtd oobsize (git-fixes). * mtd: rawnand: brcmnand: fix potential false time out warning (git-fixes). * mtd: rawnand: brcmnand: fix potential out-of-bounds access in oob write (git-fixes). * mtd: rawnand: fsl_upm: fix an off-by one test in fun_exec_op() (git-fixes). * mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git- fixes). * mtd: rawnand: omap_elm: fix incorrect type in assignment (git-fixes). * mtd: rawnand: rockchip: align hwecc vs. raw page helper layouts (git-fixes). * mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). * mtd: spi-nor: check bus width while setting qe bit (git-fixes). * mtd: spinand: toshiba: fix ecc_get_status (git-fixes). * n_tty: rename tail to old_tail in n_tty_read() (git-fixes). * net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). * net: ieee802154: at86rf230: stop leaking skb's (git-fixes). * net: mana: fix mana vf unload when hardware is unresponsive (git-fixes). * net: phy: at803x: remove set/get wol callbacks for ar8032 (git-fixes). * net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). * net: phy: fix irq-based wake-on-lan over hibernate / power off (git-fixes). * net: usb: lan78xx: reorder cleanup operations to avoid uaf bugs (git-fixes). * net: usbnet: fix warning in usbnet_start_xmit/usb_submit_urb (git-fixes). * netfs: fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). * netfs: fix missing xas_retry() calls in xarray iteration (bsc#1213946). * netfs: fix parameter of cleanup() (bsc#1214743). * nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes). * nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git- fixes). * nilfs2: fix warning in mark_buffer_dirty due to discarded buffer reuse (git- fixes). * nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). * nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). * objtool/x86: fix srso mess (git-fixes). * objtool/x86: fixup frame-pointer vs rethunk (git-fixes). * objtool: union instruction::{call_dest,jump_table} (git-fixes). * old-flavors: drop 2.6 kernels. 2.6 based kernels are eol, upgrading from them is no longer suported. * pci/aspm: avoid link retraining race (git-fixes). * pci/aspm: factor out pcie_wait_for_retrain() (git-fixes). * pci/aspm: return 0 or -etimedout from pcie_retrain_link() (git-fixes). * pci: acpiphp: reassign resources on bridge if necessary (git-fixes). * pci: acpiphp: use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). * pci: mark nvidia t4 gpus to avoid bus reset (git-fixes). * pci: meson: remove cast between incompatible function type (git-fixes). * pci: microchip: correct the ded and sec interrupt bit offsets (git-fixes). * pci: microchip: remove cast between incompatible function type (git-fixes). * pci: pciehp: use rmw accessors for changing lnkctl (git-fixes). * pci: rockchip: remove writes to unused registers (git-fixes). * pci: s390: fix use-after-free of pci resources with per-function hotplug (git-fixes). * pci: tegra194: fix possible array out of bounds access (git-fixes). * pcmcia: rsrc_nonstatic: fix memory leak in nonstatic_release_resource_db() (git-fixes). * phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git- fixes). * phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git- fixes). * phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). * phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). * phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). * phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). * phy: qcom-snps: use dev_err_probe() to simplify code (git-fixes). * pinctrl: cherryview: fix address_space_handler() argument (git-fixes). * pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). * pinctrl: renesas: rza2: add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). * platform/x86: dell-sysman: fix reference leak (git-fixes). * pm / devfreq: fix leak in devfreq_dev_release() (git-fixes). * powerpc/64e: fix kexec build error (bsc#1212091 ltc#199106). * powerpc/iommu: do not set failed sg dma_address to dma_mapping_error (bsc#1212091 ltc#199106). * powerpc/iommu: fix iommu_table_in_use for a small default dma window case (bsc#1212091 ltc#199106). * powerpc/iommu: incorrect ddw table is referenced for sr-iov device (bsc#1212091 ltc#199106). * powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). * powerpc/iommu: tces are incorrectly manipulated with dlpar add/remove of memory (bsc#1212091 ltc#199106). * powerpc/kernel/iommu: add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). * powerpc/kexec: fix build failure from uninitialised variable (bsc#1212091 ltc#199106). * powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes). * powerpc/pseries/ddw: do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). * powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: add of_node_put() before break (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: allow ddw windows starting at 0x00 (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: check if the default window in use before removing it (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: create huge dma window if no mmio32 is present (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: find existing ddw with given property name (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: make use of ddw for indirect mapping (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: rename "direct window" to "dma window" (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: replace hard-coded page shift (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: use correct vfree for it_map (bsc#1212091 ltc#199106). * powerpc/pseries: add __init attribute to eligible functions (bsc#1212091 ltc#199106). * powerpc/pseries: honour current smt state when dlpar onlining cpus (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc/pseries: initialise cpu hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc/rtas: block error injection when locked down (bsc#1023051). * powerpc/rtas: enture rtas_call is called with mmu enabled (bsc#1023051). * powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). * powerpc/security: fix speculation_store_bypass reporting on power10 (bsc#1188885 ltc#193722 git-fixes). * powerpc: add hotplug_smt support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). update config files. * powerpc: fix typos in comments (bsc#1212091 ltc#199106). * powerpc: move dma64_propname define to a header (bsc#1214297 ltc#197503). * pseries/iommu/ddw: fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). * pstore/ram: check start of empty przs during init (git-fixes). * pwm: add a stub for devm_pwmchip_add() (git-fixes). * pwm: meson: fix handling of period/duty if greater than uint_max (git- fixes). * pwm: meson: simplify duplicated per-channel tracking (git-fixes). * qed: fix scheduling in a tasklet while getting stats (git-fixes). * rdma/bnxt_re: fix error handling in probe failure path (git-fixes) * rdma/bnxt_re: fix max_qp count for virtual functions (git-fixes) * rdma/efa: fix wrong resources deallocation order (git-fixes) * rdma/hns: fix cq and qp cache affinity (git-fixes) * rdma/hns: fix incorrect post-send with direct wqe of wr-list (git-fixes) * rdma/hns: fix port active speed (git-fixes) * rdma/irdma: prevent zero-length stag registration (git-fixes) * rdma/irdma: replace one-element array with flexible-array member (git-fixes) * rdma/mlx5: return the firmware result upon destroying qp/rq (git-fixes) * rdma/qedr: remove a duplicate assignment in irdma_query_ah() (git-fixes) * rdma/siw: balance the reference of cep->kref in the error path (git-fixes) * rdma/siw: correct wrong debug message (git-fixes) * rdma/umem: set iova in odp flow (git-fixes) * readme.branch: add miroslav franc as a sle15-sp4 co-maintainer. * regmap: rbtree: use alloc_flags for memory allocations (git-fixes). * revert "ib/isert: fix incorrect release of isert connection" (git-fixes) * revert "tracing: add "(fault)" name injection to kernel probes" (git-fixes). * ring-buffer: do not swap cpu_buffer during resize process (git-fixes). * ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes). * ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes). * rpmsg: glink: add check for kstrdup (git-fixes). * s390/purgatory: disable branch profiling (git-fixes bsc#1214372). * sched/fair: fix inaccurate tally of ttwu_move_affine (git fixes). * sched/fair: use recent_used_cpu to test p->cpus_ptr (git fixes). * sched/psi: use kernfs polling functions for psi trigger polling (bsc#1209799). * scsi: bsg: increase number of devices (bsc#1210048). * scsi: core: do not wait for quiesce in scsi_device_block() (bsc#1209284). * scsi: core: do not wait for quiesce in scsi_stop_queue() (bsc#1209284). * scsi: core: improve warning message in scsi_device_block() (bsc#1209284). * scsi: core: merge scsi_internal_device_block() and device_block() (bsc#1209284). * scsi: rdma/srp: fix residual handling (git-fixes) * scsi: sg: increase number of devices (bsc#1210048). * scsi: storvsc: always set no_report_opcodes (git-fixes). * scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes). * scsi: storvsc: handle srb status value 0x30 (git-fixes). * scsi: storvsc: limit max_sectors for virtual fibre channel devices (git- fixes). * scsi: zfcp: defer fc_rport blocking until after adisc response (git-fixes bsc#1214371). * selftests/futex: order calls to futex_lock_pi (git-fixes). * selftests/harness: actually report skip for signal tests (git-fixes). * selftests/resctrl: close perf value read fd on errors (git-fixes). * selftests/resctrl: do not leak buffer in fill_cache() (git-fixes). * selftests/resctrl: unmount resctrl fs if child fails to run benchmark (git- fixes). * selftests/rseq: check if libc rseq support is registered (git-fixes). * selftests: forwarding: add a helper to skip test when using veth pairs (git- fixes). * selftests: forwarding: ethtool: skip when using veth pairs (git-fixes). * selftests: forwarding: ethtool_extended_state: skip when using veth pairs (git-fixes). * selftests: forwarding: skip test when no interfaces are specified (git- fixes). * selftests: forwarding: switch off timeout (git-fixes). * selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). * selftests: forwarding: tc_actions: use ncat instead of nc (git-fixes). * selftests: forwarding: tc_flower: relax success criterion (git-fixes). * selftests: mirror_gre_changes: tighten up the ttl test match (git-fixes). * serial: sc16is7xx: fix broken port 0 uart init (git-fixes). * serial: sc16is7xx: fix bug when first setting gpio direction (git-fixes). * serial: sprd: assign sprd_port after initialized to avoid wrong access (git- fixes). * serial: sprd: fix dma buffer leak issue (git-fixes). * serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). * sfc: fix crash when reading stats while nic is resetting (git-fixes). * smb3: do not send lease break acknowledgment if all file handles have been closed (git-fixes). * smb3: do not set ntlmssp_version flag for negotiate not auth request (bsc#1193629). * smb: client: fix -wstringop-overflow issues (bsc#1193629). * smb: client: fix dfs link mount against w2k8 (bsc#1212142). * smb: client: fix null auth (git-fixes). * soc: aspeed: socinfo: add kfree for kstrdup (git-fixes). * soundwire: bus: pm_runtime_request_resume on peripheral attachment (git- fixes). * soundwire: fix enumeration completion (git-fixes). * spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). * supported.conf: fix typos for -!optional markers * target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). * target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). * target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). * target_core_rbd: remove snapshot existence validation code (bsc#1212857). * thunderbolt: read retimer nvm authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). * timers: add shutdown mechanism to the internal functions (bsc#1213970). * timers: provide timer_shutdown_sync (bsc#1213970). * timers: rename del_timer() to timer_delete() (bsc#1213970). * timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970). * timers: replace bug_on()s (bsc#1213970). * timers: silently ignore timers with a null function (bsc#1213970). * timers: split [try_to_]del_timer_sync to prepare for shutdown mode (bsc#1213970). * timers: update kernel-doc for various functions (bsc#1213970). * timers: use del_timer_sync() even on up (bsc#1213970). * tracing/histograms: add histograms to hist_vars if they have referenced variables (git-fixes). * tracing/histograms: return an error if we fail to add histogram to hist_vars list (git-fixes). * tracing/probes: fix not to count error code to total length (git-fixes). * tracing/probes: fix to avoid double count of the string length on the array (git-fixes). * tracing/probes: fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). * tracing/probes: fix to update dynamic data counter if fetcharg uses it (git- fixes). * tracing: fix cpu buffers unavailable due to 'record_disabled' missed (git- fixes). * tracing: fix memleak due to race between current_tracer and trace (git- fixes). * tracing: fix memory leak of iter->temp when reading trace_pipe (git-fixes). * tracing: fix null pointer dereference in tracing_err_log_open() (git-fixes). * tracing: fix warning in trace_buffered_event_disable() (git-fixes). * tty: fix hang on tty device with no_room set (git-fixes). * tty: n_gsm: fix the uaf caused by race condition in gsm_cleanup_mux (git- fixes). * tty: serial: fsl_lpuart: add i.mxrt1050 support (git-fixes). * tty: serial: fsl_lpuart: clear the error flags by writing 1 for lpuart32 platforms (git-fixes). * tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). * tty: serial: fsl_lpuart: reduce rx watermark to 0 on ls1028a (git-fixes). * ubifs: fix memleak when insert_old_idx() failed (git-fixes). * update patches.suse/cpufreq-intel_pstate-fix-cpu-pstate.turbo_freq-initi (git-fixes bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes). * usb: chipidea: imx: add missing usb phy dpdm wakeup setting (git-fixes). * usb: chipidea: imx: do not request qos for imx8ulp (git-fixes). * usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git- fixes). * usb: common: usb-conn-gpio: prevent bailing out if initial role is none (git-fixes). * usb: dwc3: fix typos in gadget.c (git-fixes). * usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git- fixes). * usb: dwc3: properly handle processing of pending events (git-fixes). * usb: gadget: f_mass_storage: fix unused variable warning (git-fixes). * usb: gadget: fix the memory leak in raw_gadget driver (git-fixes). * usb: gadget: u_serial: avoid spinlock recursion in __gs_console_push (git- fixes). * usb: ohci-at91: fix the unhandle interrupt when resume (git-fixes). * usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git- fixes). * usb: quirks: add quirk for focusrite scarlett (git-fixes). * usb: serial: option: add quectel ec200a module support (git-fixes). * usb: serial: option: support quectel em060k_128 (git-fixes). * usb: serial: simple: add kaufmann rks+can vcp (git-fixes). * usb: serial: simple: sort driver entries (git-fixes). * usb: typec: altmodes/displayport: signal hpd when configuring pin assignment (git-fixes). * usb: typec: tcpm: fix response to vsafe0v event (git-fixes). * usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). * usb: zaurus: add id for a-300/b-500/c-700 (git-fixes). * watchdog: sp5100_tco: support hygon fch/sch (server controller hub) (git- fixes). * wifi: ath10k: use rmw accessors for changing lnkctl (git-fixes). * wifi: ath11k: use rmw accessors for changing lnkctl (git-fixes). * wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git- fixes). * wifi: ath9k: protect wmi command response buffer replacement with a lock (git-fixes). * wifi: ath9k: use is_err() with debugfs_create_dir() (git-fixes). * wifi: cfg80211: fix return value in scan logic (git-fixes). * wifi: cfg80211: fix sband iftype data lookup for ap_vlan (git-fixes). * wifi: mt76: mt7615: do not advertise 5 ghz on first phy of mt7615d (dbdc) (git-fixes). * wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). * wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). * wifi: mt76: testmode: add nla_policy for mt76_tm_attr_tx_length (git-fixes). * wifi: mwifiex: avoid possible null skb pointer dereference (git-fixes). * wifi: mwifiex: fix error recovery in pcie buffer descriptor management (git- fixes). * wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). * wifi: mwifiex: fix missed return in oob checks failed path (git-fixes). * wifi: mwifiex: fix oob and integer underflow when rx packets (git-fixes). * wifi: nl80211/cfg80211: add forgotten nla_policy for bss color attribute (git-fixes). * wifi: radiotap: fix kernel-doc notation warnings (git-fixes). * wifi: rtw89: debug: fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). * x86/alternative: make custom return thunk unconditional (git-fixes). * x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes). * x86/cpu/kvm: provide untrain_ret_vm (git-fixes). * x86/cpu: clean up srso return thunk mess (git-fixes). * x86/cpu: cleanup the untrain mess (git-fixes). * x86/cpu: fix __x86_return_thunk symbol type (git-fixes). * x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). * x86/cpu: rename original retbleed methods (git-fixes). * x86/cpu: rename srso_(.*) _alias to srso_alias_ \1 (git-fixes). * x86/mce: make sure logged mces are processed after sysfs update (git-fixes). * x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes). * x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes). * x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes). * x86/speculation: add cpu_show_gds() prototype (git-fixes). * x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes). * x86/srso: correct the mitigation status when smt is disabled (git-fixes). * x86/srso: disable the mitigation on unaffected configurations (git-fixes). * x86/srso: explain the untraining sequences a bit more (git-fixes). * x86/srso: fix build breakage with the llvm linker (git-fixes). * x86/srso: fix return thunks in generated code (git-fixes). * x86/static_call: fix __static_call_fixup() (git-fixes). * xfs: fix sb write verify for lazysbcount (bsc#1214661). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3682=1 SUSE-2023-3682=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3682=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.66.1 * kernel-azure-extra-debuginfo-5.14.21-150400.14.66.1 * kselftests-kmp-azure-5.14.21-150400.14.66.1 * kselftests-kmp-azure-debuginfo-5.14.21-150400.14.66.1 * cluster-md-kmp-azure-5.14.21-150400.14.66.1 * dlm-kmp-azure-debuginfo-5.14.21-150400.14.66.1 * kernel-azure-devel-5.14.21-150400.14.66.1 * kernel-azure-optional-debuginfo-5.14.21-150400.14.66.1 * kernel-azure-debugsource-5.14.21-150400.14.66.1 * kernel-azure-devel-debuginfo-5.14.21-150400.14.66.1 * dlm-kmp-azure-5.14.21-150400.14.66.1 * ocfs2-kmp-azure-5.14.21-150400.14.66.1 * kernel-azure-livepatch-devel-5.14.21-150400.14.66.1 * kernel-syms-azure-5.14.21-150400.14.66.1 * reiserfs-kmp-azure-5.14.21-150400.14.66.1 * kernel-azure-optional-5.14.21-150400.14.66.1 * kernel-azure-extra-5.14.21-150400.14.66.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.66.1 * gfs2-kmp-azure-debuginfo-5.14.21-150400.14.66.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.66.1 * kernel-azure-debuginfo-5.14.21-150400.14.66.1 * gfs2-kmp-azure-5.14.21-150400.14.66.1 * openSUSE Leap 15.4 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150400.14.66.1 * openSUSE Leap 15.4 (noarch) * kernel-devel-azure-5.14.21-150400.14.66.1 * kernel-source-azure-5.14.21-150400.14.66.1 * Public Cloud Module 15-SP4 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150400.14.66.1 * Public Cloud Module 15-SP4 (aarch64 x86_64) * kernel-azure-devel-debuginfo-5.14.21-150400.14.66.1 * kernel-azure-debuginfo-5.14.21-150400.14.66.1 * kernel-azure-devel-5.14.21-150400.14.66.1 * kernel-syms-azure-5.14.21-150400.14.66.1 * kernel-azure-debugsource-5.14.21-150400.14.66.1 * Public Cloud Module 15-SP4 (noarch) * kernel-devel-azure-5.14.21-150400.14.66.1 * kernel-source-azure-5.14.21-150400.14.66.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2007.html * https://www.suse.com/security/cve/CVE-2023-20588.html * https://www.suse.com/security/cve/CVE-2023-34319.html * https://www.suse.com/security/cve/CVE-2023-3610.html * https://www.suse.com/security/cve/CVE-2023-37453.html * https://www.suse.com/security/cve/CVE-2023-3772.html * https://www.suse.com/security/cve/CVE-2023-3863.html * https://www.suse.com/security/cve/CVE-2023-4128.html * https://www.suse.com/security/cve/CVE-2023-4133.html * https://www.suse.com/security/cve/CVE-2023-4134.html * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4194.html * https://www.suse.com/security/cve/CVE-2023-4273.html * https://www.suse.com/security/cve/CVE-2023-4387.html * https://www.suse.com/security/cve/CVE-2023-4459.html * https://www.suse.com/security/cve/CVE-2023-4569.html * https://bugzilla.suse.com/show_bug.cgi?id=1023051 * https://bugzilla.suse.com/show_bug.cgi?id=1120059 * https://bugzilla.suse.com/show_bug.cgi?id=1177719 * https://bugzilla.suse.com/show_bug.cgi?id=1188885 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1205462 * https://bugzilla.suse.com/show_bug.cgi?id=1208902 * https://bugzilla.suse.com/show_bug.cgi?id=1208949 * https://bugzilla.suse.com/show_bug.cgi?id=1209284 * https://bugzilla.suse.com/show_bug.cgi?id=1209799 * https://bugzilla.suse.com/show_bug.cgi?id=1210048 * https://bugzilla.suse.com/show_bug.cgi?id=1210448 * https://bugzilla.suse.com/show_bug.cgi?id=1212091 * https://bugzilla.suse.com/show_bug.cgi?id=1212142 * https://bugzilla.suse.com/show_bug.cgi?id=1212526 * https://bugzilla.suse.com/show_bug.cgi?id=1212857 * https://bugzilla.suse.com/show_bug.cgi?id=1212873 * https://bugzilla.suse.com/show_bug.cgi?id=1213026 * https://bugzilla.suse.com/show_bug.cgi?id=1213123 * https://bugzilla.suse.com/show_bug.cgi?id=1213546 * https://bugzilla.suse.com/show_bug.cgi?id=1213580 * https://bugzilla.suse.com/show_bug.cgi?id=1213601 * https://bugzilla.suse.com/show_bug.cgi?id=1213666 * https://bugzilla.suse.com/show_bug.cgi?id=1213757 * https://bugzilla.suse.com/show_bug.cgi?id=1213759 * https://bugzilla.suse.com/show_bug.cgi?id=1213916 * https://bugzilla.suse.com/show_bug.cgi?id=1213921 * https://bugzilla.suse.com/show_bug.cgi?id=1213927 * https://bugzilla.suse.com/show_bug.cgi?id=1213946 * https://bugzilla.suse.com/show_bug.cgi?id=1213968 * https://bugzilla.suse.com/show_bug.cgi?id=1213970 * https://bugzilla.suse.com/show_bug.cgi?id=1213971 * https://bugzilla.suse.com/show_bug.cgi?id=1214000 * https://bugzilla.suse.com/show_bug.cgi?id=1214019 * https://bugzilla.suse.com/show_bug.cgi?id=1214120 * https://bugzilla.suse.com/show_bug.cgi?id=1214149 * https://bugzilla.suse.com/show_bug.cgi?id=1214180 * https://bugzilla.suse.com/show_bug.cgi?id=1214238 * https://bugzilla.suse.com/show_bug.cgi?id=1214285 * https://bugzilla.suse.com/show_bug.cgi?id=1214297 * https://bugzilla.suse.com/show_bug.cgi?id=1214299 * https://bugzilla.suse.com/show_bug.cgi?id=1214350 * https://bugzilla.suse.com/show_bug.cgi?id=1214368 * https://bugzilla.suse.com/show_bug.cgi?id=1214370 * https://bugzilla.suse.com/show_bug.cgi?id=1214371 * https://bugzilla.suse.com/show_bug.cgi?id=1214372 * https://bugzilla.suse.com/show_bug.cgi?id=1214380 * https://bugzilla.suse.com/show_bug.cgi?id=1214386 * https://bugzilla.suse.com/show_bug.cgi?id=1214392 * https://bugzilla.suse.com/show_bug.cgi?id=1214393 * https://bugzilla.suse.com/show_bug.cgi?id=1214397 * https://bugzilla.suse.com/show_bug.cgi?id=1214428 * https://bugzilla.suse.com/show_bug.cgi?id=1214451 * https://bugzilla.suse.com/show_bug.cgi?id=1214659 * https://bugzilla.suse.com/show_bug.cgi?id=1214661 * https://bugzilla.suse.com/show_bug.cgi?id=1214729 * https://bugzilla.suse.com/show_bug.cgi?id=1214742 * https://bugzilla.suse.com/show_bug.cgi?id=1214743 * https://bugzilla.suse.com/show_bug.cgi?id=1214756 * https://bugzilla.suse.com/show_bug.cgi?id=1214760 * https://jira.suse.com/browse/PED-4579 * https://jira.suse.com/browse/PED-4759 * https://jira.suse.com/browse/PED-4927 * https://jira.suse.com/browse/PED-4929 * https://jira.suse.com/browse/PED-5738 * https://jira.suse.com/browse/PED-6003 * https://jira.suse.com/browse/PED-6004 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 19 16:31:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 16:31:19 -0000 Subject: SUSE-SU-2023:3681-1: important: Security update for the Linux Kernel Message-ID: <169514107902.13167.4765430831328656669@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3681-1 Rating: important References: * #1120059 * #1203517 * #1210327 * #1210448 * #1212051 * #1213543 * #1213546 * #1213601 * #1213666 * #1213899 * #1213904 * #1213906 * #1213908 * #1213910 * #1213911 * #1213912 * #1213921 * #1213927 * #1213969 * #1213970 * #1213971 * #1214019 * #1214149 * #1214157 * #1214209 * #1214233 * #1214299 * #1214335 * #1214348 * #1214350 * #1214451 * #1214453 * #1214752 * #1214928 * #1215028 * #1215032 * #1215034 * #1215035 * #1215036 * #1215037 * #1215038 * #1215041 * #1215046 * #1215049 * #1215057 * PED-4579 * SLE-18779 Cross-References: * CVE-2022-36402 * CVE-2023-2007 * CVE-2023-20588 * CVE-2023-34319 * CVE-2023-3772 * CVE-2023-3812 * CVE-2023-3863 * CVE-2023-40283 * CVE-2023-4128 * CVE-2023-4132 * CVE-2023-4133 * CVE-2023-4134 * CVE-2023-4194 * CVE-2023-4385 * CVE-2023-4387 * CVE-2023-4459 CVSS scores: * CVE-2022-36402 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36402 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2007 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2007 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34319 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-3772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-40283 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-40283 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4132 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4132 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4133 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4134 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-4194 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4385 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4385 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4387 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4387 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-4459 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 16 vulnerabilities, contains two features and has 29 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517). * CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). * CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). * CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). * CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). * CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). * CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969). * CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). * CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). * CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). * CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348). * CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). * CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). * CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). * CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). * CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). The following non-security bugs were fixed: * ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970). * Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git- fixes). * Revert "scsi: qla2xxx: Fix buffer overrun" (bsc#1214928). * SUNRPC: always clear XPRT_SOCK_CONNECTING before xprt_clear_connecting on TCP xprt (bsc#1214453). * af_key: Fix send_acquire race with pfkey_register (git-fixes). * af_packet: fix data-race in packet_setsockopt / packet_setsockopt (git- fixes). * af_unix: Fix a data race of sk->sk_receive_queue->qlen (git-fixes). * arm64: Re-enable support for contiguous hugepages (git-fixes) * arm64: vdso: Fix clock_getres() for CLOCK_REALTIME (git-fixes) * bnx2x: fix page fault following EEH recovery (bsc#1214299). * bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (git-fixes). * bpf, arm64: remove prefetch insn in xadd mapping (git-fixes) * bpf, arm64: use more scalable stadd over ldxr / stxr loop in xadd (git- fixes) * bridge: ebtables: do not crash when using dnat target in output chains (git- fixes). * btrfs-allow-use-of-global-block-reserve-for-balance-.patch: (bsc#1214335). * btrfs-unset-reloc-control-if-transaction-commit-fail.patch: (bsc#1212051). * clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970). * clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970). * fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes). * fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (git- fixes). * fs: lockd: avoid possible wrong NULL parameter (git-fixes). * inetpeer: fix data-race in inet_putpeer / inet_putpeer (git-fixes). * kabi/severities: Ignore newly added SRSO mitigation functions * libceph: fix potential hang in ceph_osdc_notify() (bsc#1214752). * module: avoid allocation if module is already present and ready (bsc#1213921). * module: extract patient module check into helper (bsc#1213921). * module: move check_modinfo() early to early_mod_check() (bsc#1213921). * module: move early sanity checks into a helper (bsc#1213921). * net-sysfs: Call dev_hold always in netdev_queue_add_kobject (git-fixes). * net-sysfs: Call dev_hold always in rx_queue_add_kobject (git-fixes). * net-sysfs: Fix reference count leak in rx|netdev_queue_add_kobject (git- fixes). * net-sysfs: fix netdev_queue_add_kobject() breakage (git-fixes). * net/af_unix: fix a data-race in unix_dgram_poll (git-fixes). * net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock (git- fixes). * net/fq_impl: Switch to kvmalloc() for memory allocation (git-fixes). * net: bnx2x: fix variable dereferenced before check (git-fixes). * net: icmp: fix data-race in cmp_global_allow() (git-fixes). * net: mana: add support for XDP_QUERY_PROG (jsc#SLE-18779, bsc#1214209). * net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes). * netfilter: ipset: Fix an error code in ip_set_sockfn_get() (git-fixes). * netfilter: nf_conntrack: Fix possible possible crash on module loading (git- fixes). * nfs/blocklayout: Use the passed in gfp flags (git-fixes). * nfs: Guard against READDIR loop when entry names exceed MAXNAMELEN (git- fixes). * nfsd: Remove incorrect check in nfsd4_validate_stateid (git-fixes). * nfsd: add encoding of op_recall flag for write delegation (git-fixes). * nfsd: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). * packet: fix data-race in fanout_flow_is_huge() (git-fixes). * packet: unconditionally free po->rollover (git-fixes). * powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes). * ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes). * ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes). * s390/cio: cio_ignore_proc_seq_next should increase position index (git-fixes bsc#1215057). * s390/cpum_sf: Avoid SBD overflow condition in irq handler (git-fixes bsc#1213908). * s390/cpum_sf: Check for SDBT and SDB consistency (git-fixes bsc#1213910). * s390/dasd/cio: Interpret ccw_device_get_mdc return value correctly (git- fixes bsc#1215049). * s390/dasd: Fix capacity calculation for large volumes (git-fixes bsc#1215034). * s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1214157). * s390/ftrace: fix endless recursion in function_graph tracer (git-fixes bsc#1213912). * s390/jump_label: print real address in a case of a jump label bug (git-fixes bsc#1213899). * s390/kasan: fix strncpy_from_user kasan checks (git-fixes bsc#1215037). * s390/kdump: Fix memleak in nt_vmcoreinfo (git-fixes bsc#1215028). * s390/pkey: add one more argument space for debug feature entry (git-fixes bsc#1215035). * s390/qdio: add sanity checks to the fast-requeue path (git-fixes bsc#1215038). * s390/smp: __smp_rescan_cpus() - move cpumask away from stack (git-fixes bsc#1213906). * s390/smp: fix physical to logical CPU map for SMT (git-fixes bsc#1213904). * s390/time: ensure get_clock_monotonic() returns monotonic values (git-fixes bsc#1213911). * s390/uaccess: avoid (false positive) compiler warnings (git-fixes bsc#1215041). * s390/zcrypt: handle new reply code FILTERED_BY_HYPERVISOR (git-fixes bsc#1215046). * s390/zcrypt: improve special ap message cmd handling (git-fixes bsc#1215032). * s390: zcrypt: initialize variables before_use (git-fixes bsc#1215036). * sched/core: Check quota and period overflow at usec to nsec conversion (git fixes). * sched/core: Handle overflow in cpu_shares_write_u64 (git fixes). * sched/cpufreq: Fix kobject memleak (git fixes). * sched/fair: Do not NUMA balance for kthreads (git fixes). * sched/fair: Fix CFS bandwidth hrtimer expiry type (git fixes). * sched/topology: Fix off by one bug (git fixes). * scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). * scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). * scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). * scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). * scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). * scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). * scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). * scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). * scsi: qla2xxx: Remove unused declarations (bsc#1214928). * scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). * scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). * scsi: storvsc: Always set no_report_opcodes (git-fixes). * scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes). * skbuff: fix a data race in skb_queue_len() (git-fixes). * timers: Add shutdown mechanism to the internal functions (bsc#1213970). * timers: Provide timer_shutdown_sync (bsc#1213970). * timers: Rename del_timer() to timer_delete() (bsc#1213970). * timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970). * timers: Replace BUG_ON()s (bsc#1213970). * timers: Silently ignore timers with a NULL function (bsc#1213970). * timers: Split [try_to_]del_timer_sync to prepare for shutdown mode (bsc#1213970). * timers: Update kernel-doc for various functions (bsc#1213970). * timers: Use del_timer_sync() even on UP (bsc#1213970). * tracing: Fix warning in trace_buffered_event_disable() (git-fixes). * tun: fix bonding active backup with arp monitoring (git-fixes). * ubifs: fix snprintf() checking (git-fixes). * udp6: Fix race condition in udp6_sendmsg & connect (git-fixes). * udp: fix race between close() and udp_abort() (git-fixes). * usb-storage: alauda: Fix uninit-value in alauda_check_media() (git-fixes). * usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git- fixes). * usb: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes). * usb: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes). * usb: serial: option: add LARA-R6 01B PIDs (git-fixes). * usb: serial: option: add Quectel EC200A module support (git-fixes). * usb: serial: option: add Quectel EC200U modem (git-fixes). * usb: serial: option: add Quectel EM05CN (SG) modem (git-fixes). * usb: serial: option: add Quectel EM05CN modem (git-fixes). * usb: serial: option: add Quectel EM061KGL series (git-fixes). * usb: serial: option: add support for VW/Skoda "Carstick LTE" (git-fixes). * usb: serial: option: add u-blox LARA-L6 modem (git-fixes). * usb: serial: option: support Quectel EM060K_128 (git-fixes). * usb: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes). * usb: serial: simple: sort driver entries (git-fixes). * usb: xhci-mtk: set the dma max_seg_size (git-fixes). * usb: xhci: Check endpoint is valid before dereferencing it (git-fixes). * usb: zaurus: Add ID for A-300/B-500/C-700 (git-fixes). * x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes). * x86/bugs: Reset speculation control settings on init (git-fixes). * x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (git-fixes). * x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). * x86/cpu/vmware: Fix platform detection VMWARE_PORT macro (bsc#1210327). * x86/cpu/vmware: Use the full form of INL in VMWARE_HYPERCALL, for clang/llvm (bsc#1210327). * x86/cpu/vmware: Use the full form of INL in VMWARE_PORT (bsc#1210327). * x86/cpu: Cleanup the untrain mess (git-fixes). * x86/cpu: Fix __x86_return_thunk symbol type (git-fixes). * x86/cpu: Fix amd_check_microcode() declaration (git-fixes). * x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). * x86/cpu: Rename original retbleed methods (git-fixes). * x86/cpu: Rename srso_(.*) _alias to srso_alias_ \1 (git-fixes). * x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes). * x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). * x86/microcode/AMD: Load late on both threads too (git-fixes). * x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). * x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes). * x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes). * x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes). * x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes). * x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). * x86/speculation: Add cpu_show_gds() prototype (git-fixes). * x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). * x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). * x86/srso: Disable the mitigation on unaffected configurations (git-fixes). * x86/srso: Explain the untraining sequences a bit more (git-fixes). * x86/srso: Fix build breakage with the LLVM linker (git-fixes). * x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). * x86/vmware: Add a header file for hypercall definitions (bsc#1210327). * x86/vmware: Add steal time clock support for VMware guests (bsc#1210327). * x86/vmware: Enable steal time accounting (bsc#1210327). * x86/vmware: Update platform detection code for VMCALL/VMMCALL hypercalls (bsc#1210327). * x86: Move gds_ucode_mitigated() declaration to header (git-fixes). * xfrm: release device reference for invalid state (git-fixes). * xhci-pci: set the dma max_seg_size (git-fixes). * xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3681=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3681=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3681=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.149.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kernel-azure-debuginfo-4.12.14-16.149.1 * kernel-azure-base-4.12.14-16.149.1 * kernel-azure-base-debuginfo-4.12.14-16.149.1 * kernel-syms-azure-4.12.14-16.149.1 * kernel-azure-devel-4.12.14-16.149.1 * kernel-azure-debugsource-4.12.14-16.149.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-source-azure-4.12.14-16.149.1 * kernel-devel-azure-4.12.14-16.149.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.149.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * kernel-azure-debuginfo-4.12.14-16.149.1 * kernel-azure-base-4.12.14-16.149.1 * kernel-azure-base-debuginfo-4.12.14-16.149.1 * kernel-syms-azure-4.12.14-16.149.1 * kernel-azure-devel-4.12.14-16.149.1 * kernel-azure-debugsource-4.12.14-16.149.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-source-azure-4.12.14-16.149.1 * kernel-devel-azure-4.12.14-16.149.1 * SUSE Linux Enterprise Server 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.149.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * kernel-azure-debuginfo-4.12.14-16.149.1 * kernel-azure-base-4.12.14-16.149.1 * kernel-azure-base-debuginfo-4.12.14-16.149.1 * kernel-syms-azure-4.12.14-16.149.1 * kernel-azure-devel-4.12.14-16.149.1 * kernel-azure-debugsource-4.12.14-16.149.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-source-azure-4.12.14-16.149.1 * kernel-devel-azure-4.12.14-16.149.1 ## References: * https://www.suse.com/security/cve/CVE-2022-36402.html * https://www.suse.com/security/cve/CVE-2023-2007.html * https://www.suse.com/security/cve/CVE-2023-20588.html * https://www.suse.com/security/cve/CVE-2023-34319.html * https://www.suse.com/security/cve/CVE-2023-3772.html * https://www.suse.com/security/cve/CVE-2023-3812.html * https://www.suse.com/security/cve/CVE-2023-3863.html * https://www.suse.com/security/cve/CVE-2023-40283.html * https://www.suse.com/security/cve/CVE-2023-4128.html * https://www.suse.com/security/cve/CVE-2023-4132.html * https://www.suse.com/security/cve/CVE-2023-4133.html * https://www.suse.com/security/cve/CVE-2023-4134.html * https://www.suse.com/security/cve/CVE-2023-4194.html * https://www.suse.com/security/cve/CVE-2023-4385.html * https://www.suse.com/security/cve/CVE-2023-4387.html * https://www.suse.com/security/cve/CVE-2023-4459.html * https://bugzilla.suse.com/show_bug.cgi?id=1120059 * https://bugzilla.suse.com/show_bug.cgi?id=1203517 * https://bugzilla.suse.com/show_bug.cgi?id=1210327 * https://bugzilla.suse.com/show_bug.cgi?id=1210448 * https://bugzilla.suse.com/show_bug.cgi?id=1212051 * https://bugzilla.suse.com/show_bug.cgi?id=1213543 * https://bugzilla.suse.com/show_bug.cgi?id=1213546 * https://bugzilla.suse.com/show_bug.cgi?id=1213601 * https://bugzilla.suse.com/show_bug.cgi?id=1213666 * https://bugzilla.suse.com/show_bug.cgi?id=1213899 * https://bugzilla.suse.com/show_bug.cgi?id=1213904 * https://bugzilla.suse.com/show_bug.cgi?id=1213906 * https://bugzilla.suse.com/show_bug.cgi?id=1213908 * https://bugzilla.suse.com/show_bug.cgi?id=1213910 * https://bugzilla.suse.com/show_bug.cgi?id=1213911 * https://bugzilla.suse.com/show_bug.cgi?id=1213912 * https://bugzilla.suse.com/show_bug.cgi?id=1213921 * https://bugzilla.suse.com/show_bug.cgi?id=1213927 * https://bugzilla.suse.com/show_bug.cgi?id=1213969 * https://bugzilla.suse.com/show_bug.cgi?id=1213970 * https://bugzilla.suse.com/show_bug.cgi?id=1213971 * https://bugzilla.suse.com/show_bug.cgi?id=1214019 * https://bugzilla.suse.com/show_bug.cgi?id=1214149 * https://bugzilla.suse.com/show_bug.cgi?id=1214157 * https://bugzilla.suse.com/show_bug.cgi?id=1214209 * https://bugzilla.suse.com/show_bug.cgi?id=1214233 * https://bugzilla.suse.com/show_bug.cgi?id=1214299 * https://bugzilla.suse.com/show_bug.cgi?id=1214335 * https://bugzilla.suse.com/show_bug.cgi?id=1214348 * https://bugzilla.suse.com/show_bug.cgi?id=1214350 * https://bugzilla.suse.com/show_bug.cgi?id=1214451 * https://bugzilla.suse.com/show_bug.cgi?id=1214453 * https://bugzilla.suse.com/show_bug.cgi?id=1214752 * https://bugzilla.suse.com/show_bug.cgi?id=1214928 * https://bugzilla.suse.com/show_bug.cgi?id=1215028 * https://bugzilla.suse.com/show_bug.cgi?id=1215032 * https://bugzilla.suse.com/show_bug.cgi?id=1215034 * https://bugzilla.suse.com/show_bug.cgi?id=1215035 * https://bugzilla.suse.com/show_bug.cgi?id=1215036 * https://bugzilla.suse.com/show_bug.cgi?id=1215037 * https://bugzilla.suse.com/show_bug.cgi?id=1215038 * https://bugzilla.suse.com/show_bug.cgi?id=1215041 * https://bugzilla.suse.com/show_bug.cgi?id=1215046 * https://bugzilla.suse.com/show_bug.cgi?id=1215049 * https://bugzilla.suse.com/show_bug.cgi?id=1215057 * https://jira.suse.com/browse/PED-4579 * https://jira.suse.com/browse/SLE-18779 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 19 16:31:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 16:31:21 -0000 Subject: SUSE-SU-2023:3677-1: important: Security update for the Linux Kernel RT (Live Patch 9 for SLE 15 SP4) Message-ID: <169514108155.13167.16239315145870274127@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 9 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:3677-1 Rating: important References: * #1211395 * #1213063 Cross-References: * CVE-2023-2156 * CVE-2023-35001 CVSS scores: * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_15_40 fixes several issues. The following security issues were fixed: * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3677=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-SLE15-SP4-RT_Update_9-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_15_40-rt-2-150400.2.1 * kernel-livepatch-5_14_21-150400_15_40-rt-debuginfo-2-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://bugzilla.suse.com/show_bug.cgi?id=1211395 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 19 16:31:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 16:31:23 -0000 Subject: SUSE-SU-2023:3676-1: important: Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP5) Message-ID: <169514108390.13167.17960327883584343077@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:3676-1 Rating: important References: * #1211395 * #1212849 * #1213063 Cross-References: * CVE-2023-2156 * CVE-2023-3090 * CVE-2023-35001 CVSS scores: * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_5 fixes several issues. The following security issues were fixed: * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3676=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3679=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3679=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-SLE15-SP4-RT_Update_8-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_15_37-rt-2-150400.2.1 * kernel-livepatch-5_14_21-150400_15_37-rt-debuginfo-2-150400.2.1 * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_13_5-rt-2-150500.2.1 * kernel-livepatch-5_14_21-150500_13_5-rt-debuginfo-2-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_1-debugsource-2-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_5-rt-2-150500.2.1 * kernel-livepatch-5_14_21-150500_13_5-rt-debuginfo-2-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_1-debugsource-2-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://bugzilla.suse.com/show_bug.cgi?id=1211395 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 19 16:31:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 16:31:27 -0000 Subject: SUSE-SU-2023:3675-1: important: Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP4) Message-ID: <169514108754.13167.3144542583354271630@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:3675-1 Rating: important References: * #1208839 * #1211187 * #1211395 * #1212849 * #1213063 Cross-References: * CVE-2023-1077 * CVE-2023-2156 * CVE-2023-3090 * CVE-2023-32233 * CVE-2023-35001 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_15_28 fixes several issues. The following security issues were fixed: * CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211187). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3675=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-SLE15-SP4-RT_Update_7-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_15_28-rt-5-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-32233.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1211187 * https://bugzilla.suse.com/show_bug.cgi?id=1211395 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 19 16:31:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 16:31:32 -0000 Subject: SUSE-SU-2023:3671-1: important: Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP5) Message-ID: <169514109205.13167.5858495439847152075@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:3671-1 Rating: important References: * #1208839 * #1210630 * #1211187 * #1211395 * #1212849 * #1213063 * #1213244 Cross-References: * CVE-2023-1077 * CVE-2023-2156 * CVE-2023-2176 * CVE-2023-3090 * CVE-2023-32233 * CVE-2023-35001 * CVE-2023-3567 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_11 fixes several issues. The following security issues were fixed: * CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211187). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210630). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3671=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-3672=1 SUSE-SLE-Module-Live- Patching-15-SP4-2023-3673=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3678=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3678=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-5_14_21-150400_15_5-rt-debuginfo-9-150400.2.2 * kernel-livepatch-5_14_21-150400_15_5-rt-9-150400.2.2 * kernel-livepatch-SLE15-SP4-RT_Update_3-debugsource-7-150400.2.2 * kernel-livepatch-SLE15-SP4-RT_Update_2-debugsource-8-150400.2.2 * kernel-livepatch-5_14_21-150400_15_8-rt-8-150400.2.2 * kernel-livepatch-5_14_21-150400_15_8-rt-debuginfo-8-150400.2.2 * kernel-livepatch-SLE15-SP4-RT_Update_1-debugsource-9-150400.2.2 * kernel-livepatch-5_14_21-150400_15_11-rt-debuginfo-7-150400.2.2 * kernel-livepatch-5_14_21-150400_15_11-rt-7-150400.2.2 * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_11-rt-debuginfo-3-150500.6.2 * kernel-livepatch-SLE15-SP5-RT_Update_0-debugsource-3-150500.6.2 * kernel-livepatch-5_14_21-150500_11-rt-3-150500.6.2 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_11-rt-debuginfo-3-150500.6.2 * kernel-livepatch-SLE15-SP5-RT_Update_0-debugsource-3-150500.6.2 * kernel-livepatch-5_14_21-150500_11-rt-3-150500.6.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-32233.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1210630 * https://bugzilla.suse.com/show_bug.cgi?id=1211187 * https://bugzilla.suse.com/show_bug.cgi?id=1211395 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 * https://bugzilla.suse.com/show_bug.cgi?id=1213244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 19 16:31:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 16:31:36 -0000 Subject: SUSE-SU-2023:3668-1: important: Security update for the Linux Kernel RT (Live Patch 6 for SLE 15 SP4) Message-ID: <169514109672.13167.5582426308580251716@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 6 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:3668-1 Rating: important References: * #1208839 * #1210630 * #1211187 * #1211395 * #1212849 * #1213063 Cross-References: * CVE-2023-1077 * CVE-2023-2156 * CVE-2023-2176 * CVE-2023-3090 * CVE-2023-32233 * CVE-2023-35001 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves six vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_15_23 fixes several issues. The following security issues were fixed: * CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211187). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210630). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3668=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-3674=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-5_14_21-150400_15_18-rt-debuginfo-6-150400.2.1 * kernel-livepatch-5_14_21-150400_15_23-rt-5-150400.2.1 * kernel-livepatch-5_14_21-150400_15_18-rt-6-150400.2.1 * kernel-livepatch-SLE15-SP4-RT_Update_6-debugsource-5-150400.2.1 * kernel-livepatch-SLE15-SP4-RT_Update_5-debugsource-6-150400.2.1 * kernel-livepatch-5_14_21-150400_15_23-rt-debuginfo-5-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-32233.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://bugzilla.suse.com/show_bug.cgi?id=1208839 * https://bugzilla.suse.com/show_bug.cgi?id=1210630 * https://bugzilla.suse.com/show_bug.cgi?id=1211187 * https://bugzilla.suse.com/show_bug.cgi?id=1211395 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 19 16:31:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 16:31:38 -0000 Subject: SUSE-SU-2023:3670-1: moderate: Security update for python-brotlipy Message-ID: <169514109878.13167.1787860910971882180@smelt2.prg2.suse.org> # Security update for python-brotlipy Announcement ID: SUSE-SU-2023:3670-1 Rating: moderate References: * #1175825 Cross-References: * CVE-2020-8927 CVSS scores: * CVE-2020-8927 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2020-8927 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-brotlipy fixes the following issues: * CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-3670=1 ## Package List: * Public Cloud Module 12 (aarch64 ppc64le s390x x86_64) * python3-brotlipy-0.6.0-2.6.1 * python3-brotlipy-debuginfo-0.6.0-2.6.1 * python-brotlipy-0.6.0-2.6.1 * python-brotlipy-debugsource-0.6.0-2.6.1 * python-brotlipy-debuginfo-0.6.0-2.6.1 ## References: * https://www.suse.com/security/cve/CVE-2020-8927.html * https://bugzilla.suse.com/show_bug.cgi?id=1175825 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 19 16:31:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 16:31:40 -0000 Subject: SUSE-SU-2023:3669-1: moderate: Security update for python-brotlipy Message-ID: <169514110067.13167.17935752773986352504@smelt2.prg2.suse.org> # Security update for python-brotlipy Announcement ID: SUSE-SU-2023:3669-1 Rating: moderate References: * #1175825 Cross-References: * CVE-2020-8927 CVSS scores: * CVE-2020-8927 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2020-8927 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 An update that solves one vulnerability can now be installed. ## Description: This update for python-brotlipy fixes the following issues: * CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-3669=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-3669=1 ## Package List: * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * python-brotlipy-debugsource-0.7.0-150100.3.6.1 * python3-brotlipy-debuginfo-0.7.0-150100.3.6.1 * python-brotlipy-debuginfo-0.7.0-150100.3.6.1 * python3-brotlipy-0.7.0-150100.3.6.1 * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * python-brotlipy-debugsource-0.7.0-150100.3.6.1 * python3-brotlipy-debuginfo-0.7.0-150100.3.6.1 * python-brotlipy-debuginfo-0.7.0-150100.3.6.1 * python3-brotlipy-0.7.0-150100.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2020-8927.html * https://bugzilla.suse.com/show_bug.cgi?id=1175825 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Sep 19 20:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Sep 2023 20:30:06 -0000 Subject: SUSE-SU-2023:3687-1: important: Security update for the Linux Kernel Message-ID: <169515540632.22243.11159804507804022374@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3687-1 Rating: important References: * #1203517 * #1210448 * #1213272 * #1213601 * #1213666 * #1213927 * #1213969 * #1213971 * #1214120 * #1214149 * #1214348 * #1214350 * #1214451 Cross-References: * CVE-2022-36402 * CVE-2023-2007 * CVE-2023-20588 * CVE-2023-21400 * CVE-2023-3772 * CVE-2023-3863 * CVE-2023-4128 * CVE-2023-4132 * CVE-2023-4134 * CVE-2023-4273 * CVE-2023-4385 * CVE-2023-4387 * CVE-2023-4459 CVSS scores: * CVE-2022-36402 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36402 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2007 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2007 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-21400 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-21400 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4132 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4132 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4134 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4273 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4273 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-4385 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4385 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4387 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4387 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-4459 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Manager Proxy 4.1 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Server 4.1 An update that solves 13 vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). * CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). * CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). * CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). * CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969). * CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). * CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). * CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348). * CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). * CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). * CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517). * CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). * CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). The following non-security bugs were fixed: * kabi/severities: Ignore newly added SRSO mitigation functions * x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). * x86/cpu: Cleanup the untrain mess (git-fixes). * x86/cpu: Rename original retbleed methods (git-fixes). * x86/cpu: Rename srso_(.*) _alias to srso_alias_ \1 (git-fixes). * x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). * x86/speculation: Add cpu_show_gds() prototype (git-fixes). * x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). * x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). * x86/srso: Disable the mitigation on unaffected configurations (git-fixes). * x86/srso: Explain the untraining sequences a bit more (git-fixes). * x86: Move gds_ucode_mitigated() declaration to header (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-3687=1 * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-3687=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3687=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3687=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3687=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (nosrc) * kernel-default-5.3.18-150200.24.163.1 * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP2_Update_40-debugsource-1-150200.5.3.1 * kernel-default-livepatch-devel-5.3.18-150200.24.163.1 * kernel-default-debuginfo-5.3.18-150200.24.163.1 * kernel-default-debugsource-5.3.18-150200.24.163.1 * kernel-livepatch-5_3_18-150200_24_163-default-debuginfo-1-150200.5.3.1 * kernel-livepatch-5_3_18-150200_24_163-default-1-150200.5.3.1 * kernel-default-livepatch-5.3.18-150200.24.163.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * dlm-kmp-default-5.3.18-150200.24.163.1 * cluster-md-kmp-default-debuginfo-5.3.18-150200.24.163.1 * gfs2-kmp-default-debuginfo-5.3.18-150200.24.163.1 * kernel-default-debuginfo-5.3.18-150200.24.163.1 * kernel-default-debugsource-5.3.18-150200.24.163.1 * dlm-kmp-default-debuginfo-5.3.18-150200.24.163.1 * ocfs2-kmp-default-5.3.18-150200.24.163.1 * ocfs2-kmp-default-debuginfo-5.3.18-150200.24.163.1 * cluster-md-kmp-default-5.3.18-150200.24.163.1 * gfs2-kmp-default-5.3.18-150200.24.163.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc) * kernel-default-5.3.18-150200.24.163.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150200.24.163.1 * kernel-default-5.3.18-150200.24.163.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kernel-obs-build-5.3.18-150200.24.163.1 * kernel-default-debuginfo-5.3.18-150200.24.163.1 * kernel-default-debugsource-5.3.18-150200.24.163.1 * kernel-preempt-debuginfo-5.3.18-150200.24.163.1 * kernel-preempt-devel-5.3.18-150200.24.163.1 * kernel-obs-build-debugsource-5.3.18-150200.24.163.1 * kernel-preempt-debugsource-5.3.18-150200.24.163.1 * kernel-syms-5.3.18-150200.24.163.1 * kernel-default-base-5.3.18-150200.24.163.1.150200.9.81.1 * kernel-default-devel-5.3.18-150200.24.163.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.163.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.163.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * kernel-macros-5.3.18-150200.24.163.1 * kernel-source-5.3.18-150200.24.163.1 * kernel-devel-5.3.18-150200.24.163.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.163.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150200.24.163.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-5.3.18-150200.24.163.1 * reiserfs-kmp-default-5.3.18-150200.24.163.1 * kernel-default-debuginfo-5.3.18-150200.24.163.1 * kernel-default-debugsource-5.3.18-150200.24.163.1 * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.163.1 * kernel-obs-build-debugsource-5.3.18-150200.24.163.1 * kernel-syms-5.3.18-150200.24.163.1 * kernel-default-base-5.3.18-150200.24.163.1.150200.9.81.1 * kernel-default-devel-5.3.18-150200.24.163.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.163.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * kernel-macros-5.3.18-150200.24.163.1 * kernel-source-5.3.18-150200.24.163.1 * kernel-devel-5.3.18-150200.24.163.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.163.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150200.24.163.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kernel-preempt-debuginfo-5.3.18-150200.24.163.1 * kernel-preempt-debugsource-5.3.18-150200.24.163.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.163.1 * kernel-preempt-devel-5.3.18-150200.24.163.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150200.24.163.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * kernel-obs-build-5.3.18-150200.24.163.1 * reiserfs-kmp-default-5.3.18-150200.24.163.1 * kernel-default-debuginfo-5.3.18-150200.24.163.1 * kernel-default-debugsource-5.3.18-150200.24.163.1 * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.163.1 * kernel-obs-build-debugsource-5.3.18-150200.24.163.1 * kernel-syms-5.3.18-150200.24.163.1 * kernel-default-base-5.3.18-150200.24.163.1.150200.9.81.1 * kernel-default-devel-5.3.18-150200.24.163.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.163.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * kernel-macros-5.3.18-150200.24.163.1 * kernel-source-5.3.18-150200.24.163.1 * kernel-devel-5.3.18-150200.24.163.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.163.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64) * kernel-preempt-5.3.18-150200.24.163.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * kernel-preempt-debuginfo-5.3.18-150200.24.163.1 * kernel-preempt-debugsource-5.3.18-150200.24.163.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.163.1 * kernel-preempt-devel-5.3.18-150200.24.163.1 ## References: * https://www.suse.com/security/cve/CVE-2022-36402.html * https://www.suse.com/security/cve/CVE-2023-2007.html * https://www.suse.com/security/cve/CVE-2023-20588.html * https://www.suse.com/security/cve/CVE-2023-21400.html * https://www.suse.com/security/cve/CVE-2023-3772.html * https://www.suse.com/security/cve/CVE-2023-3863.html * https://www.suse.com/security/cve/CVE-2023-4128.html * https://www.suse.com/security/cve/CVE-2023-4132.html * https://www.suse.com/security/cve/CVE-2023-4134.html * https://www.suse.com/security/cve/CVE-2023-4273.html * https://www.suse.com/security/cve/CVE-2023-4385.html * https://www.suse.com/security/cve/CVE-2023-4387.html * https://www.suse.com/security/cve/CVE-2023-4459.html * https://bugzilla.suse.com/show_bug.cgi?id=1203517 * https://bugzilla.suse.com/show_bug.cgi?id=1210448 * https://bugzilla.suse.com/show_bug.cgi?id=1213272 * https://bugzilla.suse.com/show_bug.cgi?id=1213601 * https://bugzilla.suse.com/show_bug.cgi?id=1213666 * https://bugzilla.suse.com/show_bug.cgi?id=1213927 * https://bugzilla.suse.com/show_bug.cgi?id=1213969 * https://bugzilla.suse.com/show_bug.cgi?id=1213971 * https://bugzilla.suse.com/show_bug.cgi?id=1214120 * https://bugzilla.suse.com/show_bug.cgi?id=1214149 * https://bugzilla.suse.com/show_bug.cgi?id=1214348 * https://bugzilla.suse.com/show_bug.cgi?id=1214350 * https://bugzilla.suse.com/show_bug.cgi?id=1214451 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 07:05:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 09:05:58 +0200 (CEST) Subject: SUSE-CU-2023:3038-1: Security update of suse/git Message-ID: <20230920070558.DA127F46C@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3038-1 Container Tags : suse/git:2.35 , suse/git:2.35-3.9 , suse/git:latest Container Release : 3.9 Severity : important Type : security References : 1214052 CVE-2023-4039 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - container:micro-image-15.5.0-11.4 updated From sle-updates at lists.suse.com Wed Sep 20 07:06:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 09:06:13 +0200 (CEST) Subject: SUSE-CU-2023:3039-1: Security update of bci/bci-init Message-ID: <20230920070613.28315F46C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3039-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.8.61 , bci/bci-init:latest Container Release : 8.61 Severity : important Type : security References : 1214052 1214768 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated From sle-updates at lists.suse.com Wed Sep 20 07:06:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 09:06:26 +0200 (CEST) Subject: SUSE-CU-2023:3040-1: Security update of bci/ruby Message-ID: <20230920070626.21971F46C@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3040-1 Container Tags : bci/ruby:2 , bci/ruby:2-10.43 , bci/ruby:2.5 , bci/ruby:2.5-10.43 , bci/ruby:latest Container Release : 10.43 Severity : important Type : security References : 1214052 1214768 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - libatomic1-12.3.0+git1204-150000.1.16.1 updated - libgomp1-12.3.0+git1204-150000.1.16.1 updated - libitm1-12.3.0+git1204-150000.1.16.1 updated - liblsan0-12.3.0+git1204-150000.1.16.1 updated - container:sles15-image-15.0.0-36.5.33 updated From sle-updates at lists.suse.com Wed Sep 20 07:06:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 09:06:42 +0200 (CEST) Subject: SUSE-CU-2023:3041-1: Security update of bci/rust Message-ID: <20230920070642.0A7B0F46C@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3041-1 Container Tags : bci/rust:1.70 , bci/rust:1.70-2.2.4 , bci/rust:oldstable , bci/rust:oldstable-2.2.4 Container Release : 2.4 Severity : important Type : security References : 1214052 1214768 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - libatomic1-12.3.0+git1204-150000.1.16.1 updated - libgomp1-12.3.0+git1204-150000.1.16.1 updated - libitm1-12.3.0+git1204-150000.1.16.1 updated - liblsan0-12.3.0+git1204-150000.1.16.1 updated - libubsan1-12.3.0+git1204-150000.1.16.1 updated - container:sles15-image-15.0.0-36.5.33 updated From sle-updates at lists.suse.com Wed Sep 20 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 08:30:07 -0000 Subject: SUSE-SU-2023:3695-1: important: Security update for binutils Message-ID: <169519860793.14729.2615426127359819839@smelt2.prg2.suse.org> # Security update for binutils Announcement ID: SUSE-SU-2023:3695-1 Rating: important References: * #1200962 * #1206080 * #1206556 * #1208037 * #1208038 * #1208040 * #1208409 * #1209642 * #1210297 * #1210733 * #1213282 * #1213458 * #1214565 * #1214567 * #1214579 * #1214580 * #1214604 * #1214611 * #1214619 * #1214620 * #1214623 * #1214624 * #1214625 * PED-1435 * PED-5778 Cross-References: * CVE-2020-19726 * CVE-2021-32256 * CVE-2022-35205 * CVE-2022-35206 * CVE-2022-4285 * CVE-2022-44840 * CVE-2022-45703 * CVE-2022-47673 * CVE-2022-47695 * CVE-2022-47696 * CVE-2022-48063 * CVE-2022-48064 * CVE-2022-48065 * CVE-2023-0687 * CVE-2023-1579 * CVE-2023-1972 * CVE-2023-2222 * CVE-2023-25585 * CVE-2023-25587 * CVE-2023-25588 CVSS scores: * CVE-2020-19726 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2021-32256 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2021-32256 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-35205 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-35205 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-35206 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-4285 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-4285 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-44840 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-45703 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-47673 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-47695 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-47696 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-48063 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-48064 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-48064 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-48065 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-0687 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N * CVE-2023-0687 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0687 ( NVD ): 4.6 CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-1579 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-1579 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-1972 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-1972 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2222 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-25585 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-25585 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25587 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-25588 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-25588 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves 20 vulnerabilities, contains two features and has three security fixes can now be installed. ## Description: This update for binutils fixes the following issues: Update to version 2.41 [jsc#PED-5778]: * The MIPS port now supports the Sony Interactive Entertainment Allegrex processor, used with the PlayStation Portable, which implements the MIPS II ISA along with a single-precision FPU and a few implementation-specific integer instructions. * Objdump's --private option can now be used on PE format files to display the fields in the file header and section headers. * New versioned release of libsframe: libsframe.so.1. This release introduces versioned symbols with version node name LIBSFRAME_1.0. This release also updates the ABI in an incompatible way: this includes removal of sframe_get_funcdesc_with_addr API, change in the behavior of sframe_fre_get_ra_offset and sframe_fre_get_fp_offset APIs. * SFrame Version 2 is now the default (and only) format version supported by gas, ld, readelf and objdump. * Add command-line option, --strip-section-headers, to objcopy and strip to remove ELF section header from ELF file. * The RISC-V port now supports the following new standard extensions: * Zicond (conditional zero instructions) * Zfa (additional floating-point instructions) * Zvbb, Zvbc, Zvkg, Zvkned, Zvknh[ab], Zvksed, Zvksh, Zvkn, Zvknc, Zvkng, Zvks, Zvksc, Zvkg, Zvkt (vector crypto instructions) * The RISC-V port now supports the following vendor-defined extensions: * XVentanaCondOps * Add support for Intel FRED, LKGS and AMX-COMPLEX instructions. * A new .insn directive is recognized by x86 gas. * Add SME2 support to the AArch64 port. * The linker now accepts a command line option of --remap-inputs = to relace any input file that matches with . In addition the option --remap-inputs-file= can be used to specify a file containing any number of these remapping directives. * The linker command line option --print-map-locals can be used to include local symbols in a linker map. (ELF targets only). * For most ELF based targets, if the --enable-linker-version option is used then the version of the linker will be inserted as a string into the .comment section. * The linker script syntax has a new command for output sections: ASCIZ "string" This will insert a zero-terminated string at the current location. * Add command-line option, -z nosectionheader, to omit ELF section header. * Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1209642 aka CVE-2023-1579 aka PR29988 * bsc#1210297 aka CVE-2023-1972 aka PR30285 * bsc#1210733 aka CVE-2023-2222 aka PR29936 * bsc#1213458 aka CVE-2021-32256 aka PR105039 (gcc) * bsc#1214565 aka CVE-2020-19726 aka PR26240 * bsc#1214567 aka CVE-2022-35206 aka PR29290 * bsc#1214579 aka CVE-2022-35205 aka PR29289 * bsc#1214580 aka CVE-2022-44840 aka PR29732 * bsc#1214604 aka CVE-2022-45703 aka PR29799 * bsc#1214611 aka CVE-2022-48065 aka PR29925 * bsc#1214619 aka CVE-2022-48064 aka PR29922 * bsc#1214620 aka CVE-2022-48063 aka PR29924 * bsc#1214623 aka CVE-2022-47696 aka PR29677 * bsc#1214624 aka CVE-2022-47695 aka PR29846 * bsc#1214625 aka CVE-2022-47673 aka PR29876 * Fixed a compatibility problem caused by binutils-revert-rela.diff in SLE codestreams. Needed for update of glibc as that would otherwise pick up the broken relative relocs support. [bsc#1213282, jsc#PED-1435] * Document fixed CVEs: * bsc#1208037 aka CVE-2023-25588 aka PR29677 * bsc#1208038 aka CVE-2023-25587 aka PR29846 * bsc#1208040 aka CVE-2023-25585 aka PR29892 * bsc#1208409 aka CVE-2023-0687 aka PR29444 * Enable bpf-none cross target and add bpf-none to the multitarget set of supported targets. * Disable packed-relative-relocs for old codestreams. They generate buggy relocations when binutils-revert-rela.diff is active. [bsc#1206556] * Disable ZSTD debug section compress by default. * Enable zstd compression algorithm (instead of zlib) for debug info sections by default. * Pack libgprofng only for supported platforms. * Move libgprofng-related libraries to the proper locations (packages). * Add --without=bootstrap for skipping of bootstrap (faster testing of the package). Update to version 2.40: * Objdump has a new command line option --show-all-symbols which will make it display all symbols that match a given address when disassembling. (Normally only the first symbol that matches an address is shown). * Add --enable-colored-disassembly configure time option to enable colored disassembly output by default, if the output device is a terminal. Note, this configure option is disabled by default. * DCO signed contributions are now accepted. * objcopy --decompress-debug-sections now supports zstd compressed debug sections. The new option --compress-debug-sections=zstd compresses debug sections with zstd. * addr2line and objdump --dwarf now support zstd compressed debug sections. * The dlltool program now accepts --deterministic-libraries and \--non- deterministic-libraries as command line options to control whether or not it generates deterministic output libraries. If neither of these options are used the default is whatever was set when the binutils were configured. * readelf and objdump now have a newly added option --sframe which dumps the SFrame section. * Add support for Intel RAO-INT instructions. * Add support for Intel AVX-NE-CONVERT instructions. * Add support for Intel MSRLIST instructions. * Add support for Intel WRMSRNS instructions. * Add support for Intel CMPccXADD instructions. * Add support for Intel AVX-VNNI-INT8 instructions. * Add support for Intel AVX-IFMA instructions. * Add support for Intel PREFETCHI instructions. * Add support for Intel AMX-FP16 instructions. * gas now supports --compress-debug-sections=zstd to compress debug sections with zstd. * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd} that selects the default compression algorithm for --enable-compressed-debug- sections. * Add support for various T-Head extensions (XTheadBa, XTheadBb, XTheadBs, XTheadCmo, XTheadCondMov, XTheadFMemIdx, XTheadFmv, XTheadInt, XTheadMemIdx, XTheadMemPair, XTheadMac, and XTheadSync) from version 2.0 of the T-Head ISA manual, which are implemented in the Allwinner D1. * Add support for the RISC-V Zawrs extension, version 1.0-rc4. * Add support for Cortex-X1C for Arm. * New command line option --gsframe to generate SFrame unwind information on x86_64 and aarch64 targets. * The linker has a new command line option to suppress the generation of any warning or error messages. This can be useful when there is a need to create a known non-working binary. The option is -w or --no-warnings. * ld now supports zstd compressed debug sections. The new option \--compress- debug-sections=zstd compresses debug sections with zstd. * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd} that selects the default compression algorithm for --enable-compressed-debug- sections. * Remove support for -z bndplt (MPX prefix instructions). * Includes fixes for these CVEs: * bsc#1206080 aka CVE-2022-4285 aka PR29699 * Enable by default: --enable-colored-disassembly. * fix build on x86_64_vX platforms * add arm32 avoid copyreloc patch for PR16177 (bsc#1200962) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3695=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3695=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3695=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3695=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * binutils-debuginfo-2.41-9.53.1 * binutils-gold-2.41-9.53.1 * binutils-debugsource-2.41-9.53.1 * binutils-devel-2.41-9.53.1 * binutils-gold-debuginfo-2.41-9.53.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libctf-nobfd0-debuginfo-2.41-9.53.1 * libctf-nobfd0-2.41-9.53.1 * binutils-2.41-9.53.1 * binutils-debuginfo-2.41-9.53.1 * binutils-debugsource-2.41-9.53.1 * libctf0-2.41-9.53.1 * binutils-devel-2.41-9.53.1 * libctf0-debuginfo-2.41-9.53.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libctf-nobfd0-debuginfo-2.41-9.53.1 * libctf-nobfd0-2.41-9.53.1 * binutils-2.41-9.53.1 * binutils-debuginfo-2.41-9.53.1 * binutils-debugsource-2.41-9.53.1 * libctf0-2.41-9.53.1 * binutils-devel-2.41-9.53.1 * libctf0-debuginfo-2.41-9.53.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libctf-nobfd0-debuginfo-2.41-9.53.1 * libctf-nobfd0-2.41-9.53.1 * binutils-2.41-9.53.1 * binutils-debuginfo-2.41-9.53.1 * binutils-debugsource-2.41-9.53.1 * libctf0-2.41-9.53.1 * binutils-devel-2.41-9.53.1 * libctf0-debuginfo-2.41-9.53.1 ## References: * https://www.suse.com/security/cve/CVE-2020-19726.html * https://www.suse.com/security/cve/CVE-2021-32256.html * https://www.suse.com/security/cve/CVE-2022-35205.html * https://www.suse.com/security/cve/CVE-2022-35206.html * https://www.suse.com/security/cve/CVE-2022-4285.html * https://www.suse.com/security/cve/CVE-2022-44840.html * https://www.suse.com/security/cve/CVE-2022-45703.html * https://www.suse.com/security/cve/CVE-2022-47673.html * https://www.suse.com/security/cve/CVE-2022-47695.html * https://www.suse.com/security/cve/CVE-2022-47696.html * https://www.suse.com/security/cve/CVE-2022-48063.html * https://www.suse.com/security/cve/CVE-2022-48064.html * https://www.suse.com/security/cve/CVE-2022-48065.html * https://www.suse.com/security/cve/CVE-2023-0687.html * https://www.suse.com/security/cve/CVE-2023-1579.html * https://www.suse.com/security/cve/CVE-2023-1972.html * https://www.suse.com/security/cve/CVE-2023-2222.html * https://www.suse.com/security/cve/CVE-2023-25585.html * https://www.suse.com/security/cve/CVE-2023-25587.html * https://www.suse.com/security/cve/CVE-2023-25588.html * https://bugzilla.suse.com/show_bug.cgi?id=1200962 * https://bugzilla.suse.com/show_bug.cgi?id=1206080 * https://bugzilla.suse.com/show_bug.cgi?id=1206556 * https://bugzilla.suse.com/show_bug.cgi?id=1208037 * https://bugzilla.suse.com/show_bug.cgi?id=1208038 * https://bugzilla.suse.com/show_bug.cgi?id=1208040 * https://bugzilla.suse.com/show_bug.cgi?id=1208409 * https://bugzilla.suse.com/show_bug.cgi?id=1209642 * https://bugzilla.suse.com/show_bug.cgi?id=1210297 * https://bugzilla.suse.com/show_bug.cgi?id=1210733 * https://bugzilla.suse.com/show_bug.cgi?id=1213282 * https://bugzilla.suse.com/show_bug.cgi?id=1213458 * https://bugzilla.suse.com/show_bug.cgi?id=1214565 * https://bugzilla.suse.com/show_bug.cgi?id=1214567 * https://bugzilla.suse.com/show_bug.cgi?id=1214579 * https://bugzilla.suse.com/show_bug.cgi?id=1214580 * https://bugzilla.suse.com/show_bug.cgi?id=1214604 * https://bugzilla.suse.com/show_bug.cgi?id=1214611 * https://bugzilla.suse.com/show_bug.cgi?id=1214619 * https://bugzilla.suse.com/show_bug.cgi?id=1214620 * https://bugzilla.suse.com/show_bug.cgi?id=1214623 * https://bugzilla.suse.com/show_bug.cgi?id=1214624 * https://bugzilla.suse.com/show_bug.cgi?id=1214625 * https://jira.suse.com/browse/PED-1435 * https://jira.suse.com/browse/PED-5778 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 08:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 08:30:10 -0000 Subject: SUSE-RU-2023:3694-1: moderate: Recommended update for resource-agents Message-ID: <169519861024.14729.14703922438232653133@smelt2.prg2.suse.org> # Recommended update for resource-agents Announcement ID: SUSE-RU-2023:3694-1 Rating: moderate References: * #1213083 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for resource-agents fixes the following issues: * File system resource monitor fails due to sed command (bsc#1213083) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3694=1 openSUSE-SLE-15.5-2023-3694=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-3694=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * ldirectord-4.12.0+git30.7fd7c8fa-150500.3.3.1 * resource-agents-debuginfo-4.12.0+git30.7fd7c8fa-150500.3.3.1 * resource-agents-4.12.0+git30.7fd7c8fa-150500.3.3.1 * resource-agents-zfs-4.12.0+git30.7fd7c8fa-150500.3.3.1 * resource-agents-debugsource-4.12.0+git30.7fd7c8fa-150500.3.3.1 * openSUSE Leap 15.5 (noarch) * monitoring-plugins-metadata-4.12.0+git30.7fd7c8fa-150500.3.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * resource-agents-debugsource-4.12.0+git30.7fd7c8fa-150500.3.3.1 * ldirectord-4.12.0+git30.7fd7c8fa-150500.3.3.1 * resource-agents-debuginfo-4.12.0+git30.7fd7c8fa-150500.3.3.1 * resource-agents-4.12.0+git30.7fd7c8fa-150500.3.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (noarch) * monitoring-plugins-metadata-4.12.0+git30.7fd7c8fa-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213083 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 08:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 08:30:13 -0000 Subject: SUSE-RU-2023:3693-1: moderate: Recommended update for resource-agents Message-ID: <169519861322.14729.13401848439415083109@smelt2.prg2.suse.org> # Recommended update for resource-agents Announcement ID: SUSE-RU-2023:3693-1 Rating: moderate References: * #1213083 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for resource-agents fixes the following issues: * File system resource monitor fails due to sed command (bsc#1213083) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3693=1 openSUSE-SLE-15.4-2023-3693=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-3693=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * resource-agents-debuginfo-4.10.0+git40.0f4de473-150400.3.22.1 * resource-agents-debugsource-4.10.0+git40.0f4de473-150400.3.22.1 * ldirectord-4.10.0+git40.0f4de473-150400.3.22.1 * resource-agents-4.10.0+git40.0f4de473-150400.3.22.1 * openSUSE Leap 15.4 (noarch) * monitoring-plugins-metadata-4.10.0+git40.0f4de473-150400.3.22.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * resource-agents-debuginfo-4.10.0+git40.0f4de473-150400.3.22.1 * resource-agents-debugsource-4.10.0+git40.0f4de473-150400.3.22.1 * ldirectord-4.10.0+git40.0f4de473-150400.3.22.1 * resource-agents-4.10.0+git40.0f4de473-150400.3.22.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (noarch) * monitoring-plugins-metadata-4.10.0+git40.0f4de473-150400.3.22.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213083 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 08:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 08:30:21 -0000 Subject: SUSE-SU-2023:2783-2: important: Security update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, pyt Message-ID: <169519862157.14729.10660834104798737009@smelt2.prg2.suse.org> # Security update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python- cryptography-vectors, python-google-api-core, pyt Announcement ID: SUSE-SU-2023:2783-2 Rating: important References: * #1099269 * #1133277 * #1144068 * #1162343 * #1177127 * #1178168 * #1182066 * #1184753 * #1194530 * #1197726 * #1198331 * #1199282 * #1203681 * #1204256 * PM-3243 * SLE-24629 Cross-References: * CVE-2018-1000518 * CVE-2020-25659 * CVE-2020-36242 * CVE-2021-22569 * CVE-2021-22570 * CVE-2022-1941 * CVE-2022-3171 CVSS scores: * CVE-2018-1000518 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2018-1000518 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-25659 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2020-25659 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2020-36242 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-36242 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2021-22569 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-22569 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-22570 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-22570 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-1941 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-1941 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-1941 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-1941 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3171 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3171 ( NVD ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 An update that solves seven vulnerabilities, contains two features and has seven security fixes can now be installed. ## Description: This update for grpc, protobuf, python-Deprecated, python-PyGithub, python- aiocontextvars, python-avro, python-bcrypt, python-cryptography, python- cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python- opencensus, python-opencensus-context, python-opencensus-ext-threading, python- opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets fixes the following issues: grpc: \- Update in SLE-15 (bsc#1197726, bsc#1144068) protobuf: \- Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941, bsc#1203681 \- Fix a potential DoS issue when parsing with binary data in protobuf-java, CVE-2022-3171, bsc#1204256 \- Fix potential Denial of Service in protobuf-java in the parsing procedure for binary data, CVE-2021-22569, bsc#1194530 \- Add missing dependency of python subpackages on python-six (bsc#1177127) \- Updated to version 3.9.2 (bsc#1162343) * Remove OSReadLittle* due to alignment requirements. * Don't use unions and instead use memcpy for the type swaps. \- Disable LTO (bsc#1133277) python-aiocontextvars: \- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-avro: \- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-cryptography: \- update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331) * SECURITY ISSUE: Fixed a bug where certain sequences of update() calls when symmetrically encrypting very large payloads (>2GB) could result in an integer overflow, leading to buffer overflows. CVE-2020-36242 python-cryptography-vectors: \- update to 3.2 (bsc#1178168, CVE-2020-25659): * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability. * Support for OpenSSL 1.0.2 has been removed. * Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder. \- update to 3.3.2 (bsc#1198331) python-Deprecated: \- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- update to 1.2.13: python-google-api-core: \- Update to 1.14.2 python-googleapis-common-protos: \- Update to 1.6.0 python-grpcio-gcp: \- Initial spec for v0.2.2 python-humanfriendly: \- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- Update to 10.0 python-jsondiff: \- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- Update to version 1.3.0 python-knack: \- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- Update to version 0.9.0 python-opencensus: \- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- Disable Python2 build \- Update to 0.8.0 python-opencensus-context: \- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-opencensus-ext-threading: \- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- Initial build version 0.1.2 python-opentelemetry-api: \- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- Version update to 1.5.0 python-psutil: \- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- update to 5.9.1 \- remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS. (bsc#1184753) \- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-PyGithub: \- Update to 1.43.5: python-pytest-asyncio: \- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- Initial release of python-pytest-asyncio 0.8.0 python-requests: \- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-websocket-client: \- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- Update to version 1.3.2 python-websockets: \- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- update to 9.1: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2783=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * python-cryptography-debugsource-3.3.2-150100.7.15.3 * python3-cryptography-debuginfo-3.3.2-150100.7.15.3 * python3-psutil-debuginfo-5.9.1-150100.6.6.3 * libprotobuf-lite20-3.9.2-150100.8.3.3 * python2-psutil-debuginfo-5.9.1-150100.6.6.3 * python-psutil-debuginfo-5.9.1-150100.6.6.3 * python2-cryptography-3.3.2-150100.7.15.3 * python2-psutil-5.9.1-150100.6.6.3 * python3-psutil-5.9.1-150100.6.6.3 * python-psutil-debugsource-5.9.1-150100.6.6.3 * python-cryptography-debuginfo-3.3.2-150100.7.15.3 * python2-cryptography-debuginfo-3.3.2-150100.7.15.3 * python3-cryptography-3.3.2-150100.7.15.3 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * python3-websocket-client-1.3.2-150100.6.7.3 * python2-requests-2.25.1-150100.6.13.3 * python3-requests-2.25.1-150100.6.13.3 ## References: * https://www.suse.com/security/cve/CVE-2018-1000518.html * https://www.suse.com/security/cve/CVE-2020-25659.html * https://www.suse.com/security/cve/CVE-2020-36242.html * https://www.suse.com/security/cve/CVE-2021-22569.html * https://www.suse.com/security/cve/CVE-2021-22570.html * https://www.suse.com/security/cve/CVE-2022-1941.html * https://www.suse.com/security/cve/CVE-2022-3171.html * https://bugzilla.suse.com/show_bug.cgi?id=1099269 * https://bugzilla.suse.com/show_bug.cgi?id=1133277 * https://bugzilla.suse.com/show_bug.cgi?id=1144068 * https://bugzilla.suse.com/show_bug.cgi?id=1162343 * https://bugzilla.suse.com/show_bug.cgi?id=1177127 * https://bugzilla.suse.com/show_bug.cgi?id=1178168 * https://bugzilla.suse.com/show_bug.cgi?id=1182066 * https://bugzilla.suse.com/show_bug.cgi?id=1184753 * https://bugzilla.suse.com/show_bug.cgi?id=1194530 * https://bugzilla.suse.com/show_bug.cgi?id=1197726 * https://bugzilla.suse.com/show_bug.cgi?id=1198331 * https://bugzilla.suse.com/show_bug.cgi?id=1199282 * https://bugzilla.suse.com/show_bug.cgi?id=1203681 * https://bugzilla.suse.com/show_bug.cgi?id=1204256 * https://jira.suse.com/browse/PM-3243 * https://jira.suse.com/browse/SLE-24629 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 08:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 08:30:25 -0000 Subject: SUSE-SU-2023:3692-1: important: Security update for curl Message-ID: <169519862511.14729.137226511292886740@smelt2.prg2.suse.org> # Security update for curl Announcement ID: SUSE-SU-2023:3692-1 Rating: important References: * #1215026 Cross-References: * CVE-2023-38039 CVSS scores: * CVE-2023-38039 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3692=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3692=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3692=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3692=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libcurl-devel-8.0.1-11.71.1 * curl-debugsource-8.0.1-11.71.1 * curl-debuginfo-8.0.1-11.71.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * curl-8.0.1-11.71.1 * libcurl4-debuginfo-8.0.1-11.71.1 * libcurl4-8.0.1-11.71.1 * curl-debuginfo-8.0.1-11.71.1 * curl-debugsource-8.0.1-11.71.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libcurl4-debuginfo-32bit-8.0.1-11.71.1 * libcurl4-32bit-8.0.1-11.71.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * curl-8.0.1-11.71.1 * libcurl4-debuginfo-8.0.1-11.71.1 * libcurl4-8.0.1-11.71.1 * curl-debuginfo-8.0.1-11.71.1 * curl-debugsource-8.0.1-11.71.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libcurl4-debuginfo-32bit-8.0.1-11.71.1 * libcurl4-32bit-8.0.1-11.71.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * curl-8.0.1-11.71.1 * libcurl4-debuginfo-8.0.1-11.71.1 * libcurl4-8.0.1-11.71.1 * curl-debuginfo-8.0.1-11.71.1 * curl-debugsource-8.0.1-11.71.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libcurl4-debuginfo-32bit-8.0.1-11.71.1 * libcurl4-32bit-8.0.1-11.71.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38039.html * https://bugzilla.suse.com/show_bug.cgi?id=1215026 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 08:30:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 08:30:27 -0000 Subject: SUSE-SU-2023:3691-1: moderate: Security update for mdadm Message-ID: <169519862756.14729.7011899264184134093@smelt2.prg2.suse.org> # Security update for mdadm Announcement ID: SUSE-SU-2023:3691-1 Rating: moderate References: * #1214244 * #1214245 * #1214974 Cross-References: * CVE-2023-28736 * CVE-2023-28938 CVSS scores: * CVE-2023-28736 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L * CVE-2023-28736 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L * CVE-2023-28938 ( SUSE ): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L * CVE-2023-28938 ( NVD ): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for mdadm fixes the following issues: * CVE-2023-28736: Fixed a buffer overflow (bsc#1214244). * CVE-2023-28938: Fixed uncontrolled resource consumption (bsc#1214245). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3691=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3691=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3691=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * mdadm-debugsource-4.1-4.29.1 * mdadm-debuginfo-4.1-4.29.1 * mdadm-4.1-4.29.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * mdadm-debugsource-4.1-4.29.1 * mdadm-debuginfo-4.1-4.29.1 * mdadm-4.1-4.29.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * mdadm-debugsource-4.1-4.29.1 * mdadm-debuginfo-4.1-4.29.1 * mdadm-4.1-4.29.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28736.html * https://www.suse.com/security/cve/CVE-2023-28938.html * https://bugzilla.suse.com/show_bug.cgi?id=1214244 * https://bugzilla.suse.com/show_bug.cgi?id=1214245 * https://bugzilla.suse.com/show_bug.cgi?id=1214974 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 08:30:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 08:30:29 -0000 Subject: SUSE-SU-2023:3690-1: important: Security update for libcares2 Message-ID: <169519862969.14729.1402140347166751401@smelt2.prg2.suse.org> # Security update for libcares2 Announcement ID: SUSE-SU-2023:3690-1 Rating: important References: * #1214674 Cross-References: * CVE-2020-22217 CVSS scores: * CVE-2020-22217 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2020-22217 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libcares2 fixes the following issues: * CVE-2020-22217: Fixed an out of bounds read in ares_parse_soa_reply(). (bsc#1214674) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3690=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3690=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3690=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3690=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-3690=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libcares2-debugsource-1.9.1-9.18.1 * libcares-devel-1.9.1-9.18.1 * libcares2-debuginfo-1.9.1-9.18.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libcares2-debugsource-1.9.1-9.18.1 * libcares2-1.9.1-9.18.1 * libcares2-debuginfo-1.9.1-9.18.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libcares2-debugsource-1.9.1-9.18.1 * libcares2-1.9.1-9.18.1 * libcares2-debuginfo-1.9.1-9.18.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libcares2-debugsource-1.9.1-9.18.1 * libcares2-1.9.1-9.18.1 * libcares2-debuginfo-1.9.1-9.18.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libcares2-debugsource-1.9.1-9.18.1 * libcares2-32bit-1.9.1-9.18.1 * libcares2-debuginfo-32bit-1.9.1-9.18.1 ## References: * https://www.suse.com/security/cve/CVE-2020-22217.html * https://bugzilla.suse.com/show_bug.cgi?id=1214674 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 08:30:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 08:30:32 -0000 Subject: SUSE-SU-2023:3689-1: moderate: Security update for bluez Message-ID: <169519863286.14729.687531992285831201@smelt2.prg2.suse.org> # Security update for bluez Announcement ID: SUSE-SU-2023:3689-1 Rating: moderate References: * #1192760 Cross-References: * CVE-2021-41229 CVSS scores: * CVE-2021-41229 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-41229 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for bluez fixes the following issues: * CVE-2021-41229: Fixed leaking buffers stored in cstates cache (bsc#1192760). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3689=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3689=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3689=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3689=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-3689=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * bluez-debuginfo-5.13-5.42.2 * bluez-debugsource-5.13-5.42.2 * bluez-devel-5.13-5.42.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libbluetooth3-5.13-5.42.2 * bluez-5.13-5.42.2 * bluez-debuginfo-5.13-5.42.2 * libbluetooth3-debuginfo-5.13-5.42.2 * bluez-debugsource-5.13-5.42.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libbluetooth3-5.13-5.42.2 * bluez-5.13-5.42.2 * bluez-debuginfo-5.13-5.42.2 * libbluetooth3-debuginfo-5.13-5.42.2 * bluez-debugsource-5.13-5.42.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libbluetooth3-5.13-5.42.2 * bluez-5.13-5.42.2 * bluez-debuginfo-5.13-5.42.2 * libbluetooth3-debuginfo-5.13-5.42.2 * bluez-debugsource-5.13-5.42.2 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * bluez-cups-5.13-5.42.2 * bluez-debuginfo-5.13-5.42.2 * bluez-debugsource-5.13-5.42.2 * bluez-cups-debuginfo-5.13-5.42.2 ## References: * https://www.suse.com/security/cve/CVE-2021-41229.html * https://bugzilla.suse.com/show_bug.cgi?id=1192760 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 12:30:14 -0000 Subject: SUSE-SU-2023:3705-1: important: Security update for the Linux Kernel Message-ID: <169521301418.2038.5926105807286612800@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3705-1 Rating: important References: * #1120059 * #1203517 * #1210327 * #1210448 * #1212051 * #1213543 * #1213546 * #1213601 * #1213666 * #1213899 * #1213904 * #1213906 * #1213908 * #1213910 * #1213911 * #1213912 * #1213921 * #1213927 * #1213969 * #1213970 * #1213971 * #1214019 * #1214149 * #1214157 * #1214209 * #1214233 * #1214299 * #1214335 * #1214348 * #1214350 * #1214451 * #1214453 * #1214752 * #1214928 * #1215028 * #1215032 * #1215034 * #1215035 * #1215036 * #1215037 * #1215038 * #1215041 * #1215046 * #1215049 * #1215057 * PED-4579 * SLE-18779 Cross-References: * CVE-2022-36402 * CVE-2023-2007 * CVE-2023-20588 * CVE-2023-34319 * CVE-2023-3772 * CVE-2023-3812 * CVE-2023-3863 * CVE-2023-40283 * CVE-2023-4128 * CVE-2023-4132 * CVE-2023-4133 * CVE-2023-4134 * CVE-2023-4194 * CVE-2023-4385 * CVE-2023-4387 * CVE-2023-4459 CVSS scores: * CVE-2022-36402 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36402 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2007 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2007 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34319 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-3772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-40283 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-40283 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4132 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4132 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4133 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4134 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-4194 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4385 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4385 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4387 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4387 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-4459 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves 16 vulnerabilities, contains two features and has 29 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517). * CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). * CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). * CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). * CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). * CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). * CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). * CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). * CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). * CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969). * CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). * CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). * CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). * CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348). * CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). * CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). The following non-security bugs were fixed: * af_key: fix send_acquire race with pfkey_register (git-fixes). * af_packet: fix data-race in packet_setsockopt / packet_setsockopt (git- fixes). * af_unix: fix a data race of sk->sk_receive_queue->qlen (git-fixes). * arm64: re-enable support for contiguous hugepages (git-fixes) * arm64: vdso: fix clock_getres() for clock_realtime (git-fixes) * arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970). * bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git- fixes). * bnx2x: fix page fault following eeh recovery (bsc#1214299). * bonding: fix a use-after-free problem when bond_sysfs_slave_add() failed (git-fixes). * bpf, arm64: remove prefetch insn in xadd mapping (git-fixes) * bpf, arm64: use more scalable stadd over ldxr / stxr loop in xadd (git- fixes) * bridge: ebtables: do not crash when using dnat target in output chains (git- fixes). * btrfs-allow-use-of-global-block-reserve-for-balance (bsc#1214335). * btrfs-unset-reloc-control-if-transaction-commit-fail (bsc#1212051). * clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970). * clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970). * fs/sysv: null check to prevent null-ptr-deref bug (git-fixes). * fs: hfsplus: remove warn_on() from hfsplus_cat_{read,write}_inode() (git- fixes). * fs: lockd: avoid possible wrong null parameter (git-fixes). * inetpeer: fix data-race in inet_putpeer / inet_putpeer (git-fixes). * kabi/severities: ignore newly added srso mitigation functions * libceph: fix potential hang in ceph_osdc_notify() (bsc#1214752). * module: avoid allocation if module is already present and ready (bsc#1213921). * module: extract patient module check into helper (bsc#1213921). * module: move check_modinfo() early to early_mod_check() (bsc#1213921). * module: move early sanity checks into a helper (bsc#1213921). * net-sysfs: call dev_hold always in netdev_queue_add_kobject (git-fixes). * net-sysfs: call dev_hold always in rx_queue_add_kobject (git-fixes). * net-sysfs: fix netdev_queue_add_kobject() breakage (git-fixes). * net-sysfs: fix reference count leak in rx|netdev_queue_add_kobject (git- fixes). * net/af_unix: fix a data-race in unix_dgram_poll (git-fixes). * net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock (git- fixes). * net/fq_impl: switch to kvmalloc() for memory allocation (git-fixes). * net: bnx2x: fix variable dereferenced before check (git-fixes). * net: icmp: fix data-race in cmp_global_allow() (git-fixes). * net: mana: add support for xdp_query_prog (jsc#sle-18779, bsc#1214209). * net: usb: qmi_wwan: add support for compal rxm-g1 (git-fixes). * netfilter: ipset: fix an error code in ip_set_sockfn_get() (git-fixes). * netfilter: nf_conntrack: fix possible possible crash on module loading (git- fixes). * nfs/blocklayout: use the passed in gfp flags (git-fixes). * nfs: guard against readdir loop when entry names exceed maxnamelen (git- fixes). * nfsd: add encoding of op_recall flag for write delegation (git-fixes). * nfsd: da_addr_body field missing in some getdeviceinfo replies (git-fixes). * nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes). * packet: fix data-race in fanout_flow_is_huge() (git-fixes). * packet: unconditionally free po->rollover (git-fixes). * powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes). * revert "scsi: qla2xxx: fix buffer overrun" (bsc#1214928). * ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes). * ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes). * s390/cio: cio_ignore_proc_seq_next should increase position index (git-fixes bsc#1215057). * s390/cpum_sf: avoid sbd overflow condition in irq handler (git-fixes bsc#1213908). * s390/cpum_sf: check for sdbt and sdb consistency (git-fixes bsc#1213910). * s390/dasd/cio: interpret ccw_device_get_mdc return value correctly (git- fixes bsc#1215049). * s390/dasd: fix capacity calculation for large volumes (git-fixes bsc#1215034). * s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1214157). * s390/ftrace: fix endless recursion in function_graph tracer (git-fixes bsc#1213912). * s390/jump_label: print real address in a case of a jump label bug (git-fixes bsc#1213899). * s390/kasan: fix strncpy_from_user kasan checks (git-fixes bsc#1215037). * s390/kdump: fix memleak in nt_vmcoreinfo (git-fixes bsc#1215028). * s390/pkey: add one more argument space for debug feature entry (git-fixes bsc#1215035). * s390/qdio: add sanity checks to the fast-requeue path (git-fixes bsc#1215038). * s390/smp: __smp_rescan_cpus() - move cpumask away from stack (git-fixes bsc#1213906). * s390/smp: fix physical to logical cpu map for smt (git-fixes bsc#1213904). * s390/time: ensure get_clock_monotonic() returns monotonic values (git-fixes bsc#1213911). * s390/uaccess: avoid (false positive) compiler warnings (git-fixes bsc#1215041). * s390/zcrypt: handle new reply code filtered_by_hypervisor (git-fixes bsc#1215046). * s390/zcrypt: improve special ap message cmd handling (git-fixes bsc#1215032). * s390: zcrypt: initialize variables before_use (git-fixes bsc#1215036). * sched/core: check quota and period overflow at usec to nsec conversion (git fixes). * sched/core: handle overflow in cpu_shares_write_u64 (git fixes). * sched/cpufreq: fix kobject memleak (git fixes). * sched/fair: do not numa balance for kthreads (git fixes). * sched/fair: fix cfs bandwidth hrtimer expiry type (git fixes). * sched/topology: fix off by one bug (git fixes). * scsi: qla2xxx: add logs for sfp temperature monitoring (bsc#1214928). * scsi: qla2xxx: allow 32-byte cdbs (bsc#1214928). * scsi: qla2xxx: error code did not return to upper layer (bsc#1214928). * scsi: qla2xxx: fix firmware resource tracking (bsc#1214928). * scsi: qla2xxx: fix smatch warn for qla_init_iocb_limit() (bsc#1214928). * scsi: qla2xxx: flush mailbox commands on chip reset (bsc#1214928). * scsi: qla2xxx: move resource to allow code reuse (bsc#1214928). * scsi: qla2xxx: remove unsupported ql2xenabledif option (bsc#1214928). * scsi: qla2xxx: remove unused declarations (bsc#1214928). * scsi: qla2xxx: remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). * scsi: qla2xxx: update version to 10.02.09.100-k (bsc#1214928). * scsi: storvsc: always set no_report_opcodes (git-fixes). * scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes). * skbuff: fix a data race in skb_queue_len() (git-fixes). * sort latest foray of security patches * sunrpc: always clear xprt_sock_connecting before xprt_clear_connecting on tcp xprt (bsc#1214453). * timers: add shutdown mechanism to the internal functions (bsc#1213970). * timers: provide timer_shutdown_sync (bsc#1213970). * timers: rename del_timer() to timer_delete() (bsc#1213970). * timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970). * timers: replace bug_on()s (bsc#1213970). * timers: silently ignore timers with a null function (bsc#1213970). * timers: split [try_to_]del_timer_sync to prepare for shutdown mode (bsc#1213970). * timers: update kernel-doc for various functions (bsc#1213970). * timers: use del_timer_sync() even on up (bsc#1213970). * tracing: fix warning in trace_buffered_event_disable() (git-fixes). * tun: fix bonding active backup with arp monitoring (git-fixes). * ubifs: fix snprintf() checking (git-fixes). * udp6: fix race condition in udp6_sendmsg & connect (git-fixes). * udp: fix race between close() and udp_abort() (git-fixes). * usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes). * usb: host: xhci: fix potential memory leak in xhci_alloc_stream_info() (git- fixes). * usb: serial: cp210x: add kamstrup rf sniffer pids (git-fixes). * usb: serial: cp210x: add scalance lpe-9000 device id (git-fixes). * usb: serial: option: add lara-r6 01b pids (git-fixes). * usb: serial: option: add quectel ec200a module support (git-fixes). * usb: serial: option: add quectel ec200u modem (git-fixes). * usb: serial: option: add quectel em05cn (sg) modem (git-fixes). * usb: serial: option: add quectel em05cn modem (git-fixes). * usb: serial: option: add support for vw/skoda "carstick lte" (git-fixes). * usb: serial: option: add u-blox lara-l6 modem (git-fixes). * usb: serial: option: support quectel em060k_128 (git-fixes). * usb: serial: simple: add kaufmann rks+can vcp (git-fixes). * usb: serial: simple: sort driver entries (git-fixes). * usb: xhci-mtk: set the dma max_seg_size (git-fixes). * usb: xhci: check endpoint is valid before dereferencing it (git-fixes). * usb: zaurus: add id for a-300/b-500/c-700 (git-fixes). * x86/bugs: reset speculation control settings on init (git-fixes). * x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes). * x86/cpu/amd: enable zenbleed fix for amd custom apu 0405 (git-fixes). * x86/cpu/kvm: provide untrain_ret_vm (git-fixes). * x86/cpu/vmware: fix platform detection vmware_port macro (bsc#1210327). * x86/cpu/vmware: use the full form of inl in vmware_hypercall, for clang/llvm (bsc#1210327). * x86/cpu/vmware: use the full form of inl in vmware_port (bsc#1210327). * x86/cpu: cleanup the untrain mess (git-fixes). * x86/cpu: fix __x86_return_thunk symbol type (git-fixes). * x86/cpu: fix amd_check_microcode() declaration (git-fixes). * x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). * x86/cpu: rename original retbleed methods (git-fixes). * x86/cpu: rename srso_(.*) _alias to srso_alias_ \1 (git-fixes). * x86/crash: disable virt in core nmi crash handler to avoid double shootdown (git-fixes). * x86/ioapic: do not return 0 from arch_dynirq_lower_bound() (git-fixes). * x86/microcode/amd: load late on both threads too (git-fixes). * x86/mm: do not shuffle cpu entry areas without kaslr (git-fixes). * x86/mm: fix use of uninitialized buffer in sme_enable() (git-fixes). * x86/reboot: disable svm, not just vmx, when stopping cpus (git-fixes). * x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes). * x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes). * x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes). * x86/speculation: add cpu_show_gds() prototype (git-fixes). * x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes). * x86/srso: correct the mitigation status when smt is disabled (git-fixes). * x86/srso: disable the mitigation on unaffected configurations (git-fixes). * x86/srso: explain the untraining sequences a bit more (git-fixes). * x86/srso: fix build breakage with the llvm linker (git-fixes). * x86/virt: force gif=1 prior to disabling svm (for reboot flows) (git-fixes). * x86/vmware: add a header file for hypercall definitions (bsc#1210327). * x86/vmware: add steal time clock support for vmware guests (bsc#1210327). * x86/vmware: enable steal time accounting (bsc#1210327). * x86/vmware: update platform detection code for vmcall/vmmcall hypercalls (bsc#1210327). * x86: move gds_ucode_mitigated() declaration to header (git-fixes). * xfrm: release device reference for invalid state (git-fixes). * xhci-pci: set the dma max_seg_size (git-fixes). * xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-3705=1 SUSE-SLE- SERVER-12-SP5-2023-3705=1 * SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-3705=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-3705=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3705=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3705=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3705=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-3705=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * kernel-default-base-4.12.14-122.176.1 * gfs2-kmp-default-4.12.14-122.176.1 * cluster-md-kmp-default-4.12.14-122.176.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.176.1 * kernel-default-debugsource-4.12.14-122.176.1 * kernel-syms-4.12.14-122.176.1 * kernel-default-debuginfo-4.12.14-122.176.1 * kernel-default-base-debuginfo-4.12.14-122.176.1 * dlm-kmp-default-debuginfo-4.12.14-122.176.1 * dlm-kmp-default-4.12.14-122.176.1 * gfs2-kmp-default-debuginfo-4.12.14-122.176.1 * kernel-default-devel-4.12.14-122.176.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.176.1 * ocfs2-kmp-default-4.12.14-122.176.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64) * kernel-default-4.12.14-122.176.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-macros-4.12.14-122.176.1 * kernel-devel-4.12.14-122.176.1 * kernel-source-4.12.14-122.176.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.176.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64) * gfs2-kmp-default-4.12.14-122.176.1 * cluster-md-kmp-default-4.12.14-122.176.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.176.1 * kernel-default-debugsource-4.12.14-122.176.1 * kernel-default-debuginfo-4.12.14-122.176.1 * dlm-kmp-default-debuginfo-4.12.14-122.176.1 * dlm-kmp-default-4.12.14-122.176.1 * gfs2-kmp-default-debuginfo-4.12.14-122.176.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.176.1 * ocfs2-kmp-default-4.12.14-122.176.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (nosrc) * kernel-default-4.12.14-122.176.1 * SUSE Linux Enterprise Live Patching 12-SP5 (nosrc) * kernel-default-4.12.14-122.176.1 * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kernel-default-kgraft-devel-4.12.14-122.176.1 * kernel-default-debugsource-4.12.14-122.176.1 * kernel-default-debuginfo-4.12.14-122.176.1 * kernel-default-kgraft-4.12.14-122.176.1 * kgraft-patch-4_12_14-122_176-default-1-8.3.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch nosrc) * kernel-docs-4.12.14-122.176.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-4.12.14-122.176.1 * kernel-obs-build-debugsource-4.12.14-122.176.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 nosrc x86_64) * kernel-default-4.12.14-122.176.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * kernel-default-base-4.12.14-122.176.1 * kernel-default-debugsource-4.12.14-122.176.1 * kernel-syms-4.12.14-122.176.1 * kernel-default-debuginfo-4.12.14-122.176.1 * kernel-default-base-debuginfo-4.12.14-122.176.1 * kernel-default-devel-4.12.14-122.176.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-macros-4.12.14-122.176.1 * kernel-devel-4.12.14-122.176.1 * kernel-source-4.12.14-122.176.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.176.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-122.176.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-base-4.12.14-122.176.1 * kernel-default-debugsource-4.12.14-122.176.1 * kernel-syms-4.12.14-122.176.1 * kernel-default-debuginfo-4.12.14-122.176.1 * kernel-default-base-debuginfo-4.12.14-122.176.1 * kernel-default-devel-4.12.14-122.176.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-macros-4.12.14-122.176.1 * kernel-devel-4.12.14-122.176.1 * kernel-source-4.12.14-122.176.1 * SUSE Linux Enterprise Server 12 SP5 (s390x) * kernel-default-man-4.12.14-122.176.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.176.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (nosrc) * kernel-default-4.12.14-122.176.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * kernel-default-extra-4.12.14-122.176.1 * kernel-default-extra-debuginfo-4.12.14-122.176.1 * kernel-default-debuginfo-4.12.14-122.176.1 * kernel-default-debugsource-4.12.14-122.176.1 ## References: * https://www.suse.com/security/cve/CVE-2022-36402.html * https://www.suse.com/security/cve/CVE-2023-2007.html * https://www.suse.com/security/cve/CVE-2023-20588.html * https://www.suse.com/security/cve/CVE-2023-34319.html * https://www.suse.com/security/cve/CVE-2023-3772.html * https://www.suse.com/security/cve/CVE-2023-3812.html * https://www.suse.com/security/cve/CVE-2023-3863.html * https://www.suse.com/security/cve/CVE-2023-40283.html * https://www.suse.com/security/cve/CVE-2023-4128.html * https://www.suse.com/security/cve/CVE-2023-4132.html * https://www.suse.com/security/cve/CVE-2023-4133.html * https://www.suse.com/security/cve/CVE-2023-4134.html * https://www.suse.com/security/cve/CVE-2023-4194.html * https://www.suse.com/security/cve/CVE-2023-4385.html * https://www.suse.com/security/cve/CVE-2023-4387.html * https://www.suse.com/security/cve/CVE-2023-4459.html * https://bugzilla.suse.com/show_bug.cgi?id=1120059 * https://bugzilla.suse.com/show_bug.cgi?id=1203517 * https://bugzilla.suse.com/show_bug.cgi?id=1210327 * https://bugzilla.suse.com/show_bug.cgi?id=1210448 * https://bugzilla.suse.com/show_bug.cgi?id=1212051 * https://bugzilla.suse.com/show_bug.cgi?id=1213543 * https://bugzilla.suse.com/show_bug.cgi?id=1213546 * https://bugzilla.suse.com/show_bug.cgi?id=1213601 * https://bugzilla.suse.com/show_bug.cgi?id=1213666 * https://bugzilla.suse.com/show_bug.cgi?id=1213899 * https://bugzilla.suse.com/show_bug.cgi?id=1213904 * https://bugzilla.suse.com/show_bug.cgi?id=1213906 * https://bugzilla.suse.com/show_bug.cgi?id=1213908 * https://bugzilla.suse.com/show_bug.cgi?id=1213910 * https://bugzilla.suse.com/show_bug.cgi?id=1213911 * https://bugzilla.suse.com/show_bug.cgi?id=1213912 * https://bugzilla.suse.com/show_bug.cgi?id=1213921 * https://bugzilla.suse.com/show_bug.cgi?id=1213927 * https://bugzilla.suse.com/show_bug.cgi?id=1213969 * https://bugzilla.suse.com/show_bug.cgi?id=1213970 * https://bugzilla.suse.com/show_bug.cgi?id=1213971 * https://bugzilla.suse.com/show_bug.cgi?id=1214019 * https://bugzilla.suse.com/show_bug.cgi?id=1214149 * https://bugzilla.suse.com/show_bug.cgi?id=1214157 * https://bugzilla.suse.com/show_bug.cgi?id=1214209 * https://bugzilla.suse.com/show_bug.cgi?id=1214233 * https://bugzilla.suse.com/show_bug.cgi?id=1214299 * https://bugzilla.suse.com/show_bug.cgi?id=1214335 * https://bugzilla.suse.com/show_bug.cgi?id=1214348 * https://bugzilla.suse.com/show_bug.cgi?id=1214350 * https://bugzilla.suse.com/show_bug.cgi?id=1214451 * https://bugzilla.suse.com/show_bug.cgi?id=1214453 * https://bugzilla.suse.com/show_bug.cgi?id=1214752 * https://bugzilla.suse.com/show_bug.cgi?id=1214928 * https://bugzilla.suse.com/show_bug.cgi?id=1215028 * https://bugzilla.suse.com/show_bug.cgi?id=1215032 * https://bugzilla.suse.com/show_bug.cgi?id=1215034 * https://bugzilla.suse.com/show_bug.cgi?id=1215035 * https://bugzilla.suse.com/show_bug.cgi?id=1215036 * https://bugzilla.suse.com/show_bug.cgi?id=1215037 * https://bugzilla.suse.com/show_bug.cgi?id=1215038 * https://bugzilla.suse.com/show_bug.cgi?id=1215041 * https://bugzilla.suse.com/show_bug.cgi?id=1215046 * https://bugzilla.suse.com/show_bug.cgi?id=1215049 * https://bugzilla.suse.com/show_bug.cgi?id=1215057 * https://jira.suse.com/browse/PED-4579 * https://jira.suse.com/browse/SLE-18779 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 12:30:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 12:30:39 -0000 Subject: SUSE-SU-2023:3704-1: important: Security update for the Linux Kernel Message-ID: <169521303916.2038.6596450201840434632@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3704-1 Rating: important References: * #1023051 * #1120059 * #1177719 * #1188885 * #1193629 * #1194869 * #1203329 * #1203330 * #1205462 * #1206453 * #1208902 * #1208949 * #1209284 * #1209799 * #1210048 * #1210448 * #1211220 * #1212091 * #1212142 * #1212423 * #1212526 * #1212857 * #1212873 * #1213026 * #1213123 * #1213546 * #1213580 * #1213601 * #1213666 * #1213733 * #1213757 * #1213759 * #1213916 * #1213921 * #1213927 * #1213946 * #1213949 * #1213968 * #1213970 * #1213971 * #1214000 * #1214019 * #1214073 * #1214120 * #1214149 * #1214180 * #1214233 * #1214238 * #1214285 * #1214297 * #1214299 * #1214305 * #1214350 * #1214368 * #1214370 * #1214371 * #1214372 * #1214380 * #1214386 * #1214392 * #1214393 * #1214397 * #1214404 * #1214428 * #1214451 * #1214659 * #1214661 * #1214727 * #1214729 * #1214742 * #1214743 * #1214756 * #1214976 * PED-3924 * PED-4579 * PED-4759 * PED-4927 * PED-4929 * PED-5738 * PED-6003 * PED-6004 Cross-References: * CVE-2022-38457 * CVE-2022-40133 * CVE-2023-2007 * CVE-2023-20588 * CVE-2023-34319 * CVE-2023-3610 * CVE-2023-37453 * CVE-2023-3772 * CVE-2023-3863 * CVE-2023-40283 * CVE-2023-4128 * CVE-2023-4133 * CVE-2023-4134 * CVE-2023-4147 * CVE-2023-4194 * CVE-2023-4273 * CVE-2023-4387 * CVE-2023-4459 * CVE-2023-4563 * CVE-2023-4569 CVSS scores: * CVE-2022-38457 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38457 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H * CVE-2022-40133 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-40133 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H * CVE-2023-2007 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2007 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34319 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-37453 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37453 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-40283 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-40283 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4133 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4134 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-4194 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4273 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4273 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-4387 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4387 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-4459 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4569 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-4569 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * Legacy Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves 20 vulnerabilities, contains eight features and has 53 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-38457: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203330). * CVE-2022-40133: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203329). * CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). * CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). * CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). * CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). * CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). * CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). * CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). * CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). * CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). * CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). * CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). * CVE-2023-4563: Fixed use-after-free in nft_verdict_dump due to a race between set GC and transaction (bsc#1214727). * CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). * CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). * CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). * CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). * CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). The following non-security bugs were fixed: * ACPI/IORT: Update SMMUv3 DeviceID support (bsc#1214305). * ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily (git- fixes). * ACPI: processor: perflib: Use the "no limit" frequency QoS (git-fixes). * ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table (git- fixes). * ALSA: ac97: Fix possible error value of *rac97 (git-fixes). * ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes). * ALSA: hda/realtek - Remodified 3k pull low procedure (git-fixes). * ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED (git- fixes). * ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx (git- fixes). * ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes). * ALSA: hda/realtek: Switch Dell Oasis models to use SPI (git-fixes). * ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (git-fixes). * ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces (git-fixes). * ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes). * ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (git- fixes). * ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings (git-fixes). * ARM: dts: imx6sll: fixup of operating points (git-fixes). * ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970). * ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (git-fixes). * ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ (git-fixes). * ASoC: lower "no backend DAIs enabled for ... Port" log severity (git-fixes). * ASoC: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). * ASoC: rt5665: add missed regulator_bulk_disable (git-fixes). * ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes). * ASoC: tegra: Fix SFC conversion for few rates (git-fixes). * Bluetooth: Fix potential use-after-free when clear keys (git-fixes). * Bluetooth: L2CAP: Fix use-after-free (git-fixes). * Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (git-fixes). * Bluetooth: Remove unused declaration amp_read_loc_info() (git-fixes). * Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (git-fixes). * Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (git- fixes). * Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git- fixes). * CONFIG_NVME_VERBOSE_ERRORS=y gone with a82baa8083b * CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 gone with 7e152d55123 * Created new preempt kernel flavor Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel. * Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes). * Documentation: devices.txt: Remove ttyIOC* (git-fixes). * Documentation: devices.txt: Remove ttySIOC* (git-fixes). * Drivers: hv: Do not remap addresses that are above shared_gpa_boundary (bsc#1206453). * Drivers: hv: Enable vmbus driver for nested root partition (bsc#1206453). * Drivers: hv: Explicitly request decrypted in vmap_pfn() calls (bsc#1206453). * Drivers: hv: Setup synic registers in case of nested root partition (bsc#1206453). * Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (bsc#1206453). * Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages (bsc#1206453). * Drivers: hv: vmbus: Remove second way of mapping ring buffers (bsc#1206453). * Drivers: hv: vmbus: Remove the per-CPU post_msg_page (bsc#1206453). * Drop cfg80211 lock fix patches that caused a regression (bsc#1213757) * Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) * Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759) * HID: add quirk for 03f0:464a HP Elite Presenter Mouse (git-fixes). * HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). * HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard (git-fixes). * HID: multitouch: Correct devm device reference for hidinput input_dev name (git-fixes). * HID: wacom: remove the battery when the EKR is off (git-fixes). * HWPOISON: offline support: fix spelling in Documentation/ABI/ (git-fixes). * IB/hfi1: Fix possible panic during hotplug remove (git-fixes) * IB/uverbs: Fix an potential error pointer dereference (git-fixes) * Input: exc3000 - properly stop timer on shutdown (git-fixes). * KVM: s390: fix sthyi error handling (git-fixes bsc#1214370). * Kbuild: add -Wno-shift-negative-value where -Wextra is used (bsc#1214756). * Kbuild: move to -std=gnu11 (bsc#1214756). * PCI/ASPM: Avoid link retraining race (git-fixes). * PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes). * PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() (git-fixes). * PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes). * PCI: acpiphp: Reassign resources on bridge if necessary (git-fixes). * PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). * PCI: hv: Enable PCI pass-thru devices in Confidential VMs (bsc#1206453). * PCI: hv: Replace retarget_msi_interrupt_params with (bsc#1206453). * PCI: meson: Remove cast between incompatible function type (git-fixes). * PCI: microchip: Correct the DED and SEC interrupt bit offsets (git-fixes). * PCI: microchip: Remove cast between incompatible function type (git-fixes). * PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes). * PCI: rockchip: Remove writes to unused registers (git-fixes). * PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (git-fixes). * PCI: tegra194: Fix possible array out of bounds access (git-fixes). * PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes). * RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes) * RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes) * RDMA/efa: Fix wrong resources deallocation order (git-fixes) * RDMA/hns: Fix CQ and QP cache affinity (git-fixes) * RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes) * RDMA/hns: Fix port active speed (git-fixes) * RDMA/irdma: Prevent zero-length STAG registration (git-fixes) * RDMA/irdma: Replace one-element array with flexible-array member (git-fixes) * RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes) * RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes) * RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes) * RDMA/siw: Correct wrong debug message (git-fixes) * RDMA/umem: Set iova in ODP flow (git-fixes) * README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer. * Revert "IB/isert: Fix incorrect release of isert connection" (git-fixes) * Revert "tracing: Add "(fault)" name injection to kernel probes" (git-fixes). * SMB3: Do not send lease break acknowledgment if all file handles have been closed (git-fixes). * Update patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq- initi.patch (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * amba: bus: fix refcount leak (git-fixes). * arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux (git-fixes). * arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). * arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 (git-fixes). * audit: fix possible soft lockup in __audit_inode_child() (git-fixes). * backlight/bd6107: Compare against struct fb_info.device (git-fixes). * backlight/gpio_backlight: Compare against struct fb_info.device (git-fixes). * backlight/lv5207lp: Compare against struct fb_info.device (git-fixes). * batman-adv: Do not get eth header before batadv_check_management_packet (git-fixes). * batman-adv: Do not increase MTU when set by user (git-fixes). * batman-adv: Fix TT global entry leak when client roamed back (git-fixes). * batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes). * batman-adv: Hold rtnl lock during MTU update via netlink (git-fixes). * batman-adv: Trigger events for auto adjusted MTU (git-fixes). * bnx2x: fix page fault following EEH recovery (bsc#1214299). * bpf: Disable preemption in bpf_event_output (git-fixes). * bpftool: Print newline before '}' for struct with padding only fields (bsc#1211220 jsc#PED-3924). * bus: mhi: host: Skip MHI reset if device is in RDDM (git-fixes). * bus: ti-sysc: Fix build warning for 64-bit build (git-fixes). * bus: ti-sysc: Fix cast to enum warning (git-fixes). * bus: ti-sysc: Flush posted write on enable before reset (git-fixes). * can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (git-fixes). * ceph: defer stopping mdsc delayed_work (bsc#1214392). * ceph: do not check for quotas on MDS stray dirs (bsc#1214238). * ceph: never send metrics if disable_send_metrics is set (bsc#1214180). * check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does. * cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). * cifs: allow dumping keys for directories too (bsc#1193629). * cifs: fix mid leak during reconnection after timeout threshold (git-fixes). * cifs: if deferred close is disabled then close files immediately (git- fixes). * cifs: is_network_name_deleted should return a bool (bsc#1193629). * cifs: update internal module version number for cifs.ko (bsc#1193629). * clk: Fix slab-out-of-bounds error in devm_clk_release() (git-fixes). * clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). * clk: imx8mp: fix sai4 clock (git-fixes). * clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). * clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz (git- fixes). * clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). * clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). * clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src (git-fixes). * clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes). * clk: sunxi-ng: Modify mismatched function name (git-fixes). * clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970). * clocksource/drivers/hyper-v: Rework clocksource and sched clock setup (bsc#1206453). * clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970). * clocksource: hyper-v: Add TSC page support for root partition (bsc#1206453). * clocksource: hyper-v: Introduce TSC PFN getter (bsc#1206453). * clocksource: hyper-v: Introduce a pointer to TSC page (bsc#1206453). * clocksource: hyper-v: Use TSC PFN getter to map vvar page (bsc#1206453). * clocksource: hyper-v: make sure Invariant-TSC is used if it is (bsc#1206453). * cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpufreq: Fix the race condition while updating the transition_task of policy (git-fixes). * cpufreq: intel_pstate: Adjust balance_performance EPP for Sapphire Rapids (bsc#1214659). * cpufreq: intel_pstate: Enable HWP IO boost for all servers (bsc#1208949 jsc#PED-6003 jsc#PED-6004). * cpufreq: intel_pstate: Fix scaling for hybrid-capable systems with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * cpufreq: intel_pstate: Read all MSRs on the target CPU (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * cpufreq: intel_pstate: hybrid: Rework HWP calibration (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * crypto: caam - fix unchecked return value error (git-fixes). * crypto: stm32 - Properly handle pm_runtime_get failing (git-fixes). * define more Hyper-V related constants (bsc#1206453). * dma-buf/sw_sync: Avoid recursive lock during fence signal (git-fixes). * dma-buf/sync_file: Fix docs syntax (git-fixes). * dmaengine: idxd: Modify the dependence of attribute pasid_enabled (git- fixes). * dmaengine: mcf-edma: Fix a potential un-allocated memory access (git-fixes). * dmaengine: pl330: Return DMA_PAUSED when transaction is paused (git-fixes). * dmaengine: ste_dma40: Add missing IRQ check in d40_probe (git-fixes). * docs/process/howto: Replace C89 with C11 (bsc#1214756). * docs: kernel-parameters: Refer to the correct bitmap function (git-fixes). * docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). * docs: printk-formats: Fix hex printing of signed values (git-fixes). * driver core: test_async: fix an error code (git-fixes). * drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (git- fixes). * drivers: usb: smsusb: fix error handling code in smsusb_init_device (git- fixes). * drm/amd/display: Apply 60us prefetch for DCFCLK <= 300Mhz (git-fixes). * drm/amd/display: Disable phantom OTG after enable for plane disable (git- fixes). * drm/amd/display: Do not set drr on pipe commit (git-fixes). * drm/amd/display: Enable dcn314 DPP RCO (git-fixes). * drm/amd/display: Ensure that planes are in the same order (git-fixes). * drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV register (git-fixes). * drm/amd/display: Retain phantom plane/stream if validation fails (git- fixes). * drm/amd/display: Skip DPP DTO update if root clock is gated (git-fixes). * drm/amd/display: Use update plane and stream routine for DCN32x (git-fixes). * drm/amd/display: check TG is non-null before checking if enabled (git- fixes). * drm/amd/display: check attr flag before set cursor degamma on DCN3+ (git- fixes). * drm/amd/display: disable RCO for DCN314 (git-fixes). * drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). * drm/amd/display: fix access hdcp_workqueue assert (git-fixes). * drm/amd/display: fix the build when DRM_AMD_DC_DCN is not set (git-fixes). * drm/amd/display: limit DPIA link rate to HBR3 (git-fixes). * drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). * drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). * drm/amd/display: trigger timing sync only if TG is running (git-fixes). * drm/amd/pm/smu7: move variables to where they are used (git-fixes). * drm/amd/pm: avoid unintentional shutdown due to temperature momentary fluctuation (git-fixes). * drm/amd/pm: expose swctf threshold setting for legacy powerplay (git-fixes). * drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). * drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock settings (git-fixes). * drm/amd/pm: fulfill swsmu peak profiling mode shader/memory clock settings (git-fixes). * drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 (git- fixes). * drm/amd: Disable S/G for APUs when 64GB or more host memory (git-fixes). * drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). * drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7 (git-fixes). * drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (git-fixes). * drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes). * drm/amdgpu: Remove unnecessary domain argument (git-fixes). * drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes). * drm/amdgpu: add S/G display parameter (git-fixes). * drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git- fixes). * drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). * drm/amdgpu: fix calltrace warning in amddrm_buddy_fini (git-fixes). * drm/amdgpu: fix memory leak in mes self test (git-fixes). * drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() (git-fixes). * drm/amdgpu: install stub fence into potential unused fence pointers (git- fixes). * drm/amdgpu: keep irq count in amdgpu_irq_disable_all (git-fixes). * drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix (git-fixes). * drm/armada: Fix off-by-one error in armada_overlay_get_property() (git- fixes). * drm/ast: Fix DRAM init on AST2200 (git-fixes). * drm/atomic-helper: Update reference to drm_crtc_force_disable_all() (git- fixes). * drm/bridge: anx7625: Drop device lock before drm_helper_hpd_irq_event() (git-fixes). * drm/bridge: anx7625: Use common macros for DP power sequencing commands (git-fixes). * drm/bridge: anx7625: Use common macros for HDCP capabilities (git-fixes). * drm/bridge: fix -Wunused-const-variable= warning (git-fixes). * drm/bridge: tc358764: Fix debug print parameter order (git-fixes). * drm/etnaviv: fix dumping of active MMU context (git-fixes). * drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers (git- fixes). * drm/i915/sdvo: fix panel_type initialization (git-fixes). * drm/i915: Fix premature release of request's reusable memory (git-fixes). * drm/mediatek: Fix dereference before null check (git-fixes). * drm/mediatek: Fix potential memory leak if vmap() fail (git-fixes). * drm/mediatek: Remove freeing not dynamic allocated memory (git-fixes). * drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes). * drm/msm/dpu: fix the irq index in dpu_encoder_phys_wb_wait_for_commit_done (git-fixes). * drm/msm/mdp5: Do not leak some plane state (git-fixes). * drm/msm: Update dev core dump to not print backwards (git-fixes). * drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable() (git-fixes). * drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (git-fixes). * drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create (bsc#1214073). * drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). * drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues (git-fixes). * drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 (git-fixes). * drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs (git-fixes). * drm/qxl: fix UAF on handle creation (git-fixes). * drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes). * drm/repaper: Reduce temporary buffer size in repaper_fb_dirty() (git-fixes). * drm/rockchip: Do not spam logs in atomic check (git-fixes). * drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap() (git- fixes). * drm/stm: ltdc: fix late dereference check (git-fixes). * drm/tegra: dpaux: Fix incorrect return value of platform_get_irq (git- fixes). * drm/ttm: check null pointer before accessing when swapping (git-fixes). * drm/ttm: never consider pinned BOs for eviction&swap (git-fixes). * drm/vmwgfx: Fix shader stage validation (git-fixes). * drm: adv7511: Fix low refresh rate register for ADV7533/5 (git-fixes). * drm: rcar-du: remove R-Car H3 ES1.* workarounds (git-fixes). * drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask (git-fixes). * dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). * dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). * dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). * e1000: Fix typos in comments (jsc#PED-5738). * e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738). * e1000: switch to napi_build_skb() (jsc#PED-5738). * e1000: switch to napi_consume_skb() (jsc#PED-5738). * exfat: fix unexpected EOF while reading dir (bsc#1214000). * exfat: release s_lock before calling dir_emit() (bsc#1214000). * exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). * fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (git-fixes). * fbdev: Fix sys_imageblit() for arbitrary image widths (git-fixes). * fbdev: Improve performance of sys_imageblit() (git-fixes). * fbdev: Update fbdev source file paths (git-fixes). * fbdev: fix potential OOB read in fast_imageblit() (git-fixes). * fbdev: mmp: fix value check in mmphw_probe() (git-fixes). * file: reinstate f_pos locking optimization for regular files (bsc#1213759). * firmware: arm_scmi: Drop OF node reference in the transport channel setup (git-fixes). * firmware: cs_dsp: Fix new control name check (git-fixes). * firmware: meson_sm: fix to avoid potential NULL pointer dereference (git- fixes). * firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). * fprobe: Release rethook after the ftrace_ops is unregistered (git-fixes). * fprobe: add unlock to match a succeeded ftrace_test_recursion_trylock (git- fixes). * fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes). * fsi: aspeed: Reset master errors after CFAM reset (git-fixes). * fsi: master-ast-cf: Add MODULE_FIRMWARE macro (git-fixes). * ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). * gpio: mvebu: Make use of devm_pwmchip_add (git-fixes). * gpio: mvebu: fix irq domain leak (git-fixes). * gpio: tps68470: Make tps68470_gpio_output() always set the initial value (git-fixes). * hv_netvsc: Remove second mapping of send and recv buffers (bsc#1206453). * hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100 (git- fixes). * hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() (git-fixes). * hwrng: iproc-rng200 - Implement suspend and resume calls (git-fixes). * hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). * hwrng: pic32 - use devm_clk_get_enabled (git-fixes). * i2c: Delete error messages for failed memory allocations (git-fixes). * i2c: Improve size determinations (git-fixes). * i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue (git-fixes). * i2c: designware: Correct length byte validation logic (git-fixes). * i2c: designware: Handle invalid SMBus block data response length value (git- fixes). * i2c: hisi: Only handle the interrupt of the driver's transfer (git-fixes). * i2c: nomadik: Remove a useless call in the remove function (git-fixes). * i2c: nomadik: Remove unnecessary goto label (git-fixes). * i2c: nomadik: Use devm_clk_get_enabled() (git-fixes). * i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). * iavf: fix potential races for FDIR filters (git-fixes). * ice: Fix RDMA VSI removal during queue rebuild (git-fixes). * ice: Fix crash by keep old cfg when update TCs more than queues (git-fixes). * ice: Fix max_rate check while configuring TX rate limits (git-fixes). * ice: Fix memory management in ice_ethtool_fdir.c (git-fixes). * iio: adc: ina2xx: avoid NULL pointer dereference on OF device match (git- fixes). * iio: adc: stx104: Implement and utilize register structures (git-fixes). * iio: adc: stx104: Utilize iomap interface (git-fixes). * iio: cros_ec: Fix the allocation size for cros_ec_command (git-fixes). * intel/e1000:fix repeated words in comments (jsc#PED-5738). * intel: remove unused macros (jsc#PED-5738). * iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd: Add PCI segment support for ivrs_ commands (git-fixes). * iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). * iommu/amd: Do not identity map v2 capable device when snp is enabled (git- fixes). * iommu/amd: Fix compile warning in init code (git-fixes). * iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). * iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes). * iommu/amd: Fix pci device refcount leak in ppr_notifier() (git-fixes). * iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). * iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (git-fixes). * iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). * iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). * iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git- fixes). * iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes). * iommu/dma: Fix incorrect error return on iommu deferred attach (git-fixes). * iommu/dma: Fix iova map result check bug (git-fixes). * iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). * iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (git-fixes). * iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit (git- fixes). * iommu/iova: Fix module config properly (git-fixes). * iommu/mediatek: Add error path for loop of mm_dts_parse (git-fixes). * iommu/mediatek: Add platform_device_put for recovering the device refcnt (git-fixes). * iommu/mediatek: Check return value after calling platform_get_resource() (git-fixes). * iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN (git-fixes). * iommu/mediatek: Use component_match_add (git-fixes). * iommu/mediatek: Validate number of phandles associated with "mediatek,larbs" (git-fixes). * iommu/omap: Fix buffer overflow in debugfs (git-fixes). * iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). * iommu/s390: Fix duplicate domain attachments (git-fixes). * iommu/sun50i: Consider all fault sources for reset (git-fixes). * iommu/sun50i: Fix R/W permission check (git-fixes). * iommu/sun50i: Fix flush size (git-fixes). * iommu/sun50i: Fix reset release (git-fixes). * iommu/sun50i: Implement .iotlb_sync_map (git-fixes). * iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes). * iommu/vt-d: Add RPLS to quirk list to skip TE disabling (git-fixes). * iommu/vt-d: Check correct capability for sagaw determination (git-fixes). * iommu/vt-d: Clean up si_domain in the init_dmars() error path (git-fixes). * iommu/vt-d: Correctly calculate sagaw value of IOMMU (git-fixes). * iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (git- fixes). * iommu/vt-d: Fix PCI device refcount leak in has_external_pci() (git-fixes). * iommu/vt-d: Fix kdump kernels boot failure with scalable mode (git-fixes). * iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (git- fixes). * iommu/vt-d: Set SRE bit only when hardware has SRS cap (git-fixes). * ipmi:ssif: Add check for kstrdup (git-fixes). * ipmi:ssif: Fix a memory leak when scanning for an adapter (git-fixes). * ipmi_si: fix a memleak in try_smi_init() (git-fixes). * jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). * kabi/severities: Ignore newly added SRSO mitigation functions * kabi: Allow extra bugsints (bsc#1213927). * kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. * kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12. * kunit: make kunit_test_timeout compatible with comment (git-fixes). * leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always false (git- fixes). * leds: multicolor: Use rounded division when calculating color components (git-fixes). * leds: pwm: Fix error code in led_pwm_create_fwnode() (git-fixes). * leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead (git-fixes). * leds: turris-omnia: Drop unnecessary mutex locking (git-fixes). * lib/test_meminit: allocate pages up to order MAX_ORDER (git-fixes). * lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). * libbpf: Fix BTF-to-C converter's padding logic (bsc#1211220 jsc#PED-3924). * libbpf: Fix btf_dump's packed struct determination (bsc#1211220 jsc#PED-3924). * libbpf: Fix single-line struct definition output in btf_dump (bsc#1211220 jsc#PED-3924). * libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). * md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916). * md/raid0: Fix performance regression for large sequential writes (bsc#1213916). * media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). * media: cx24120: Add retval check for cx24120_message_send() (git-fixes). * media: dib7000p: Fix potential division by zero (git-fixes). * media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (git- fixes). * media: go7007: Remove redundant if statement (git-fixes). * media: i2c: ccs: Check rules is non-NULL (git-fixes). * media: i2c: rdacm21: Fix uninitialized value (git-fixes). * media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). * media: ov2680: Add ov2680_fill_format() helper function (git-fixes). * media: ov2680: Do not take the lock for try_fmt calls (git-fixes). * media: ov2680: Fix ov2680_bayer_order() (git-fixes). * media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not working (git-fixes). * media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors (git-fixes). * media: ov2680: Fix vflip / hflip set functions (git-fixes). * media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes). * media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() (git-fixes). * media: rkvdec: increase max supported height for H.264 (git-fixes). * media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). * media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). * media: venus: hfi_venus: Only consider sys_idle_indicator on V1 (git-fixes). * media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts (git-fixes). * misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes). * mkspec: Allow unsupported KMPs (bsc#1214386) * mlxsw: pci: Add shutdown method in PCI driver (git-fixes). * mmc: block: Fix in_flight[issue_type] value error (git-fixes). * mmc: moxart: read scr register without changing byte order (git-fixes). * mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). * module: avoid allocation if module is already present and ready (bsc#1213921). * module: extract patient module check into helper (bsc#1213921). * module: move check_modinfo() early to early_mod_check() (bsc#1213921). * module: move early sanity checks into a helper (bsc#1213921). * mtd: rawnand: brcmnand: Fix crash during the panic_write (git-fixes). * mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes). * mtd: rawnand: brcmnand: Fix potential false time out warning (git-fixes). * mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write (git-fixes). * mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() (git-fixes). * mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git- fixes). * mtd: rawnand: omap_elm: Fix incorrect type in assignment (git-fixes). * mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts (git-fixes). * mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). * mtd: spi-nor: Check bus width while setting QE bit (git-fixes). * mtd: spinand: toshiba: Fix ecc_get_status (git-fixes). * n_tty: Rename tail to old_tail in n_tty_read() (git-fixes). * net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). * net: ieee802154: at86rf230: Stop leaking skb's (git-fixes). * net: mana: Fix MANA VF unload when hardware is unresponsive (git-fixes). * net: phy: at803x: remove set/get wol callbacks for AR8032 (git-fixes). * net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). * net: phy: fix IRQ-based wake-on-lan over hibernate / power off (git-fixes). * net: stmmac: tegra: Properly allocate clock bulk data (bsc#1213733) * net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (git-fixes). * net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (git-fixes). * netfs: Fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). * netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946 bsc#1214404). * netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946). * netfs: fix parameter of cleanup() (bsc#1214743). * nfsd: Remove incorrect check in nfsd4_validate_stateid (git-fixes). * nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (git- fixes). * nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git- fixes). * nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). * nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). * objtool/x86: Fix SRSO mess (git-fixes). * objtool/x86: Fixup frame-pointer vs rethunk (git-fixes). * objtool: Union instruction::{call_dest,jump_table} (git-fixes). * old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported. * pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() (git-fixes). * phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git- fixes). * phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git- fixes). * phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). * phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). * phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). * phy: qcom-snps: Use dev_err_probe() to simplify code (git-fixes). * phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). * pinctrl: amd: Mask wake bits on probe again (git-fixes). * pinctrl: amd: Revert "pinctrl: amd: disable and mask interrupts on probe" (git-fixes). * pinctrl: cherryview: fix address_space_handler() argument (git-fixes). * pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). * pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). * platform/x86: dell-sysman: Fix reference leak (git-fixes). * powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106). * powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case (bsc#1212091 ltc#199106). * powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device (bsc#1212091 ltc#199106). * powerpc/iommu: TCEs are incorrectly manipulated with DLPAR add/remove of memory (bsc#1212091 ltc#199106). * powerpc/iommu: do not set failed sg dma_address to DMA_MAPPING_ERROR (bsc#1212091 ltc#199106). * powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). * powerpc/kernel/iommu: Add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). * powerpc/kexec: Fix build failure from uninitialised variable (bsc#1212091 ltc#199106). * powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes). * powerpc/pseries/ddw: Do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). * powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Add of_node_put() before break (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Allow DDW windows starting at 0x00 (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Check if the default window in use before removing it (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is present (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Find existing DDW with given property name (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Make use of DDW for indirect mapping (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Rename "direct window" to "dma window" (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Replace hard-coded page shift (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091 ltc#199106). * powerpc/pseries: Add __init attribute to eligible functions (bsc#1212091 ltc#199106). * powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc/rtas: block error injection when locked down (bsc#1023051). * powerpc/rtas: enture rtas_call is called with MMU enabled (bsc#1023051). * powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). * powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). * powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 (bsc#1188885 ltc#193722 git-fixes). * powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files. * powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503). * powerpc: fix typos in comments (bsc#1212091 ltc#199106). * pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). * pstore/ram: Check start of empty przs during init (git-fixes). * pwm: Add a stub for devm_pwmchip_add() (git-fixes). * pwm: meson: Simplify duplicated per-channel tracking (git-fixes). * pwm: meson: fix handling of period/duty if greater than UINT_MAX (git- fixes). * qed: Fix scheduling in a tasklet while getting stats (git-fixes). * regmap: rbtree: Use alloc_flags for memory allocations (git-fixes). * ring-buffer: Do not swap cpu_buffer during resize process (git-fixes). * ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes). * ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes). * rpm/mkspec-dtb: support for nested subdirs * rpmsg: glink: Add check for kstrdup (git-fixes). * s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976). * s390/purgatory: disable branch profiling (git-fixes bsc#1214372). * s390/zcrypt: fix reply buffer calculations for CCA replies (bsc#1213949). * sched/fair: Fix inaccurate tally of ttwu_move_affine (git fixes). * sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes). * sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799). * scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). * scsi: 53c700: Check that command slot is not NULL (git-fixes). * scsi: RDMA/srp: Fix residual handling (git-fixes) * scsi: bsg: Increase number of devices (bsc#1210048). * scsi: core: Do not wait for quiesce in scsi_device_block() (bsc#1209284). * scsi: core: Do not wait for quiesce in scsi_stop_queue() (bsc#1209284). * scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). * scsi: core: Fix possible memory leak if device_add() fails (git-fixes). * scsi: core: Improve warning message in scsi_device_block() (bsc#1209284). * scsi: core: Merge scsi_internal_device_block() and device_block() (bsc#1209284). * scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). * scsi: qedf: Fix NULL dereference in error handling (git-fixes). * scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). * scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). * scsi: scsi_debug: Remove dead code (git-fixes). * scsi: sg: Increase number of devices (bsc#1210048). * scsi: snic: Fix double free in snic_tgt_create() (git-fixes). * scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). * scsi: storvsc: Always set no_report_opcodes (git-fixes). * scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes). * scsi: storvsc: Handle SRB status value 0x30 (git-fixes). * scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (git- fixes). * scsi: zfcp: Defer fc_rport blocking until after ADISC response (git-fixes bsc#1214371). * selftests/bpf: Test btf dump for struct with padding only fields (bsc#1211220 jsc#PED-3924). * selftests/futex: Order calls to futex_lock_pi (git-fixes). * selftests/harness: Actually report SKIP for signal tests (git-fixes). * selftests/resctrl: Close perf value read fd on errors (git-fixes). * selftests/resctrl: Do not leak buffer in fill_cache() (git-fixes). * selftests/resctrl: Unmount resctrl FS if child fails to run benchmark (git- fixes). * selftests/rseq: check if libc rseq support is registered (git-fixes). * selftests: forwarding: Add a helper to skip test when using veth pairs (git- fixes). * selftests: forwarding: Skip test when no interfaces are specified (git- fixes). * selftests: forwarding: Switch off timeout (git-fixes). * selftests: forwarding: ethtool: Skip when using veth pairs (git-fixes). * selftests: forwarding: ethtool_extended_state: Skip when using veth pairs (git-fixes). * selftests: forwarding: tc_actions: Use ncat instead of nc (git-fixes). * selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). * selftests: forwarding: tc_flower: Relax success criterion (git-fixes). * selftests: mirror_gre_changes: Tighten up the TTL test match (git-fixes). * serial: sc16is7xx: fix broken port 0 uart init (git-fixes). * serial: sc16is7xx: fix bug when first setting GPIO direction (git-fixes). * serial: sprd: Assign sprd_port after initialized to avoid wrong access (git- fixes). * serial: sprd: Fix DMA buffer leak issue (git-fixes). * serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). * sfc: fix crash when reading stats while NIC is resetting (git-fixes). * smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request (bsc#1193629). * smb: client: Fix -Wstringop-overflow issues (bsc#1193629). * smb: client: fix dfs link mount against w2k8 (bsc#1212142). * smb: client: fix null auth (git-fixes). * soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes). * soundwire: bus: pm_runtime_request_resume on peripheral attachment (git- fixes). * soundwire: fix enumeration completion (git-fixes). * spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). * supported.conf: fix typos for -!optional markers * swiotlb: Remove bounce buffer remapping for Hyper-V (bsc#1206453). * target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). * target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). * target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). * target_core_rbd: remove snapshot existence validation code (bsc#1212857). * thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). * timers: Add shutdown mechanism to the internal functions (bsc#1213970). * timers: Provide timer_shutdown_sync (bsc#1213970). * timers: Rename del_timer() to timer_delete() (bsc#1213970). * timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970). * timers: Replace BUG_ON()s (bsc#1213970). * timers: Silently ignore timers with a NULL function (bsc#1213970). * timers: Split [try_to_]del_timer_sync to prepare for shutdown mode (bsc#1213970). * timers: Update kernel-doc for various functions (bsc#1213970). * timers: Use del_timer_sync() even on UP (bsc#1213970). * tracing/histograms: Add histograms to hist_vars if they have referenced variables (git-fixes). * tracing/histograms: Return an error if we fail to add histogram to hist_vars list (git-fixes). * tracing/probes: Fix not to count error code to total length (git-fixes). * tracing/probes: Fix to avoid double count of the string length on the array (git-fixes). * tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). * tracing/probes: Fix to update dynamic data counter if fetcharg uses it (git- fixes). * tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git- fixes). * tracing: Fix memleak due to race between current_tracer and trace (git- fixes). * tracing: Fix memory leak of iter->temp when reading trace_pipe (git-fixes). * tracing: Fix null pointer dereference in tracing_err_log_open() (git-fixes). * tracing: Fix warning in trace_buffered_event_disable() (git-fixes). * tty: fix hang on tty device with no_room set (git-fixes). * tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (git- fixes). * tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes). * tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms (git-fixes). * tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). * tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A (git-fixes). * ubifs: Fix memleak when insert_old_idx() failed (git-fixes). * usb-storage: alauda: Fix uninit-value in alauda_check_media() (git-fixes). * usb: chipidea: imx: add missing USB PHY DPDM wakeup setting (git-fixes). * usb: chipidea: imx: do not request QoS for imx8ulp (git-fixes). * usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git- fixes). * usb: common: usb-conn-gpio: Prevent bailing out if initial role is none (git-fixes). * usb: dwc3: Fix typos in gadget.c (git-fixes). * usb: dwc3: Properly handle processing of pending events (git-fixes). * usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git- fixes). * usb: gadget: Fix the memory leak in raw_gadget driver (git-fixes). * usb: gadget: f_mass_storage: Fix unused variable warning (git-fixes). * usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push (git- fixes). * usb: ohci-at91: Fix the unhandle interrupt when resume (git-fixes). * usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git- fixes). * usb: quirks: add quirk for Focusrite Scarlett (git-fixes). * usb: serial: option: add Quectel EC200A module support (git-fixes). * usb: serial: option: support Quectel EM060K_128 (git-fixes). * usb: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes). * usb: serial: simple: sort driver entries (git-fixes). * usb: typec: altmodes/displayport: Signal hpd when configuring pin assignment (git-fixes). * usb: typec: tcpm: Fix response to vsafe0V event (git-fixes). * usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). * usb: zaurus: Add ID for A-300/B-500/C-700 (git-fixes). * watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) (git- fixes). * wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes). * wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes). * wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git- fixes). * wifi: ath9k: protect WMI command response buffer replacement with a lock (git-fixes). * wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes). * wifi: cfg80211: Fix return value in scan logic (git-fixes). * wifi: cfg80211: fix sband iftype data lookup for AP_VLAN (git-fixes). * wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) (git-fixes). * wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). * wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). * wifi: mt76: mt7921: fix non-PSC channel scan fail (git-fixes). * wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH (git-fixes). * wifi: mwifiex: Fix OOB and integer underflow when rx packets (git-fixes). * wifi: mwifiex: Fix missed return in oob checks failed path (git-fixes). * wifi: mwifiex: avoid possible NULL skb pointer dereference (git-fixes). * wifi: mwifiex: fix error recovery in PCIE buffer descriptor management (git- fixes). * wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). * wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute (git-fixes). * wifi: radiotap: fix kernel-doc notation warnings (git-fixes). * wifi: rtw89: debug: Fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). * x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes). * x86/alternative: Make custom return thunk unconditional (git-fixes). * x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). * x86/cpu: Clean up SRSO return thunk mess (git-fixes). * x86/cpu: Cleanup the untrain mess (git-fixes). * x86/cpu: Fix __x86_return_thunk symbol type (git-fixes). * x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). * x86/cpu: Rename original retbleed methods (git-fixes). * x86/cpu: Rename srso_(.*) _alias to srso_alias_ \1 (git-fixes). * x86/hyperv: Add an interface to do nested hypercalls (bsc#1206453). * x86/hyperv: Add support for detecting nested hypervisor (bsc#1206453). * x86/hyperv: Change vTOM handling to use standard coco mechanisms (bsc#1206453). * x86/hyperv: Remove BUG_ON() for kmap_local_page() (bsc#1206453). * x86/hyperv: Reorder code to facilitate future work (bsc#1206453). * x86/hyperv: Replace kmap() with kmap_local_page() (bsc#1206453). * x86/ioremap: Add hypervisor callback for private MMIO mapping in coco (bsc#1206453). * x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes). * x86/mm: Handle decryption/re-encryption of bss_decrypted consistently (bsc#1206453). * x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes). * x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes). * x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). * x86/speculation: Add cpu_show_gds() prototype (git-fixes). * x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). * x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). * x86/srso: Disable the mitigation on unaffected configurations (git-fixes). * x86/srso: Explain the untraining sequences a bit more (git-fixes). * x86/srso: Fix build breakage with the LLVM linker (git-fixes). * x86/srso: Fix return thunks in generated code (git-fixes). * x86/static_call: Fix __static_call_fixup() (git-fixes). * x86/tdx: Add more registers to struct tdx_hypercall_args (bsc#1206453). * x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (bsc#1206453). * x86/tdx: Expand __tdx_hypercall() to handle more arguments (bsc#1206453). * x86/tdx: Fix typo in comment in __tdx_hypercall() (bsc#1206453). * x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (bsc#1206453). * xfs: fix sb write verify for lazysbcount (bsc#1214661). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3704=1 openSUSE-SLE-15.5-2023-3704=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3704=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3704=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-3704=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3704=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-3704=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-3704=1 ## Package List: * openSUSE Leap 15.5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.22.1 * openSUSE Leap 15.5 (noarch) * kernel-docs-html-5.14.21-150500.55.22.1 * kernel-source-5.14.21-150500.55.22.1 * kernel-devel-5.14.21-150500.55.22.1 * kernel-source-vanilla-5.14.21-150500.55.22.1 * kernel-macros-5.14.21-150500.55.22.1 * openSUSE Leap 15.5 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150500.55.22.1 * openSUSE Leap 15.5 (ppc64le x86_64) * kernel-debug-devel-debuginfo-5.14.21-150500.55.22.1 * kernel-debug-livepatch-devel-5.14.21-150500.55.22.1 * kernel-debug-devel-5.14.21-150500.55.22.1 * kernel-debug-debugsource-5.14.21-150500.55.22.1 * kernel-debug-debuginfo-5.14.21-150500.55.22.1 * openSUSE Leap 15.5 (x86_64) * kernel-debug-vdso-debuginfo-5.14.21-150500.55.22.1 * kernel-kvmsmall-vdso-5.14.21-150500.55.22.1 * kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.22.1 * kernel-default-vdso-5.14.21-150500.55.22.1 * kernel-debug-vdso-5.14.21-150500.55.22.1 * kernel-default-vdso-debuginfo-5.14.21-150500.55.22.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * kernel-default-base-rebuild-5.14.21-150500.55.22.1.150500.6.8.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.22.1 * kernel-kvmsmall-devel-5.14.21-150500.55.22.1 * kernel-kvmsmall-debuginfo-5.14.21-150500.55.22.1 * kernel-kvmsmall-livepatch-devel-5.14.21-150500.55.22.1 * kernel-default-base-5.14.21-150500.55.22.1.150500.6.8.1 * kernel-kvmsmall-debugsource-5.14.21-150500.55.22.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-5.14.21-150500.55.22.1 * kernel-default-debuginfo-5.14.21-150500.55.22.1 * ocfs2-kmp-default-5.14.21-150500.55.22.1 * cluster-md-kmp-default-5.14.21-150500.55.22.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.22.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.22.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.22.1 * kernel-default-livepatch-5.14.21-150500.55.22.1 * kernel-default-extra-5.14.21-150500.55.22.1 * kernel-default-debugsource-5.14.21-150500.55.22.1 * kernel-default-extra-debuginfo-5.14.21-150500.55.22.1 * dlm-kmp-default-5.14.21-150500.55.22.1 * kernel-obs-build-debugsource-5.14.21-150500.55.22.1 * kernel-default-devel-5.14.21-150500.55.22.1 * dlm-kmp-default-debuginfo-5.14.21-150500.55.22.1 * gfs2-kmp-default-5.14.21-150500.55.22.1 * kernel-default-optional-5.14.21-150500.55.22.1 * kernel-default-livepatch-devel-5.14.21-150500.55.22.1 * kernel-obs-qa-5.14.21-150500.55.22.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.22.1 * kernel-syms-5.14.21-150500.55.22.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.22.1 * kselftests-kmp-default-debuginfo-5.14.21-150500.55.22.1 * reiserfs-kmp-default-5.14.21-150500.55.22.1 * kernel-default-optional-debuginfo-5.14.21-150500.55.22.1 * kselftests-kmp-default-5.14.21-150500.55.22.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.22.1 * openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150500.55.22.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_22-default-1-150500.11.3.1 * kernel-livepatch-SLE15-SP5_Update_4-debugsource-1-150500.11.3.1 * kernel-livepatch-5_14_21-150500_55_22-default-debuginfo-1-150500.11.3.1 * openSUSE Leap 15.5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.22.1 * openSUSE Leap 15.5 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150500.55.22.1 * kernel-zfcpdump-debuginfo-5.14.21-150500.55.22.1 * openSUSE Leap 15.5 (nosrc) * dtb-aarch64-5.14.21-150500.55.22.1 * openSUSE Leap 15.5 (aarch64) * dtb-allwinner-5.14.21-150500.55.22.1 * dtb-arm-5.14.21-150500.55.22.1 * kernel-64kb-debugsource-5.14.21-150500.55.22.1 * kernel-64kb-extra-debuginfo-5.14.21-150500.55.22.1 * dtb-apple-5.14.21-150500.55.22.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.22.1 * dtb-rockchip-5.14.21-150500.55.22.1 * kernel-64kb-debuginfo-5.14.21-150500.55.22.1 * dtb-mediatek-5.14.21-150500.55.22.1 * dtb-nvidia-5.14.21-150500.55.22.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.22.1 * dtb-exynos-5.14.21-150500.55.22.1 * dtb-sprd-5.14.21-150500.55.22.1 * ocfs2-kmp-64kb-5.14.21-150500.55.22.1 * dtb-apm-5.14.21-150500.55.22.1 * dlm-kmp-64kb-debuginfo-5.14.21-150500.55.22.1 * dtb-broadcom-5.14.21-150500.55.22.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.22.1 * dtb-freescale-5.14.21-150500.55.22.1 * cluster-md-kmp-64kb-5.14.21-150500.55.22.1 * kselftests-kmp-64kb-5.14.21-150500.55.22.1 * dtb-lg-5.14.21-150500.55.22.1 * dtb-renesas-5.14.21-150500.55.22.1 * dtb-socionext-5.14.21-150500.55.22.1 * dtb-amd-5.14.21-150500.55.22.1 * kernel-64kb-livepatch-devel-5.14.21-150500.55.22.1 * dtb-xilinx-5.14.21-150500.55.22.1 * dtb-amlogic-5.14.21-150500.55.22.1 * dtb-amazon-5.14.21-150500.55.22.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.22.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.22.1 * reiserfs-kmp-64kb-5.14.21-150500.55.22.1 * dtb-qcom-5.14.21-150500.55.22.1 * dtb-altera-5.14.21-150500.55.22.1 * gfs2-kmp-64kb-5.14.21-150500.55.22.1 * kernel-64kb-devel-5.14.21-150500.55.22.1 * kernel-64kb-optional-5.14.21-150500.55.22.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.22.1 * dlm-kmp-64kb-5.14.21-150500.55.22.1 * kernel-64kb-extra-5.14.21-150500.55.22.1 * kernel-64kb-optional-debuginfo-5.14.21-150500.55.22.1 * dtb-hisilicon-5.14.21-150500.55.22.1 * dtb-marvell-5.14.21-150500.55.22.1 * dtb-cavium-5.14.21-150500.55.22.1 * openSUSE Leap 15.5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.22.1 * Basesystem Module 15-SP5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.22.1 * Basesystem Module 15-SP5 (aarch64) * kernel-64kb-debuginfo-5.14.21-150500.55.22.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.22.1 * kernel-64kb-debugsource-5.14.21-150500.55.22.1 * kernel-64kb-devel-5.14.21-150500.55.22.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.22.1 * Basesystem Module 15-SP5 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150500.55.22.1.150500.6.8.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-debuginfo-5.14.21-150500.55.22.1 * kernel-default-debugsource-5.14.21-150500.55.22.1 * kernel-default-debuginfo-5.14.21-150500.55.22.1 * kernel-default-devel-5.14.21-150500.55.22.1 * Basesystem Module 15-SP5 (noarch) * kernel-macros-5.14.21-150500.55.22.1 * kernel-devel-5.14.21-150500.55.22.1 * Basesystem Module 15-SP5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.22.1 * Basesystem Module 15-SP5 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150500.55.22.1 * kernel-zfcpdump-debuginfo-5.14.21-150500.55.22.1 * Development Tools Module 15-SP5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.22.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-5.14.21-150500.55.22.1 * kernel-obs-build-debugsource-5.14.21-150500.55.22.1 * kernel-syms-5.14.21-150500.55.22.1 * Development Tools Module 15-SP5 (noarch) * kernel-source-5.14.21-150500.55.22.1 * Legacy Module 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.22.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.22.1 * reiserfs-kmp-default-5.14.21-150500.55.22.1 * kernel-default-debugsource-5.14.21-150500.55.22.1 * kernel-default-debuginfo-5.14.21-150500.55.22.1 * SUSE Linux Enterprise Live Patching 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.22.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-default-livepatch-devel-5.14.21-150500.55.22.1 * kernel-default-debuginfo-5.14.21-150500.55.22.1 * kernel-default-livepatch-5.14.21-150500.55.22.1 * kernel-livepatch-5_14_21-150500_55_22-default-1-150500.11.3.1 * kernel-livepatch-SLE15-SP5_Update_4-debugsource-1-150500.11.3.1 * kernel-livepatch-5_14_21-150500_55_22-default-debuginfo-1-150500.11.3.1 * kernel-default-debugsource-5.14.21-150500.55.22.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * gfs2-kmp-default-debuginfo-5.14.21-150500.55.22.1 * kernel-default-debuginfo-5.14.21-150500.55.22.1 * ocfs2-kmp-default-5.14.21-150500.55.22.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.22.1 * kernel-default-debugsource-5.14.21-150500.55.22.1 * cluster-md-kmp-default-5.14.21-150500.55.22.1 * dlm-kmp-default-5.14.21-150500.55.22.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.22.1 * dlm-kmp-default-debuginfo-5.14.21-150500.55.22.1 * gfs2-kmp-default-5.14.21-150500.55.22.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.22.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.22.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * kernel-default-extra-5.14.21-150500.55.22.1 * kernel-default-debugsource-5.14.21-150500.55.22.1 * kernel-default-debuginfo-5.14.21-150500.55.22.1 * kernel-default-extra-debuginfo-5.14.21-150500.55.22.1 ## References: * https://www.suse.com/security/cve/CVE-2022-38457.html * https://www.suse.com/security/cve/CVE-2022-40133.html * https://www.suse.com/security/cve/CVE-2023-2007.html * https://www.suse.com/security/cve/CVE-2023-20588.html * https://www.suse.com/security/cve/CVE-2023-34319.html * https://www.suse.com/security/cve/CVE-2023-3610.html * https://www.suse.com/security/cve/CVE-2023-37453.html * https://www.suse.com/security/cve/CVE-2023-3772.html * https://www.suse.com/security/cve/CVE-2023-3863.html * https://www.suse.com/security/cve/CVE-2023-40283.html * https://www.suse.com/security/cve/CVE-2023-4128.html * https://www.suse.com/security/cve/CVE-2023-4133.html * https://www.suse.com/security/cve/CVE-2023-4134.html * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4194.html * https://www.suse.com/security/cve/CVE-2023-4273.html * https://www.suse.com/security/cve/CVE-2023-4387.html * https://www.suse.com/security/cve/CVE-2023-4459.html * https://www.suse.com/security/cve/CVE-2023-4563.html * https://www.suse.com/security/cve/CVE-2023-4569.html * https://bugzilla.suse.com/show_bug.cgi?id=1023051 * https://bugzilla.suse.com/show_bug.cgi?id=1120059 * https://bugzilla.suse.com/show_bug.cgi?id=1177719 * https://bugzilla.suse.com/show_bug.cgi?id=1188885 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1203329 * https://bugzilla.suse.com/show_bug.cgi?id=1203330 * https://bugzilla.suse.com/show_bug.cgi?id=1205462 * https://bugzilla.suse.com/show_bug.cgi?id=1206453 * https://bugzilla.suse.com/show_bug.cgi?id=1208902 * https://bugzilla.suse.com/show_bug.cgi?id=1208949 * https://bugzilla.suse.com/show_bug.cgi?id=1209284 * https://bugzilla.suse.com/show_bug.cgi?id=1209799 * https://bugzilla.suse.com/show_bug.cgi?id=1210048 * https://bugzilla.suse.com/show_bug.cgi?id=1210448 * https://bugzilla.suse.com/show_bug.cgi?id=1211220 * https://bugzilla.suse.com/show_bug.cgi?id=1212091 * https://bugzilla.suse.com/show_bug.cgi?id=1212142 * https://bugzilla.suse.com/show_bug.cgi?id=1212423 * https://bugzilla.suse.com/show_bug.cgi?id=1212526 * https://bugzilla.suse.com/show_bug.cgi?id=1212857 * https://bugzilla.suse.com/show_bug.cgi?id=1212873 * https://bugzilla.suse.com/show_bug.cgi?id=1213026 * https://bugzilla.suse.com/show_bug.cgi?id=1213123 * https://bugzilla.suse.com/show_bug.cgi?id=1213546 * https://bugzilla.suse.com/show_bug.cgi?id=1213580 * https://bugzilla.suse.com/show_bug.cgi?id=1213601 * https://bugzilla.suse.com/show_bug.cgi?id=1213666 * https://bugzilla.suse.com/show_bug.cgi?id=1213733 * https://bugzilla.suse.com/show_bug.cgi?id=1213757 * https://bugzilla.suse.com/show_bug.cgi?id=1213759 * https://bugzilla.suse.com/show_bug.cgi?id=1213916 * https://bugzilla.suse.com/show_bug.cgi?id=1213921 * https://bugzilla.suse.com/show_bug.cgi?id=1213927 * https://bugzilla.suse.com/show_bug.cgi?id=1213946 * https://bugzilla.suse.com/show_bug.cgi?id=1213949 * https://bugzilla.suse.com/show_bug.cgi?id=1213968 * https://bugzilla.suse.com/show_bug.cgi?id=1213970 * https://bugzilla.suse.com/show_bug.cgi?id=1213971 * https://bugzilla.suse.com/show_bug.cgi?id=1214000 * https://bugzilla.suse.com/show_bug.cgi?id=1214019 * https://bugzilla.suse.com/show_bug.cgi?id=1214073 * https://bugzilla.suse.com/show_bug.cgi?id=1214120 * https://bugzilla.suse.com/show_bug.cgi?id=1214149 * https://bugzilla.suse.com/show_bug.cgi?id=1214180 * https://bugzilla.suse.com/show_bug.cgi?id=1214233 * https://bugzilla.suse.com/show_bug.cgi?id=1214238 * https://bugzilla.suse.com/show_bug.cgi?id=1214285 * https://bugzilla.suse.com/show_bug.cgi?id=1214297 * https://bugzilla.suse.com/show_bug.cgi?id=1214299 * https://bugzilla.suse.com/show_bug.cgi?id=1214305 * https://bugzilla.suse.com/show_bug.cgi?id=1214350 * https://bugzilla.suse.com/show_bug.cgi?id=1214368 * https://bugzilla.suse.com/show_bug.cgi?id=1214370 * https://bugzilla.suse.com/show_bug.cgi?id=1214371 * https://bugzilla.suse.com/show_bug.cgi?id=1214372 * https://bugzilla.suse.com/show_bug.cgi?id=1214380 * https://bugzilla.suse.com/show_bug.cgi?id=1214386 * https://bugzilla.suse.com/show_bug.cgi?id=1214392 * https://bugzilla.suse.com/show_bug.cgi?id=1214393 * https://bugzilla.suse.com/show_bug.cgi?id=1214397 * https://bugzilla.suse.com/show_bug.cgi?id=1214404 * https://bugzilla.suse.com/show_bug.cgi?id=1214428 * https://bugzilla.suse.com/show_bug.cgi?id=1214451 * https://bugzilla.suse.com/show_bug.cgi?id=1214659 * https://bugzilla.suse.com/show_bug.cgi?id=1214661 * https://bugzilla.suse.com/show_bug.cgi?id=1214727 * https://bugzilla.suse.com/show_bug.cgi?id=1214729 * https://bugzilla.suse.com/show_bug.cgi?id=1214742 * https://bugzilla.suse.com/show_bug.cgi?id=1214743 * https://bugzilla.suse.com/show_bug.cgi?id=1214756 * https://bugzilla.suse.com/show_bug.cgi?id=1214976 * https://jira.suse.com/browse/PED-3924 * https://jira.suse.com/browse/PED-4579 * https://jira.suse.com/browse/PED-4759 * https://jira.suse.com/browse/PED-4927 * https://jira.suse.com/browse/PED-4929 * https://jira.suse.com/browse/PED-5738 * https://jira.suse.com/browse/PED-6003 * https://jira.suse.com/browse/PED-6004 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 12:30:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 12:30:42 -0000 Subject: SUSE-SU-2023:3702-1: moderate: Security update for mutt Message-ID: <169521304243.2038.3108329732363955049@smelt2.prg2.suse.org> # Security update for mutt Announcement ID: SUSE-SU-2023:3702-1 Rating: moderate References: * #1215189 * #1215191 Cross-References: * CVE-2023-4874 * CVE-2023-4875 CVSS scores: * CVE-2023-4874 ( SUSE ): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2023-4874 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-4875 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-4875 ( NVD ): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for mutt fixes the following issues: * CVE-2023-4874: Fixed NULL pointer dereference when composing an email (bsc#1215189). * CVE-2023-4875: Fixed NULL pointer dereference when receiving an email (bsc#1215191). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3702=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3702=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3702=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * mutt-1.10.1-55.30.1 * mutt-debugsource-1.10.1-55.30.1 * mutt-debuginfo-1.10.1-55.30.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * mutt-1.10.1-55.30.1 * mutt-debugsource-1.10.1-55.30.1 * mutt-debuginfo-1.10.1-55.30.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * mutt-1.10.1-55.30.1 * mutt-debugsource-1.10.1-55.30.1 * mutt-debuginfo-1.10.1-55.30.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4874.html * https://www.suse.com/security/cve/CVE-2023-4875.html * https://bugzilla.suse.com/show_bug.cgi?id=1215189 * https://bugzilla.suse.com/show_bug.cgi?id=1215191 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 12:30:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 12:30:45 -0000 Subject: SUSE-SU-2023:3701-1: important: Security update for go1.21 Message-ID: <169521304565.2038.8746947663929557944@smelt2.prg2.suse.org> # Security update for go1.21 Announcement ID: SUSE-SU-2023:3701-1 Rating: important References: * #1212475 * #1215084 * #1215085 * #1215086 * #1215087 * #1215090 Cross-References: * CVE-2023-39318 * CVE-2023-39319 * CVE-2023-39320 * CVE-2023-39321 * CVE-2023-39322 CVSS scores: * CVE-2023-39318 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2023-39318 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-39319 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2023-39319 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-39320 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-39320 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-39321 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39321 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39322 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39322 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves five vulnerabilities and has one security fix can now be installed. ## Description: This update for go1.21 fixes the following issues: Update to go1.21.1 (bsc#1212475). * CVE-2023-39318: Fixed improper handling of HTML-like comments within script contexts in html/template (bsc#1215084). * CVE-2023-39319: Fixed improper handling of special tags within script contexts in html/template (bsc#1215085). * CVE-2023-39320: Fixed arbitrary execution in go.mod toolchain directive (bsc#1215086). * CVE-2023-39321, CVE-2023-39322: Fixed a panic when processing post-handshake message on QUIC connections in crypto/tls (bsc#1215087). The following non-security bug was fixed: * Add missing directory pprof html asset directory to package (bsc#1215090). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3701=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3701=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3701=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3701=1 ## Package List: * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.21-doc-1.21.1-150000.1.6.1 * go1.21-race-1.21.1-150000.1.6.1 * go1.21-1.21.1-150000.1.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.21-doc-1.21.1-150000.1.6.1 * go1.21-race-1.21.1-150000.1.6.1 * go1.21-1.21.1-150000.1.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.21-doc-1.21.1-150000.1.6.1 * go1.21-race-1.21.1-150000.1.6.1 * go1.21-1.21.1-150000.1.6.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.21-doc-1.21.1-150000.1.6.1 * go1.21-1.21.1-150000.1.6.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.21-race-1.21.1-150000.1.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39318.html * https://www.suse.com/security/cve/CVE-2023-39319.html * https://www.suse.com/security/cve/CVE-2023-39320.html * https://www.suse.com/security/cve/CVE-2023-39321.html * https://www.suse.com/security/cve/CVE-2023-39322.html * https://bugzilla.suse.com/show_bug.cgi?id=1212475 * https://bugzilla.suse.com/show_bug.cgi?id=1215084 * https://bugzilla.suse.com/show_bug.cgi?id=1215085 * https://bugzilla.suse.com/show_bug.cgi?id=1215086 * https://bugzilla.suse.com/show_bug.cgi?id=1215087 * https://bugzilla.suse.com/show_bug.cgi?id=1215090 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 12:30:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 12:30:48 -0000 Subject: SUSE-SU-2023:3700-1: important: Security update for go1.20 Message-ID: <169521304851.2038.7357563377206234202@smelt2.prg2.suse.org> # Security update for go1.20 Announcement ID: SUSE-SU-2023:3700-1 Rating: important References: * #1206346 * #1215084 * #1215085 * #1215090 Cross-References: * CVE-2023-39318 * CVE-2023-39319 CVSS scores: * CVE-2023-39318 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2023-39318 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-39319 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2023-39319 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and has two security fixes can now be installed. ## Description: This update for go1.20 fixes the following issues: Update to go1.20.8 (bsc#1206346). * CVE-2023-39318: Fixed improper handling of HTML-like comments within script contexts in html/template (bsc#1215084). * CVE-2023-39319: Fixed improper handling of special tags within script contexts in html/template (bsc#1215085). The following non-security bug was fixed: * Add missing directory pprof html asset directory to package (bsc#1215090). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3700=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3700=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3700=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3700=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.20-debuginfo-1.20.8-150000.1.23.1 * go1.20-1.20.8-150000.1.23.1 * go1.20-race-1.20.8-150000.1.23.1 * go1.20-doc-1.20.8-150000.1.23.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.20-debuginfo-1.20.8-150000.1.23.1 * go1.20-1.20.8-150000.1.23.1 * go1.20-race-1.20.8-150000.1.23.1 * go1.20-doc-1.20.8-150000.1.23.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.20-1.20.8-150000.1.23.1 * go1.20-doc-1.20.8-150000.1.23.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.20-race-1.20.8-150000.1.23.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.20-debuginfo-1.20.8-150000.1.23.1 * go1.20-1.20.8-150000.1.23.1 * go1.20-race-1.20.8-150000.1.23.1 * go1.20-doc-1.20.8-150000.1.23.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39318.html * https://www.suse.com/security/cve/CVE-2023-39319.html * https://bugzilla.suse.com/show_bug.cgi?id=1206346 * https://bugzilla.suse.com/show_bug.cgi?id=1215084 * https://bugzilla.suse.com/show_bug.cgi?id=1215085 * https://bugzilla.suse.com/show_bug.cgi?id=1215090 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 12:30:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 12:30:51 -0000 Subject: SUSE-SU-2023:3699-1: important: Security update for libxml2 Message-ID: <169521305100.2038.16719040754646041121@smelt2.prg2.suse.org> # Security update for libxml2 Announcement ID: SUSE-SU-2023:3699-1 Rating: important References: * #1214768 Cross-References: * CVE-2023-39615 CVSS scores: * CVE-2023-39615 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-39615 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * Python 3 Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for libxml2 fixes the following issues: * CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3699=1 openSUSE-SLE-15.4-2023-3699=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3699=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3699=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3699=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3699=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3699=1 * Python 3 Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-3699=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libxml2-tools-debuginfo-2.9.14-150400.5.22.1 * python311-libxml2-debuginfo-2.9.14-150400.5.22.1 * libxml2-debugsource-2.9.14-150400.5.22.1 * libxml2-2-2.9.14-150400.5.22.1 * libxml2-python-debugsource-2.9.14-150400.5.22.1 * python3-libxml2-debuginfo-2.9.14-150400.5.22.1 * python311-libxml2-2.9.14-150400.5.22.1 * libxml2-tools-2.9.14-150400.5.22.1 * libxml2-devel-2.9.14-150400.5.22.1 * python3-libxml2-2.9.14-150400.5.22.1 * libxml2-2-debuginfo-2.9.14-150400.5.22.1 * openSUSE Leap 15.4 (x86_64) * libxml2-2-32bit-2.9.14-150400.5.22.1 * libxml2-2-32bit-debuginfo-2.9.14-150400.5.22.1 * libxml2-devel-32bit-2.9.14-150400.5.22.1 * openSUSE Leap 15.4 (noarch) * libxml2-doc-2.9.14-150400.5.22.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libxml2-2-64bit-2.9.14-150400.5.22.1 * libxml2-devel-64bit-2.9.14-150400.5.22.1 * libxml2-2-64bit-debuginfo-2.9.14-150400.5.22.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libxml2-tools-debuginfo-2.9.14-150400.5.22.1 * libxml2-python-debugsource-2.9.14-150400.5.22.1 * libxml2-debugsource-2.9.14-150400.5.22.1 * libxml2-2-2.9.14-150400.5.22.1 * python3-libxml2-debuginfo-2.9.14-150400.5.22.1 * libxml2-tools-2.9.14-150400.5.22.1 * python3-libxml2-2.9.14-150400.5.22.1 * libxml2-2-debuginfo-2.9.14-150400.5.22.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libxml2-tools-debuginfo-2.9.14-150400.5.22.1 * libxml2-python-debugsource-2.9.14-150400.5.22.1 * libxml2-debugsource-2.9.14-150400.5.22.1 * libxml2-2-2.9.14-150400.5.22.1 * python3-libxml2-debuginfo-2.9.14-150400.5.22.1 * libxml2-tools-2.9.14-150400.5.22.1 * python3-libxml2-2.9.14-150400.5.22.1 * libxml2-2-debuginfo-2.9.14-150400.5.22.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libxml2-tools-debuginfo-2.9.14-150400.5.22.1 * libxml2-python-debugsource-2.9.14-150400.5.22.1 * libxml2-debugsource-2.9.14-150400.5.22.1 * libxml2-2-2.9.14-150400.5.22.1 * python3-libxml2-debuginfo-2.9.14-150400.5.22.1 * libxml2-tools-2.9.14-150400.5.22.1 * python3-libxml2-2.9.14-150400.5.22.1 * libxml2-2-debuginfo-2.9.14-150400.5.22.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libxml2-tools-debuginfo-2.9.14-150400.5.22.1 * libxml2-python-debugsource-2.9.14-150400.5.22.1 * libxml2-debugsource-2.9.14-150400.5.22.1 * libxml2-2-2.9.14-150400.5.22.1 * python3-libxml2-debuginfo-2.9.14-150400.5.22.1 * libxml2-tools-2.9.14-150400.5.22.1 * python3-libxml2-2.9.14-150400.5.22.1 * libxml2-2-debuginfo-2.9.14-150400.5.22.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libxml2-tools-debuginfo-2.9.14-150400.5.22.1 * libxml2-debugsource-2.9.14-150400.5.22.1 * libxml2-2-2.9.14-150400.5.22.1 * python3-libxml2-debuginfo-2.9.14-150400.5.22.1 * libxml2-tools-2.9.14-150400.5.22.1 * libxml2-devel-2.9.14-150400.5.22.1 * python3-libxml2-2.9.14-150400.5.22.1 * libxml2-2-debuginfo-2.9.14-150400.5.22.1 * Basesystem Module 15-SP4 (x86_64) * libxml2-2-32bit-2.9.14-150400.5.22.1 * libxml2-2-32bit-debuginfo-2.9.14-150400.5.22.1 * Python 3 Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python311-libxml2-2.9.14-150400.5.22.1 * python311-libxml2-debuginfo-2.9.14-150400.5.22.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39615.html * https://bugzilla.suse.com/show_bug.cgi?id=1214768 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 12:30:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 12:30:53 -0000 Subject: SUSE-SU-2023:3698-1: important: Security update for libxml2 Message-ID: <169521305367.2038.5624546933229911036@smelt2.prg2.suse.org> # Security update for libxml2 Announcement ID: SUSE-SU-2023:3698-1 Rating: important References: * #1214768 Cross-References: * CVE-2023-39615 CVSS scores: * CVE-2023-39615 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-39615 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for libxml2 fixes the following issues: * CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3698=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3698=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3698=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3698=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3698=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3698=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3698=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3698=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3698=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3698=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3698=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3698=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3698=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3698=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3698=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3698=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3698=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3698=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3698=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3698=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libxml2-debugsource-2.9.7-150000.3.60.1 * python3-libxml2-python-2.9.7-150000.3.60.1 * python-libxml2-python-debugsource-2.9.7-150000.3.60.1 * libxml2-tools-debuginfo-2.9.7-150000.3.60.1 * libxml2-tools-2.9.7-150000.3.60.1 * libxml2-2-2.9.7-150000.3.60.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * libxml2-2-debuginfo-2.9.7-150000.3.60.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libxml2-debugsource-2.9.7-150000.3.60.1 * python3-libxml2-python-2.9.7-150000.3.60.1 * python-libxml2-python-debugsource-2.9.7-150000.3.60.1 * libxml2-tools-debuginfo-2.9.7-150000.3.60.1 * libxml2-tools-2.9.7-150000.3.60.1 * libxml2-2-2.9.7-150000.3.60.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * libxml2-2-debuginfo-2.9.7-150000.3.60.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python-libxml2-python-debugsource-2.9.7-150000.3.60.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * python3-libxml2-python-2.9.7-150000.3.60.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python-libxml2-python-debugsource-2.9.7-150000.3.60.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * python3-libxml2-python-2.9.7-150000.3.60.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libxml2-debugsource-2.9.7-150000.3.60.1 * python3-libxml2-python-2.9.7-150000.3.60.1 * python-libxml2-python-debugsource-2.9.7-150000.3.60.1 * python2-libxml2-python-2.9.7-150000.3.60.1 * libxml2-tools-debuginfo-2.9.7-150000.3.60.1 * libxml2-tools-2.9.7-150000.3.60.1 * libxml2-2-2.9.7-150000.3.60.1 * libxml2-devel-2.9.7-150000.3.60.1 * python2-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * libxml2-2-debuginfo-2.9.7-150000.3.60.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libxml2-2-32bit-2.9.7-150000.3.60.1 * libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libxml2-debugsource-2.9.7-150000.3.60.1 * python3-libxml2-python-2.9.7-150000.3.60.1 * python-libxml2-python-debugsource-2.9.7-150000.3.60.1 * python2-libxml2-python-2.9.7-150000.3.60.1 * libxml2-tools-debuginfo-2.9.7-150000.3.60.1 * libxml2-tools-2.9.7-150000.3.60.1 * libxml2-2-2.9.7-150000.3.60.1 * libxml2-devel-2.9.7-150000.3.60.1 * python2-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * libxml2-2-debuginfo-2.9.7-150000.3.60.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libxml2-2-32bit-2.9.7-150000.3.60.1 * libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libxml2-debugsource-2.9.7-150000.3.60.1 * python3-libxml2-python-2.9.7-150000.3.60.1 * python-libxml2-python-debugsource-2.9.7-150000.3.60.1 * libxml2-tools-debuginfo-2.9.7-150000.3.60.1 * libxml2-tools-2.9.7-150000.3.60.1 * libxml2-2-2.9.7-150000.3.60.1 * libxml2-devel-2.9.7-150000.3.60.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * libxml2-2-debuginfo-2.9.7-150000.3.60.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libxml2-2-32bit-2.9.7-150000.3.60.1 * libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libxml2-debugsource-2.9.7-150000.3.60.1 * python3-libxml2-python-2.9.7-150000.3.60.1 * python-libxml2-python-debugsource-2.9.7-150000.3.60.1 * libxml2-tools-debuginfo-2.9.7-150000.3.60.1 * libxml2-tools-2.9.7-150000.3.60.1 * libxml2-2-2.9.7-150000.3.60.1 * libxml2-devel-2.9.7-150000.3.60.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * libxml2-2-debuginfo-2.9.7-150000.3.60.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libxml2-2-32bit-2.9.7-150000.3.60.1 * libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libxml2-debugsource-2.9.7-150000.3.60.1 * python3-libxml2-python-2.9.7-150000.3.60.1 * python-libxml2-python-debugsource-2.9.7-150000.3.60.1 * python2-libxml2-python-2.9.7-150000.3.60.1 * libxml2-tools-debuginfo-2.9.7-150000.3.60.1 * libxml2-tools-2.9.7-150000.3.60.1 * libxml2-2-2.9.7-150000.3.60.1 * libxml2-devel-2.9.7-150000.3.60.1 * python2-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * libxml2-2-debuginfo-2.9.7-150000.3.60.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libxml2-2-32bit-2.9.7-150000.3.60.1 * libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libxml2-debugsource-2.9.7-150000.3.60.1 * python3-libxml2-python-2.9.7-150000.3.60.1 * python-libxml2-python-debugsource-2.9.7-150000.3.60.1 * python2-libxml2-python-2.9.7-150000.3.60.1 * libxml2-tools-debuginfo-2.9.7-150000.3.60.1 * libxml2-tools-2.9.7-150000.3.60.1 * libxml2-2-2.9.7-150000.3.60.1 * libxml2-devel-2.9.7-150000.3.60.1 * python2-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * libxml2-2-debuginfo-2.9.7-150000.3.60.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libxml2-2-32bit-2.9.7-150000.3.60.1 * libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libxml2-debugsource-2.9.7-150000.3.60.1 * python3-libxml2-python-2.9.7-150000.3.60.1 * python-libxml2-python-debugsource-2.9.7-150000.3.60.1 * libxml2-tools-debuginfo-2.9.7-150000.3.60.1 * libxml2-tools-2.9.7-150000.3.60.1 * libxml2-2-2.9.7-150000.3.60.1 * libxml2-devel-2.9.7-150000.3.60.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * libxml2-2-debuginfo-2.9.7-150000.3.60.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libxml2-2-32bit-2.9.7-150000.3.60.1 * libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libxml2-debugsource-2.9.7-150000.3.60.1 * python3-libxml2-python-2.9.7-150000.3.60.1 * python-libxml2-python-debugsource-2.9.7-150000.3.60.1 * python2-libxml2-python-2.9.7-150000.3.60.1 * libxml2-tools-debuginfo-2.9.7-150000.3.60.1 * libxml2-tools-2.9.7-150000.3.60.1 * libxml2-2-2.9.7-150000.3.60.1 * libxml2-devel-2.9.7-150000.3.60.1 * python2-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * libxml2-2-debuginfo-2.9.7-150000.3.60.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libxml2-2-32bit-2.9.7-150000.3.60.1 * libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libxml2-debugsource-2.9.7-150000.3.60.1 * python3-libxml2-python-2.9.7-150000.3.60.1 * python-libxml2-python-debugsource-2.9.7-150000.3.60.1 * python2-libxml2-python-2.9.7-150000.3.60.1 * libxml2-tools-debuginfo-2.9.7-150000.3.60.1 * libxml2-tools-2.9.7-150000.3.60.1 * libxml2-2-2.9.7-150000.3.60.1 * libxml2-devel-2.9.7-150000.3.60.1 * python2-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * libxml2-2-debuginfo-2.9.7-150000.3.60.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libxml2-2-32bit-2.9.7-150000.3.60.1 * libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libxml2-debugsource-2.9.7-150000.3.60.1 * python3-libxml2-python-2.9.7-150000.3.60.1 * python-libxml2-python-debugsource-2.9.7-150000.3.60.1 * libxml2-tools-debuginfo-2.9.7-150000.3.60.1 * libxml2-tools-2.9.7-150000.3.60.1 * libxml2-2-2.9.7-150000.3.60.1 * libxml2-devel-2.9.7-150000.3.60.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * libxml2-2-debuginfo-2.9.7-150000.3.60.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libxml2-2-32bit-2.9.7-150000.3.60.1 * libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1 * SUSE Manager Proxy 4.2 (x86_64) * libxml2-debugsource-2.9.7-150000.3.60.1 * python3-libxml2-python-2.9.7-150000.3.60.1 * python-libxml2-python-debugsource-2.9.7-150000.3.60.1 * libxml2-2-32bit-2.9.7-150000.3.60.1 * libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1 * libxml2-tools-debuginfo-2.9.7-150000.3.60.1 * libxml2-tools-2.9.7-150000.3.60.1 * libxml2-2-2.9.7-150000.3.60.1 * libxml2-devel-2.9.7-150000.3.60.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * libxml2-2-debuginfo-2.9.7-150000.3.60.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libxml2-debugsource-2.9.7-150000.3.60.1 * python3-libxml2-python-2.9.7-150000.3.60.1 * python-libxml2-python-debugsource-2.9.7-150000.3.60.1 * libxml2-2-32bit-2.9.7-150000.3.60.1 * libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1 * libxml2-tools-debuginfo-2.9.7-150000.3.60.1 * libxml2-tools-2.9.7-150000.3.60.1 * libxml2-2-2.9.7-150000.3.60.1 * libxml2-devel-2.9.7-150000.3.60.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * libxml2-2-debuginfo-2.9.7-150000.3.60.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libxml2-debugsource-2.9.7-150000.3.60.1 * python3-libxml2-python-2.9.7-150000.3.60.1 * python-libxml2-python-debugsource-2.9.7-150000.3.60.1 * python2-libxml2-python-2.9.7-150000.3.60.1 * libxml2-tools-debuginfo-2.9.7-150000.3.60.1 * libxml2-tools-2.9.7-150000.3.60.1 * libxml2-2-2.9.7-150000.3.60.1 * libxml2-devel-2.9.7-150000.3.60.1 * python2-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * libxml2-2-debuginfo-2.9.7-150000.3.60.1 * SUSE Manager Server 4.2 (x86_64) * libxml2-2-32bit-2.9.7-150000.3.60.1 * libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libxml2-debugsource-2.9.7-150000.3.60.1 * python3-libxml2-python-2.9.7-150000.3.60.1 * python-libxml2-python-debugsource-2.9.7-150000.3.60.1 * libxml2-tools-debuginfo-2.9.7-150000.3.60.1 * libxml2-tools-2.9.7-150000.3.60.1 * libxml2-2-2.9.7-150000.3.60.1 * libxml2-devel-2.9.7-150000.3.60.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * libxml2-2-debuginfo-2.9.7-150000.3.60.1 * SUSE Enterprise Storage 7.1 (x86_64) * libxml2-2-32bit-2.9.7-150000.3.60.1 * libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libxml2-debugsource-2.9.7-150000.3.60.1 * python3-libxml2-python-2.9.7-150000.3.60.1 * python-libxml2-python-debugsource-2.9.7-150000.3.60.1 * python2-libxml2-python-2.9.7-150000.3.60.1 * libxml2-tools-debuginfo-2.9.7-150000.3.60.1 * libxml2-tools-2.9.7-150000.3.60.1 * libxml2-2-2.9.7-150000.3.60.1 * libxml2-devel-2.9.7-150000.3.60.1 * python2-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * libxml2-2-debuginfo-2.9.7-150000.3.60.1 * SUSE Enterprise Storage 7 (x86_64) * libxml2-2-32bit-2.9.7-150000.3.60.1 * libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1 * SUSE CaaS Platform 4.0 (x86_64) * libxml2-debugsource-2.9.7-150000.3.60.1 * python3-libxml2-python-2.9.7-150000.3.60.1 * libxml2-2-32bit-2.9.7-150000.3.60.1 * python-libxml2-python-debugsource-2.9.7-150000.3.60.1 * python2-libxml2-python-2.9.7-150000.3.60.1 * libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1 * libxml2-tools-debuginfo-2.9.7-150000.3.60.1 * libxml2-tools-2.9.7-150000.3.60.1 * libxml2-2-2.9.7-150000.3.60.1 * libxml2-devel-2.9.7-150000.3.60.1 * python2-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1 * libxml2-2-debuginfo-2.9.7-150000.3.60.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libxml2-debugsource-2.9.7-150000.3.60.1 * libxml2-tools-debuginfo-2.9.7-150000.3.60.1 * libxml2-tools-2.9.7-150000.3.60.1 * libxml2-2-2.9.7-150000.3.60.1 * libxml2-2-debuginfo-2.9.7-150000.3.60.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39615.html * https://bugzilla.suse.com/show_bug.cgi?id=1214768 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 12:30:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 12:30:58 -0000 Subject: SUSE-RU-2023:3697-1: moderate: Recommended update for net-snmp Message-ID: <169521305844.2038.8885638672335060201@smelt2.prg2.suse.org> # Recommended update for net-snmp Announcement ID: SUSE-RU-2023:3697-1 Rating: moderate References: * #1196955 * #1213387 * PED-6443 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that contains one feature and has two fixes can now be installed. ## Description: This update for net-snmp fixes the following issues: * Decouple snmp-mibs from net-snmp version to allow major version upgrade (bsc#1196955, jira#PED-6443). * Changed logrotate postrotate scripts to use systemd commands (bsc#1213387). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3697=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3697=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3697=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3697=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * net-snmp-debuginfo-5.7.3-11.9.1 * net-snmp-devel-5.7.3-11.9.1 * net-snmp-debugsource-5.7.3-11.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * net-snmp-5.7.3-11.9.1 * perl-SNMP-debuginfo-5.7.3-11.9.1 * libsnmp30-debuginfo-5.7.3-11.9.1 * net-snmp-debuginfo-5.7.3-11.9.1 * net-snmp-debugsource-5.7.3-11.9.1 * perl-SNMP-5.7.3-11.9.1 * snmp-mibs-5.7.3-11.9.1 * libsnmp30-5.7.3-11.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libsnmp30-debuginfo-32bit-5.7.3-11.9.1 * libsnmp30-32bit-5.7.3-11.9.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * net-snmp-5.7.3-11.9.1 * perl-SNMP-debuginfo-5.7.3-11.9.1 * libsnmp30-debuginfo-5.7.3-11.9.1 * net-snmp-debuginfo-5.7.3-11.9.1 * net-snmp-debugsource-5.7.3-11.9.1 * perl-SNMP-5.7.3-11.9.1 * snmp-mibs-5.7.3-11.9.1 * libsnmp30-5.7.3-11.9.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libsnmp30-debuginfo-32bit-5.7.3-11.9.1 * libsnmp30-32bit-5.7.3-11.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * net-snmp-5.7.3-11.9.1 * perl-SNMP-debuginfo-5.7.3-11.9.1 * libsnmp30-debuginfo-5.7.3-11.9.1 * net-snmp-debuginfo-5.7.3-11.9.1 * net-snmp-debugsource-5.7.3-11.9.1 * perl-SNMP-5.7.3-11.9.1 * snmp-mibs-5.7.3-11.9.1 * libsnmp30-5.7.3-11.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libsnmp30-debuginfo-32bit-5.7.3-11.9.1 * libsnmp30-32bit-5.7.3-11.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1196955 * https://bugzilla.suse.com/show_bug.cgi?id=1213387 * https://jira.suse.com/browse/PED-6443 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 12:31:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 12:31:01 -0000 Subject: SUSE-FU-2023:3696-1: important: Feature update for LibreOffice Message-ID: <169521306179.2038.15380502971798157430@smelt2.prg2.suse.org> # Feature update for LibreOffice Announcement ID: SUSE-FU-2023:3696-1 Rating: important References: * #1198666 * #1200085 * #1204040 * #1209242 * #1210687 * #1211746 * PED-1785 * PED-3550 * PED-3561 Cross-References: * CVE-2023-0950 * CVE-2023-2255 CVSS scores: * CVE-2023-0950 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H * CVE-2023-0950 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-2255 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2023-2255 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves two vulnerabilities, contains three features and has four fixes can now be installed. ## Description: This update for LibreOffice fixes the following issues: libreoffice: * Version update from 7.3.6.2 to 7.5.4.1 (jsc#PED-3561, jsc#PED-3550, jsc#PED-1785): * For the highlights of changes of version 7.5 please consult the official release notes: https://wiki.documentfoundation.org/ReleaseNotes/7.5 * For the highlights of changes of version 7.4 please consult the official release notes: https://wiki.documentfoundation.org/ReleaseNotes/7.4 * Security issues fixed: * CVE-2023-0950: Fixed stack underflow in ScInterpreter (bsc#1209242) * CVE-2023-2255: Fixed vulnerability where remote documents could be loaded without prompt via IFrame (bsc#1211746) * Bug fixes: * Fix PPTX shadow effect for table offset (bsc#1204040) * Fix ability to set the default tab size for each text object (bsc#1198666) * Fix PPTX extra vertical space between different text formats (bsc#1200085) * Do not use binutils-gold as the package is unmaintainedd and will be removed in the future (bsc#1210687) * Updated bundled dependencies: * boost version update from 1_77_0 to 1_80_0 * curl version update from 7.83.1 to 8.0.1 * icu4c-data version update from 70_1 to 72_1 * icu4c version update from 70_1 to 72_1 * pdfium version update from 4699 to 5408 * poppler version update from 21.11.0 to 22.12.0 * poppler-data version update from 0.4.10 to 0.4.11 * skia version from m97-a7230803d64ae9d44f4e128244480111a3ae967 to m103-b301ff025004c9cd82816c86c547588e6c24b466 * New build dependencies: * fixmath-devel * libwebp-devel * zlib-devel * dragonbox-devel * at-spi2-core-devel * libtiff-devel dragonbox: * New package at version 1.1.3 (jsc#PED-1785) * New dependency for LibreOffice 7.4 fixmath: * New package at version 2022.07.20 (jsc#PED-1785) * New dependency for LibreOffice 7.4 libmwaw: * Version update from 0.3.20 to 0.3.21 (jsc#PED-1785): * Add debug code to read some private rsrc data * Allow to read some MacWrite which does not have printer informations * Add a parser for Scoop files * Add a parser for ScriptWriter files * Add a parser for ReadySetGo 1-4 files xmlsec1: * Version update from 1.2.28 to 1.2.37 required by LibreOffice 7.5.2.2 (jsc#PED-3561, jsc#PED-3550): * Retired the XMLSec mailing list "xmlsec at aleksey.com" and the XMLSec Online Signature Verifier. * Migration to OpenSSL 3.0 API Note that OpenSSL engines are disabled by default when XMLSec library is compiled against OpenSSL 3.0. To re-enable OpenSSL engines, use `--enable-openssl3-engines` configure flag (there will be a lot of deprecation warnings). * The OpenSSL before 1.1.0 and LibreSSL before 2.7.0 are now deprecated and will be removed in the future versions of XMLSec Library. * Refactored all the integer casts to ensure cast-safety. Fixed all warnings and enabled `-Werror` and `-pedantic` flags on CI builds. * Added configure flag to use size_t for xmlSecSize (currently disabled by default for backward compatibility). * Support for OpenSSL compiled with OPENSSL_NO_ERR. * Full support for LibreSSL 3.5.0 and above * Several other small fixes * Fix decrypting session key for two recipients * Added `--privkey-openssl-engine` option to enhance openssl engine support * Remove MD5 for NSS 3.59 and above * Fix PKCS12_parse return code handling * Fix OpenSSL lookup * xmlSecX509DataGetNodeContent(): don't return 0 for non-empty elements - fix for LibreOffice * Unload error strings in OpenSSL shutdown. * Make userData available when executing preExecCallback function * Add an option to use secure memset. * Enabled XML_PARSE_HUGE for all xml parsers. * Various build and tests fixes and improvements. * Move remaining private header files away from xmlsec/include/`` folder * Other packaging changes: * Relax the crypto policies for the test-suite. It allows the tests using certificates with small key lengths to pass. * Pass `--disable-md5` to configure: The cryptographic strength of the MD5 algorithm is sufficiently doubtful that its use is discouraged at this time. It is not listed as an algorithm in [XMLDSIG-CORE1] https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-3696=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-3696=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-3696=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3696=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-3696=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-3696=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-3696=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3696=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3696=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3696=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-3696=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libatk-1_0-0-debuginfo-2.28.1-6.5.23 * libxmlsec1-1-1.2.37-8.6.21 * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21 * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21 * libatk-1_0-0-2.28.1-6.5.23 * libxmlsec1-gcrypt1-1.2.37-8.6.21 * libxmlsec1-nss1-1.2.37-8.6.21 * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21 * libatk-1_0-0-32bit-2.28.1-6.5.23 * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21 * libxmlsec1-openssl1-1.2.37-8.6.21 * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23 * libxmlsec1-gnutls1-1.2.37-8.6.21 * libxmlsec1-1-debuginfo-1.2.37-8.6.21 * typelib-1_0-Atk-1_0-2.28.1-6.5.23 * atk-debugsource-2.28.1-6.5.23 * xmlsec1-1.2.37-8.6.21 * xmlsec1-debugsource-1.2.37-8.6.21 * xmlsec1-debuginfo-1.2.37-8.6.21 * SUSE OpenStack Cloud 9 (noarch) * atk-lang-2.28.1-6.5.23 * atk-doc-2.28.1-6.5.23 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libatk-1_0-0-debuginfo-2.28.1-6.5.23 * libxmlsec1-1-1.2.37-8.6.21 * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21 * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21 * libatk-1_0-0-2.28.1-6.5.23 * libxmlsec1-gcrypt1-1.2.37-8.6.21 * libxmlsec1-nss1-1.2.37-8.6.21 * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21 * libatk-1_0-0-32bit-2.28.1-6.5.23 * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21 * libxmlsec1-openssl1-1.2.37-8.6.21 * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23 * libxmlsec1-gnutls1-1.2.37-8.6.21 * libxmlsec1-1-debuginfo-1.2.37-8.6.21 * typelib-1_0-Atk-1_0-2.28.1-6.5.23 * atk-debugsource-2.28.1-6.5.23 * xmlsec1-1.2.37-8.6.21 * xmlsec1-debugsource-1.2.37-8.6.21 * xmlsec1-debuginfo-1.2.37-8.6.21 * SUSE OpenStack Cloud Crowbar 9 (noarch) * atk-lang-2.28.1-6.5.23 * atk-doc-2.28.1-6.5.23 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * libatk-1_0-0-debuginfo-2.28.1-6.5.23 * libxmlsec1-1-1.2.37-8.6.21 * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21 * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21 * libatk-1_0-0-2.28.1-6.5.23 * libxmlsec1-gcrypt1-1.2.37-8.6.21 * libxmlsec1-nss1-1.2.37-8.6.21 * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21 * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21 * libxmlsec1-openssl1-1.2.37-8.6.21 * libxmlsec1-gnutls1-1.2.37-8.6.21 * libxmlsec1-1-debuginfo-1.2.37-8.6.21 * typelib-1_0-Atk-1_0-2.28.1-6.5.23 * atk-debugsource-2.28.1-6.5.23 * xmlsec1-1.2.37-8.6.21 * xmlsec1-debugsource-1.2.37-8.6.21 * xmlsec1-debuginfo-1.2.37-8.6.21 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * atk-lang-2.28.1-6.5.23 * atk-doc-2.28.1-6.5.23 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23 * libatk-1_0-0-32bit-2.28.1-6.5.23 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * xmlsec1-gcrypt-devel-1.2.37-8.6.21 * xmlsec1-nss-devel-1.2.37-8.6.21 * atk-devel-2.28.1-6.5.23 * xmlsec1-openssl-devel-1.2.37-8.6.21 * libmwaw-0_3-3-0.3.21-7.24.14 * xmlsec1-1.2.37-8.6.21 * atk-debugsource-2.28.1-6.5.23 * libmwaw-devel-0.3.21-7.24.14 * libmwaw-debugsource-0.3.21-7.24.14 * xmlsec1-debuginfo-1.2.37-8.6.21 * xmlsec1-debugsource-1.2.37-8.6.21 * xmlsec1-gnutls-devel-1.2.37-8.6.21 * xmlsec1-devel-1.2.37-8.6.21 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * libmwaw-devel-doc-0.3.21-7.24.14 * SUSE Linux Enterprise Software Development Kit 12 SP5 (x86_64) * libreoffice-debuginfo-7.5.4.1-48.44.2 * libreoffice-sdk-debuginfo-7.5.4.1-48.44.2 * libreoffice-debugsource-7.5.4.1-48.44.2 * libreoffice-sdk-7.5.4.1-48.44.2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libatk-1_0-0-debuginfo-2.28.1-6.5.23 * libatk-1_0-0-2.28.1-6.5.23 * libatk-1_0-0-32bit-2.28.1-6.5.23 * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23 * typelib-1_0-Atk-1_0-2.28.1-6.5.23 * atk-debugsource-2.28.1-6.5.23 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * atk-lang-2.28.1-6.5.23 * atk-doc-2.28.1-6.5.23 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * libatk-1_0-0-debuginfo-2.28.1-6.5.23 * libxmlsec1-1-1.2.37-8.6.21 * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21 * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21 * libatk-1_0-0-2.28.1-6.5.23 * libxmlsec1-gcrypt1-1.2.37-8.6.21 * libxmlsec1-nss1-1.2.37-8.6.21 * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21 * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21 * libxmlsec1-openssl1-1.2.37-8.6.21 * libxmlsec1-gnutls1-1.2.37-8.6.21 * libxmlsec1-1-debuginfo-1.2.37-8.6.21 * typelib-1_0-Atk-1_0-2.28.1-6.5.23 * atk-debugsource-2.28.1-6.5.23 * xmlsec1-1.2.37-8.6.21 * xmlsec1-debugsource-1.2.37-8.6.21 * xmlsec1-debuginfo-1.2.37-8.6.21 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * atk-lang-2.28.1-6.5.23 * atk-doc-2.28.1-6.5.23 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23 * libatk-1_0-0-32bit-2.28.1-6.5.23 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * libatk-1_0-0-debuginfo-2.28.1-6.5.23 * libxmlsec1-1-1.2.37-8.6.21 * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21 * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21 * libatk-1_0-0-2.28.1-6.5.23 * libxmlsec1-gcrypt1-1.2.37-8.6.21 * libxmlsec1-nss1-1.2.37-8.6.21 * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21 * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21 * libxmlsec1-openssl1-1.2.37-8.6.21 * libxmlsec1-gnutls1-1.2.37-8.6.21 * libxmlsec1-1-debuginfo-1.2.37-8.6.21 * typelib-1_0-Atk-1_0-2.28.1-6.5.23 * atk-debugsource-2.28.1-6.5.23 * xmlsec1-1.2.37-8.6.21 * xmlsec1-debugsource-1.2.37-8.6.21 * xmlsec1-debuginfo-1.2.37-8.6.21 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * atk-lang-2.28.1-6.5.23 * atk-doc-2.28.1-6.5.23 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23 * libatk-1_0-0-32bit-2.28.1-6.5.23 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libatk-1_0-0-debuginfo-2.28.1-6.5.23 * libxmlsec1-1-1.2.37-8.6.21 * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21 * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21 * libatk-1_0-0-2.28.1-6.5.23 * libxmlsec1-gcrypt1-1.2.37-8.6.21 * libxmlsec1-nss1-1.2.37-8.6.21 * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21 * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21 * libxmlsec1-openssl1-1.2.37-8.6.21 * libxmlsec1-gnutls1-1.2.37-8.6.21 * libxmlsec1-1-debuginfo-1.2.37-8.6.21 * typelib-1_0-Atk-1_0-2.28.1-6.5.23 * atk-debugsource-2.28.1-6.5.23 * xmlsec1-1.2.37-8.6.21 * xmlsec1-debugsource-1.2.37-8.6.21 * xmlsec1-debuginfo-1.2.37-8.6.21 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * atk-lang-2.28.1-6.5.23 * atk-doc-2.28.1-6.5.23 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23 * libatk-1_0-0-32bit-2.28.1-6.5.23 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libatk-1_0-0-debuginfo-2.28.1-6.5.23 * libxmlsec1-1-1.2.37-8.6.21 * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21 * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21 * libatk-1_0-0-2.28.1-6.5.23 * libxmlsec1-gcrypt1-1.2.37-8.6.21 * libxmlsec1-nss1-1.2.37-8.6.21 * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21 * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21 * libxmlsec1-openssl1-1.2.37-8.6.21 * libxmlsec1-gnutls1-1.2.37-8.6.21 * libxmlsec1-1-debuginfo-1.2.37-8.6.21 * typelib-1_0-Atk-1_0-2.28.1-6.5.23 * atk-debugsource-2.28.1-6.5.23 * xmlsec1-1.2.37-8.6.21 * xmlsec1-debugsource-1.2.37-8.6.21 * xmlsec1-debuginfo-1.2.37-8.6.21 * SUSE Linux Enterprise Server 12 SP5 (noarch) * atk-lang-2.28.1-6.5.23 * atk-doc-2.28.1-6.5.23 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23 * libatk-1_0-0-32bit-2.28.1-6.5.23 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libatk-1_0-0-debuginfo-2.28.1-6.5.23 * libxmlsec1-1-1.2.37-8.6.21 * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21 * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21 * libatk-1_0-0-2.28.1-6.5.23 * libxmlsec1-gcrypt1-1.2.37-8.6.21 * libxmlsec1-nss1-1.2.37-8.6.21 * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21 * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21 * libxmlsec1-openssl1-1.2.37-8.6.21 * libxmlsec1-gnutls1-1.2.37-8.6.21 * libxmlsec1-1-debuginfo-1.2.37-8.6.21 * typelib-1_0-Atk-1_0-2.28.1-6.5.23 * atk-debugsource-2.28.1-6.5.23 * xmlsec1-1.2.37-8.6.21 * xmlsec1-debugsource-1.2.37-8.6.21 * xmlsec1-debuginfo-1.2.37-8.6.21 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * atk-lang-2.28.1-6.5.23 * atk-doc-2.28.1-6.5.23 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23 * libatk-1_0-0-32bit-2.28.1-6.5.23 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libreoffice-calc-extensions-7.5.4.1-48.44.2 * libreoffice-draw-debuginfo-7.5.4.1-48.44.2 * libreoffice-7.5.4.1-48.44.2 * libreoffice-debugsource-7.5.4.1-48.44.2 * libreoffice-base-drivers-postgresql-7.5.4.1-48.44.2 * libreoffice-writer-extensions-7.5.4.1-48.44.2 * libmwaw-debugsource-0.3.21-7.24.14 * libreoffice-gnome-7.5.4.1-48.44.2 * libreoffice-draw-7.5.4.1-48.44.2 * libreoffice-math-7.5.4.1-48.44.2 * libreoffice-writer-debuginfo-7.5.4.1-48.44.2 * libreoffice-impress-debuginfo-7.5.4.1-48.44.2 * libmwaw-0_3-3-0.3.21-7.24.14 * libreoffice-math-debuginfo-7.5.4.1-48.44.2 * libreoffice-officebean-debuginfo-7.5.4.1-48.44.2 * libreoffice-gnome-debuginfo-7.5.4.1-48.44.2 * libreoffice-base-7.5.4.1-48.44.2 * libreoffice-gtk3-7.5.4.1-48.44.2 * libreoffice-filters-optional-7.5.4.1-48.44.2 * libmwaw-0_3-3-debuginfo-0.3.21-7.24.14 * libreoffice-calc-7.5.4.1-48.44.2 * libreoffice-officebean-7.5.4.1-48.44.2 * libreoffice-pyuno-debuginfo-7.5.4.1-48.44.2 * libreoffice-writer-7.5.4.1-48.44.2 * libreoffice-calc-debuginfo-7.5.4.1-48.44.2 * libreoffice-gtk3-debuginfo-7.5.4.1-48.44.2 * dragonbox-devel-1.1.3-8.3.48 * libreoffice-pyuno-7.5.4.1-48.44.2 * libreoffice-mailmerge-7.5.4.1-48.44.2 * fixmath-devel-2022.07.20-8.3.48 * libreoffice-debuginfo-7.5.4.1-48.44.2 * libreoffice-impress-7.5.4.1-48.44.2 * libreoffice-base-drivers-postgresql-debuginfo-7.5.4.1-48.44.2 * libreoffice-librelogo-7.5.4.1-48.44.2 * libreoffice-base-debuginfo-7.5.4.1-48.44.2 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch) * libreoffice-l10n-nb-7.5.4.1-48.44.2 * libreoffice-l10n-ja-7.5.4.1-48.44.2 * libreoffice-l10n-hr-7.5.4.1-48.44.2 * libreoffice-l10n-pl-7.5.4.1-48.44.2 * libreoffice-l10n-hu-7.5.4.1-48.44.2 * libreoffice-l10n-pt_PT-7.5.4.1-48.44.2 * libreoffice-l10n-it-7.5.4.1-48.44.2 * libreoffice-icon-themes-7.5.4.1-48.44.2 * libreoffice-l10n-zu-7.5.4.1-48.44.2 * libreoffice-l10n-ro-7.5.4.1-48.44.2 * libreoffice-l10n-zh_CN-7.5.4.1-48.44.2 * libreoffice-l10n-fr-7.5.4.1-48.44.2 * libreoffice-l10n-zh_TW-7.5.4.1-48.44.2 * libreoffice-l10n-de-7.5.4.1-48.44.2 * libreoffice-l10n-uk-7.5.4.1-48.44.2 * libreoffice-branding-upstream-7.5.4.1-48.44.2 * libreoffice-l10n-xh-7.5.4.1-48.44.2 * libreoffice-l10n-nl-7.5.4.1-48.44.2 * libreoffice-l10n-es-7.5.4.1-48.44.2 * libreoffice-l10n-ca-7.5.4.1-48.44.2 * libreoffice-l10n-gu-7.5.4.1-48.44.2 * libreoffice-l10n-hi-7.5.4.1-48.44.2 * libreoffice-l10n-lt-7.5.4.1-48.44.2 * libreoffice-l10n-sk-7.5.4.1-48.44.2 * libreoffice-l10n-ko-7.5.4.1-48.44.2 * libreoffice-l10n-cs-7.5.4.1-48.44.2 * libreoffice-l10n-bg-7.5.4.1-48.44.2 * libreoffice-l10n-da-7.5.4.1-48.44.2 * libreoffice-l10n-ru-7.5.4.1-48.44.2 * libreoffice-l10n-nn-7.5.4.1-48.44.2 * libreoffice-l10n-fi-7.5.4.1-48.44.2 * libreoffice-l10n-pt_BR-7.5.4.1-48.44.2 * libreoffice-l10n-ar-7.5.4.1-48.44.2 * libreoffice-l10n-af-7.5.4.1-48.44.2 * libreoffice-l10n-sv-7.5.4.1-48.44.2 * libreoffice-l10n-en-7.5.4.1-48.44.2 ## References: * https://www.suse.com/security/cve/CVE-2023-0950.html * https://www.suse.com/security/cve/CVE-2023-2255.html * https://bugzilla.suse.com/show_bug.cgi?id=1198666 * https://bugzilla.suse.com/show_bug.cgi?id=1200085 * https://bugzilla.suse.com/show_bug.cgi?id=1204040 * https://bugzilla.suse.com/show_bug.cgi?id=1209242 * https://bugzilla.suse.com/show_bug.cgi?id=1210687 * https://bugzilla.suse.com/show_bug.cgi?id=1211746 * https://jira.suse.com/browse/PED-1785 * https://jira.suse.com/browse/PED-3550 * https://jira.suse.com/browse/PED-3561 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 14:50:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 16:50:47 +0200 (CEST) Subject: SUSE-CU-2023:3048-1: Security update of suse/nginx Message-ID: <20230920145047.B5D17FD98@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3048-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-3.29 , suse/nginx:latest Container Release : 3.29 Severity : critical Type : security References : 1214052 1214768 1215231 CVE-2023-39615 CVE-2023-4039 CVE-2023-4863 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3634-1 Released: Mon Sep 18 12:52:38 2023 Summary: Security update for libwebp Type: security Severity: critical References: 1215231,CVE-2023-4863 This update for libwebp fixes the following issues: - CVE-2023-4863: Fixed heap buffer overflow (bsc#1215231). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - libwebp7-1.0.3-150200.3.10.1 updated - container:sles15-image-15.0.0-36.5.34 updated From sle-updates at lists.suse.com Wed Sep 20 14:51:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 16:51:04 +0200 (CEST) Subject: SUSE-CU-2023:3049-1: Security update of bci/openjdk-devel Message-ID: <20230920145104.9A15CFD98@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3049-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-8.103 Container Release : 8.103 Severity : important Type : security References : 1214052 1214768 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3641-1 Released: Mon Sep 18 15:02:47 2023 Summary: Recommended update for java-11-openjdk Type: recommended Severity: important References: This update for java-11-openjdk fixes the following issues: - Fix a regression where the validation would reject valid zip64 (zip with 64-bit offset extensions) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - java-11-openjdk-headless-11.0.20.1-150000.3.102.1 updated - java-11-openjdk-11.0.20.1-150000.3.102.1 updated - java-11-openjdk-devel-11.0.20.1-150000.3.102.1 updated - container:bci-openjdk-11-15.5.11-9.50 updated From sle-updates at lists.suse.com Wed Sep 20 14:51:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 16:51:19 +0200 (CEST) Subject: SUSE-CU-2023:3050-1: Security update of bci/openjdk-devel Message-ID: <20230920145119.E6FC7FD98@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3050-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-10.102 , bci/openjdk-devel:latest Container Release : 10.102 Severity : important Type : security References : 1214052 1214768 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3649-1 Released: Mon Sep 18 15:45:04 2023 Summary: Recommended update for java-17-openjdk Type: recommended Severity: important References: This update for java-17-openjdk fixes the following issues: - Fix a regression where the validation would reject valid zip64 (zip with 64-bit offset extensions) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - java-17-openjdk-headless-17.0.8.1-150400.3.30.1 updated - java-17-openjdk-17.0.8.1-150400.3.30.1 updated - java-17-openjdk-devel-17.0.8.1-150400.3.30.1 updated - container:bci-openjdk-17-15.5.17-10.50 updated From sle-updates at lists.suse.com Wed Sep 20 14:51:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 16:51:34 +0200 (CEST) Subject: SUSE-CU-2023:3051-1: Security update of bci/openjdk Message-ID: <20230920145134.3D40BFD98@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3051-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-10.50 , bci/openjdk:latest Container Release : 10.50 Severity : important Type : security References : 1214052 1214768 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3649-1 Released: Mon Sep 18 15:45:04 2023 Summary: Recommended update for java-17-openjdk Type: recommended Severity: important References: This update for java-17-openjdk fixes the following issues: - Fix a regression where the validation would reject valid zip64 (zip with 64-bit offset extensions) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - java-17-openjdk-headless-17.0.8.1-150400.3.30.1 updated - java-17-openjdk-17.0.8.1-150400.3.30.1 updated - container:sles15-image-15.0.0-36.5.34 updated From sle-updates at lists.suse.com Wed Sep 20 14:51:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 16:51:48 +0200 (CEST) Subject: SUSE-CU-2023:3052-1: Security update of suse/pcp Message-ID: <20230920145148.6C947FD98@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3052-1 Container Tags : suse/pcp:5 , suse/pcp:5-13.55 , suse/pcp:5.2 , suse/pcp:5.2-13.55 , suse/pcp:5.2.5 , suse/pcp:5.2.5-13.55 , suse/pcp:latest Container Release : 13.55 Severity : important Type : security References : 1195517 1196861 1204505 1205145 1214052 1214052 1214768 CVE-2023-39615 CVE-2023-4039 CVE-2023-4039 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3686-1 Released: Tue Sep 19 17:23:03 2023 Summary: Security update for gcc7 Type: security Severity: important References: 1195517,1196861,1204505,1205145,1214052,CVE-2023-4039 This update for gcc7 fixes the following issues: Security issue fixed: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). Other fixes: - Fixed KASAN kernel compile. [bsc#1205145] - Fixed ICE with C++17 code as reported in [bsc#1204505] - Fixed altivec.h redefining bool in C++ which makes bool unusable (bsc#1195517): - Adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - cpp7-7.5.0+r278197-150000.4.35.1 updated - container:bci-bci-init-15.5-15.5-8.62 updated From sle-updates at lists.suse.com Wed Sep 20 14:52:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 16:52:00 +0200 (CEST) Subject: SUSE-CU-2023:3053-1: Security update of bci/php-apache Message-ID: <20230920145200.6ED02FD98@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3053-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-6.47 Container Release : 6.47 Severity : important Type : security References : 1214052 1214768 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - container:sles15-image-15.0.0-36.5.34 updated From sle-updates at lists.suse.com Wed Sep 20 14:52:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 16:52:12 +0200 (CEST) Subject: SUSE-CU-2023:3054-1: Security update of bci/php-fpm Message-ID: <20230920145212.4793AFD98@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3054-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-6.46 Container Release : 6.46 Severity : important Type : security References : 1214052 1214768 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - container:sles15-image-15.0.0-36.5.34 updated From sle-updates at lists.suse.com Wed Sep 20 14:52:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 16:52:24 +0200 (CEST) Subject: SUSE-CU-2023:3055-1: Security update of bci/php Message-ID: <20230920145224.D1B44FD98@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3055-1 Container Tags : bci/php:8 , bci/php:8-6.46 Container Release : 6.46 Severity : important Type : security References : 1214052 1214768 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - container:sles15-image-15.0.0-36.5.34 updated From sle-updates at lists.suse.com Wed Sep 20 14:52:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 16:52:35 +0200 (CEST) Subject: SUSE-CU-2023:3056-1: Security update of suse/postgres Message-ID: <20230920145235.B5EB0FD98@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3056-1 Container Tags : suse/postgres:15 , suse/postgres:15-9.49 , suse/postgres:15.4 , suse/postgres:15.4-9.49 , suse/postgres:latest Container Release : 9.49 Severity : important Type : security References : 1214052 1214768 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - container:sles15-image-15.0.0-36.5.34 updated From sle-updates at lists.suse.com Wed Sep 20 14:52:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 16:52:50 +0200 (CEST) Subject: SUSE-CU-2023:3057-1: Security update of bci/python Message-ID: <20230920145250.31A8CFD98@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3057-1 Container Tags : bci/python:3 , bci/python:3-8.54 , bci/python:3.11 , bci/python:3.11-8.54 , bci/python:latest Container Release : 8.54 Severity : important Type : security References : 1214052 1214768 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - container:sles15-image-15.0.0-36.5.34 updated From sle-updates at lists.suse.com Wed Sep 20 14:53:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 16:53:16 +0200 (CEST) Subject: SUSE-CU-2023:3059-1: Security update of bci/ruby Message-ID: <20230920145316.B6263FD98@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3059-1 Container Tags : bci/ruby:2 , bci/ruby:2-10.44 , bci/ruby:2.5 , bci/ruby:2.5-10.44 , bci/ruby:latest Container Release : 10.44 Severity : important Type : security References : 1195517 1196861 1204505 1205145 1214052 CVE-2023-4039 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3686-1 Released: Tue Sep 19 17:23:03 2023 Summary: Security update for gcc7 Type: security Severity: important References: 1195517,1196861,1204505,1205145,1214052,CVE-2023-4039 This update for gcc7 fixes the following issues: Security issue fixed: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). Other fixes: - Fixed KASAN kernel compile. [bsc#1205145] - Fixed ICE with C++17 code as reported in [bsc#1204505] - Fixed altivec.h redefining bool in C++ which makes bool unusable (bsc#1195517): - Adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] The following package changes have been done: - libasan4-7.5.0+r278197-150000.4.35.1 updated - libcilkrts5-7.5.0+r278197-150000.4.35.1 updated - libubsan0-7.5.0+r278197-150000.4.35.1 updated - cpp7-7.5.0+r278197-150000.4.35.1 updated - libstdc++6-devel-gcc7-7.5.0+r278197-150000.4.35.1 updated - gcc7-7.5.0+r278197-150000.4.35.1 updated - gcc7-c++-7.5.0+r278197-150000.4.35.1 updated - container:sles15-image-15.0.0-36.5.34 updated From sle-updates at lists.suse.com Wed Sep 20 14:53:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 16:53:30 +0200 (CEST) Subject: SUSE-CU-2023:3060-1: Security update of bci/rust Message-ID: <20230920145330.98E31FD98@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3060-1 Container Tags : bci/rust:1.71 , bci/rust:1.71-1.2.5 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.5 Container Release : 2.5 Severity : important Type : security References : 1214052 1214768 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - libatomic1-12.3.0+git1204-150000.1.16.1 updated - libgomp1-12.3.0+git1204-150000.1.16.1 updated - libitm1-12.3.0+git1204-150000.1.16.1 updated - liblsan0-12.3.0+git1204-150000.1.16.1 updated - libubsan1-12.3.0+git1204-150000.1.16.1 updated - container:sles15-image-15.0.0-36.5.34 updated From sle-updates at lists.suse.com Wed Sep 20 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 16:30:02 -0000 Subject: SUSE-SU-2023:3708-1: important: Security update for python39 Message-ID: <169522740271.8343.18293815055592642081@smelt2.prg2.suse.org> # Security update for python39 Announcement ID: SUSE-SU-2023:3708-1 Rating: important References: * #1211765 * #1213463 * #1214692 Cross-References: * CVE-2023-40217 CVSS scores: * CVE-2023-40217 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-40217 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for python39 fixes the following issues: * Update to 3.9.18: * CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). The following non-security bugs were fixed: * making marshalling of `set` and `frozenset` deterministic (bsc#1211765). * stabilizing FLAG_REF usage (required for reproduceability (bsc#1213463). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3708=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3708=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3708=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3708=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3708=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3708=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3708=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3708=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3708=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3708=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python39-3.9.18-150300.4.33.1 * python39-dbm-debuginfo-3.9.18-150300.4.33.1 * python39-tools-3.9.18-150300.4.33.1 * python39-curses-debuginfo-3.9.18-150300.4.33.1 * python39-idle-3.9.18-150300.4.33.1 * python39-doc-devhelp-3.9.18-150300.4.33.1 * python39-core-debugsource-3.9.18-150300.4.33.1 * libpython3_9-1_0-debuginfo-3.9.18-150300.4.33.1 * python39-testsuite-debuginfo-3.9.18-150300.4.33.1 * python39-devel-3.9.18-150300.4.33.1 * python39-doc-3.9.18-150300.4.33.1 * python39-debuginfo-3.9.18-150300.4.33.1 * python39-debugsource-3.9.18-150300.4.33.1 * python39-base-debuginfo-3.9.18-150300.4.33.1 * python39-dbm-3.9.18-150300.4.33.1 * python39-testsuite-3.9.18-150300.4.33.1 * libpython3_9-1_0-3.9.18-150300.4.33.1 * python39-curses-3.9.18-150300.4.33.1 * python39-tk-3.9.18-150300.4.33.1 * python39-tk-debuginfo-3.9.18-150300.4.33.1 * python39-base-3.9.18-150300.4.33.1 * openSUSE Leap 15.4 (x86_64) * python39-base-32bit-3.9.18-150300.4.33.1 * libpython3_9-1_0-32bit-3.9.18-150300.4.33.1 * python39-base-32bit-debuginfo-3.9.18-150300.4.33.1 * libpython3_9-1_0-32bit-debuginfo-3.9.18-150300.4.33.1 * python39-32bit-debuginfo-3.9.18-150300.4.33.1 * python39-32bit-3.9.18-150300.4.33.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python39-3.9.18-150300.4.33.1 * python39-dbm-debuginfo-3.9.18-150300.4.33.1 * python39-tools-3.9.18-150300.4.33.1 * python39-curses-debuginfo-3.9.18-150300.4.33.1 * python39-idle-3.9.18-150300.4.33.1 * python39-doc-devhelp-3.9.18-150300.4.33.1 * python39-core-debugsource-3.9.18-150300.4.33.1 * libpython3_9-1_0-debuginfo-3.9.18-150300.4.33.1 * python39-testsuite-debuginfo-3.9.18-150300.4.33.1 * python39-devel-3.9.18-150300.4.33.1 * python39-doc-3.9.18-150300.4.33.1 * python39-debuginfo-3.9.18-150300.4.33.1 * python39-debugsource-3.9.18-150300.4.33.1 * python39-base-debuginfo-3.9.18-150300.4.33.1 * python39-dbm-3.9.18-150300.4.33.1 * python39-testsuite-3.9.18-150300.4.33.1 * libpython3_9-1_0-3.9.18-150300.4.33.1 * python39-curses-3.9.18-150300.4.33.1 * python39-tk-3.9.18-150300.4.33.1 * python39-tk-debuginfo-3.9.18-150300.4.33.1 * python39-base-3.9.18-150300.4.33.1 * openSUSE Leap 15.5 (x86_64) * python39-base-32bit-3.9.18-150300.4.33.1 * libpython3_9-1_0-32bit-3.9.18-150300.4.33.1 * python39-base-32bit-debuginfo-3.9.18-150300.4.33.1 * libpython3_9-1_0-32bit-debuginfo-3.9.18-150300.4.33.1 * python39-32bit-debuginfo-3.9.18-150300.4.33.1 * python39-32bit-3.9.18-150300.4.33.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * python39-tk-3.9.18-150300.4.33.1 * libpython3_9-1_0-3.9.18-150300.4.33.1 * python39-curses-3.9.18-150300.4.33.1 * python39-devel-3.9.18-150300.4.33.1 * python39-core-debugsource-3.9.18-150300.4.33.1 * python39-tools-3.9.18-150300.4.33.1 * python39-debuginfo-3.9.18-150300.4.33.1 * python39-3.9.18-150300.4.33.1 * python39-curses-debuginfo-3.9.18-150300.4.33.1 * python39-idle-3.9.18-150300.4.33.1 * python39-debugsource-3.9.18-150300.4.33.1 * python39-tk-debuginfo-3.9.18-150300.4.33.1 * python39-base-debuginfo-3.9.18-150300.4.33.1 * python39-base-3.9.18-150300.4.33.1 * python39-dbm-debuginfo-3.9.18-150300.4.33.1 * libpython3_9-1_0-debuginfo-3.9.18-150300.4.33.1 * python39-dbm-3.9.18-150300.4.33.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * python39-tk-3.9.18-150300.4.33.1 * libpython3_9-1_0-3.9.18-150300.4.33.1 * python39-curses-3.9.18-150300.4.33.1 * python39-devel-3.9.18-150300.4.33.1 * python39-core-debugsource-3.9.18-150300.4.33.1 * python39-tools-3.9.18-150300.4.33.1 * python39-debuginfo-3.9.18-150300.4.33.1 * python39-3.9.18-150300.4.33.1 * python39-curses-debuginfo-3.9.18-150300.4.33.1 * python39-idle-3.9.18-150300.4.33.1 * python39-debugsource-3.9.18-150300.4.33.1 * python39-tk-debuginfo-3.9.18-150300.4.33.1 * python39-base-debuginfo-3.9.18-150300.4.33.1 * python39-base-3.9.18-150300.4.33.1 * python39-dbm-debuginfo-3.9.18-150300.4.33.1 * libpython3_9-1_0-debuginfo-3.9.18-150300.4.33.1 * python39-dbm-3.9.18-150300.4.33.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * python39-tk-3.9.18-150300.4.33.1 * libpython3_9-1_0-3.9.18-150300.4.33.1 * python39-curses-3.9.18-150300.4.33.1 * python39-devel-3.9.18-150300.4.33.1 * python39-core-debugsource-3.9.18-150300.4.33.1 * python39-tools-3.9.18-150300.4.33.1 * python39-debuginfo-3.9.18-150300.4.33.1 * python39-3.9.18-150300.4.33.1 * python39-curses-debuginfo-3.9.18-150300.4.33.1 * python39-idle-3.9.18-150300.4.33.1 * python39-debugsource-3.9.18-150300.4.33.1 * python39-tk-debuginfo-3.9.18-150300.4.33.1 * python39-base-debuginfo-3.9.18-150300.4.33.1 * python39-base-3.9.18-150300.4.33.1 * python39-dbm-debuginfo-3.9.18-150300.4.33.1 * libpython3_9-1_0-debuginfo-3.9.18-150300.4.33.1 * python39-dbm-3.9.18-150300.4.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * python39-tk-3.9.18-150300.4.33.1 * libpython3_9-1_0-3.9.18-150300.4.33.1 * python39-curses-3.9.18-150300.4.33.1 * python39-devel-3.9.18-150300.4.33.1 * python39-core-debugsource-3.9.18-150300.4.33.1 * python39-tools-3.9.18-150300.4.33.1 * python39-debuginfo-3.9.18-150300.4.33.1 * python39-3.9.18-150300.4.33.1 * python39-curses-debuginfo-3.9.18-150300.4.33.1 * python39-idle-3.9.18-150300.4.33.1 * python39-debugsource-3.9.18-150300.4.33.1 * python39-tk-debuginfo-3.9.18-150300.4.33.1 * python39-base-debuginfo-3.9.18-150300.4.33.1 * python39-base-3.9.18-150300.4.33.1 * python39-dbm-debuginfo-3.9.18-150300.4.33.1 * libpython3_9-1_0-debuginfo-3.9.18-150300.4.33.1 * python39-dbm-3.9.18-150300.4.33.1 * SUSE Manager Proxy 4.2 (x86_64) * python39-tk-3.9.18-150300.4.33.1 * libpython3_9-1_0-3.9.18-150300.4.33.1 * python39-curses-3.9.18-150300.4.33.1 * python39-devel-3.9.18-150300.4.33.1 * python39-core-debugsource-3.9.18-150300.4.33.1 * python39-debuginfo-3.9.18-150300.4.33.1 * python39-3.9.18-150300.4.33.1 * python39-curses-debuginfo-3.9.18-150300.4.33.1 * python39-idle-3.9.18-150300.4.33.1 * python39-debugsource-3.9.18-150300.4.33.1 * python39-tk-debuginfo-3.9.18-150300.4.33.1 * python39-base-debuginfo-3.9.18-150300.4.33.1 * python39-base-3.9.18-150300.4.33.1 * python39-dbm-debuginfo-3.9.18-150300.4.33.1 * libpython3_9-1_0-debuginfo-3.9.18-150300.4.33.1 * python39-dbm-3.9.18-150300.4.33.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * python39-tk-3.9.18-150300.4.33.1 * libpython3_9-1_0-3.9.18-150300.4.33.1 * python39-curses-3.9.18-150300.4.33.1 * python39-devel-3.9.18-150300.4.33.1 * python39-core-debugsource-3.9.18-150300.4.33.1 * python39-debuginfo-3.9.18-150300.4.33.1 * python39-3.9.18-150300.4.33.1 * python39-curses-debuginfo-3.9.18-150300.4.33.1 * python39-idle-3.9.18-150300.4.33.1 * python39-debugsource-3.9.18-150300.4.33.1 * python39-tk-debuginfo-3.9.18-150300.4.33.1 * python39-base-debuginfo-3.9.18-150300.4.33.1 * python39-base-3.9.18-150300.4.33.1 * python39-dbm-debuginfo-3.9.18-150300.4.33.1 * libpython3_9-1_0-debuginfo-3.9.18-150300.4.33.1 * python39-dbm-3.9.18-150300.4.33.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * python39-tk-3.9.18-150300.4.33.1 * libpython3_9-1_0-3.9.18-150300.4.33.1 * python39-curses-3.9.18-150300.4.33.1 * python39-devel-3.9.18-150300.4.33.1 * python39-core-debugsource-3.9.18-150300.4.33.1 * python39-debuginfo-3.9.18-150300.4.33.1 * python39-3.9.18-150300.4.33.1 * python39-curses-debuginfo-3.9.18-150300.4.33.1 * python39-idle-3.9.18-150300.4.33.1 * python39-debugsource-3.9.18-150300.4.33.1 * python39-tk-debuginfo-3.9.18-150300.4.33.1 * python39-base-debuginfo-3.9.18-150300.4.33.1 * python39-base-3.9.18-150300.4.33.1 * python39-dbm-debuginfo-3.9.18-150300.4.33.1 * libpython3_9-1_0-debuginfo-3.9.18-150300.4.33.1 * python39-dbm-3.9.18-150300.4.33.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * python39-tk-3.9.18-150300.4.33.1 * libpython3_9-1_0-3.9.18-150300.4.33.1 * python39-curses-3.9.18-150300.4.33.1 * python39-devel-3.9.18-150300.4.33.1 * python39-core-debugsource-3.9.18-150300.4.33.1 * python39-tools-3.9.18-150300.4.33.1 * python39-debuginfo-3.9.18-150300.4.33.1 * python39-3.9.18-150300.4.33.1 * python39-curses-debuginfo-3.9.18-150300.4.33.1 * python39-idle-3.9.18-150300.4.33.1 * python39-debugsource-3.9.18-150300.4.33.1 * python39-tk-debuginfo-3.9.18-150300.4.33.1 * python39-base-debuginfo-3.9.18-150300.4.33.1 * python39-base-3.9.18-150300.4.33.1 * python39-dbm-debuginfo-3.9.18-150300.4.33.1 * libpython3_9-1_0-debuginfo-3.9.18-150300.4.33.1 * python39-dbm-3.9.18-150300.4.33.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40217.html * https://bugzilla.suse.com/show_bug.cgi?id=1211765 * https://bugzilla.suse.com/show_bug.cgi?id=1213463 * https://bugzilla.suse.com/show_bug.cgi?id=1214692 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 16:30:06 -0000 Subject: SUSE-SU-2023:3707-1: important: Security update for cups Message-ID: <169522740614.8343.11939205080327757432@smelt2.prg2.suse.org> # Security update for cups Announcement ID: SUSE-SU-2023:3707-1 Rating: important References: * #1214254 * #1215204 Cross-References: * CVE-2023-32360 * CVE-2023-4504 CVSS scores: * CVE-2023-32360 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-32360 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-4504 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for cups fixes the following issues: * CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204). * CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation (bsc#1214254). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3707=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3707=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3707=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3707=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3707=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3707=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3707=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3707=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3707=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3707=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3707=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3707=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3707=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3707=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3707=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3707=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3707=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3707=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3707=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3707=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3707=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3707=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3707=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3707=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3707=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3707=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3707=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * cups-2.2.7-150000.3.51.2 * cups-client-2.2.7-150000.3.51.2 * cups-ddk-debuginfo-2.2.7-150000.3.51.2 * libcupsimage2-2.2.7-150000.3.51.2 * cups-devel-2.2.7-150000.3.51.2 * libcups2-2.2.7-150000.3.51.2 * cups-client-debuginfo-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-debuginfo-2.2.7-150000.3.51.2 * libcupsmime1-2.2.7-150000.3.51.2 * libcupsmime1-debuginfo-2.2.7-150000.3.51.2 * libcupsppdc1-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * libcupsimage2-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * libcupsppdc1-debuginfo-2.2.7-150000.3.51.2 * cups-ddk-2.2.7-150000.3.51.2 * openSUSE Leap 15.4 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.51.2 * libcupsimage2-32bit-2.2.7-150000.3.51.2 * libcupsppdc1-32bit-2.2.7-150000.3.51.2 * libcupscgi1-32bit-debuginfo-2.2.7-150000.3.51.2 * cups-devel-32bit-2.2.7-150000.3.51.2 * libcupsimage2-32bit-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-32bit-2.2.7-150000.3.51.2 * libcups2-32bit-2.2.7-150000.3.51.2 * libcupsmime1-32bit-2.2.7-150000.3.51.2 * libcupsppdc1-32bit-debuginfo-2.2.7-150000.3.51.2 * libcupsmime1-32bit-debuginfo-2.2.7-150000.3.51.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * cups-2.2.7-150000.3.51.2 * cups-client-2.2.7-150000.3.51.2 * cups-ddk-debuginfo-2.2.7-150000.3.51.2 * libcupsimage2-2.2.7-150000.3.51.2 * cups-devel-2.2.7-150000.3.51.2 * libcups2-2.2.7-150000.3.51.2 * cups-client-debuginfo-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-debuginfo-2.2.7-150000.3.51.2 * libcupsmime1-2.2.7-150000.3.51.2 * libcupsmime1-debuginfo-2.2.7-150000.3.51.2 * libcupsppdc1-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * libcupsimage2-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * libcupsppdc1-debuginfo-2.2.7-150000.3.51.2 * cups-ddk-2.2.7-150000.3.51.2 * openSUSE Leap 15.5 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.51.2 * libcupsimage2-32bit-2.2.7-150000.3.51.2 * libcupsppdc1-32bit-2.2.7-150000.3.51.2 * libcupscgi1-32bit-debuginfo-2.2.7-150000.3.51.2 * cups-devel-32bit-2.2.7-150000.3.51.2 * libcupsimage2-32bit-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-32bit-2.2.7-150000.3.51.2 * libcups2-32bit-2.2.7-150000.3.51.2 * libcupsmime1-32bit-2.2.7-150000.3.51.2 * libcupsppdc1-32bit-debuginfo-2.2.7-150000.3.51.2 * libcupsmime1-32bit-debuginfo-2.2.7-150000.3.51.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libcups2-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libcups2-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libcups2-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libcups2-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cups-2.2.7-150000.3.51.2 * cups-client-2.2.7-150000.3.51.2 * libcupsimage2-2.2.7-150000.3.51.2 * cups-devel-2.2.7-150000.3.51.2 * libcups2-2.2.7-150000.3.51.2 * cups-client-debuginfo-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-debuginfo-2.2.7-150000.3.51.2 * libcupsmime1-2.2.7-150000.3.51.2 * libcupsmime1-debuginfo-2.2.7-150000.3.51.2 * libcupsppdc1-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * libcupsimage2-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * libcupsppdc1-debuginfo-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * Basesystem Module 15-SP4 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.51.2 * libcups2-32bit-2.2.7-150000.3.51.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * cups-2.2.7-150000.3.51.2 * cups-client-2.2.7-150000.3.51.2 * libcupsimage2-2.2.7-150000.3.51.2 * cups-devel-2.2.7-150000.3.51.2 * libcups2-2.2.7-150000.3.51.2 * cups-client-debuginfo-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-debuginfo-2.2.7-150000.3.51.2 * libcupsmime1-2.2.7-150000.3.51.2 * libcupsmime1-debuginfo-2.2.7-150000.3.51.2 * libcupsppdc1-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * libcupsimage2-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * libcupsppdc1-debuginfo-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * Desktop Applications Module 15-SP5 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.51.2 * libcups2-32bit-2.2.7-150000.3.51.2 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cups-debugsource-2.2.7-150000.3.51.2 * cups-ddk-debuginfo-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * cups-ddk-2.2.7-150000.3.51.2 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * cups-debugsource-2.2.7-150000.3.51.2 * cups-ddk-debuginfo-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * cups-ddk-2.2.7-150000.3.51.2 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * cups-2.2.7-150000.3.51.2 * cups-client-2.2.7-150000.3.51.2 * cups-ddk-debuginfo-2.2.7-150000.3.51.2 * libcupsimage2-2.2.7-150000.3.51.2 * cups-devel-2.2.7-150000.3.51.2 * libcups2-2.2.7-150000.3.51.2 * cups-client-debuginfo-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-debuginfo-2.2.7-150000.3.51.2 * libcupsmime1-2.2.7-150000.3.51.2 * libcupsmime1-debuginfo-2.2.7-150000.3.51.2 * libcupsppdc1-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * libcupsimage2-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * libcupsppdc1-debuginfo-2.2.7-150000.3.51.2 * cups-ddk-2.2.7-150000.3.51.2 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.51.2 * libcups2-32bit-2.2.7-150000.3.51.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * cups-2.2.7-150000.3.51.2 * cups-client-2.2.7-150000.3.51.2 * cups-ddk-debuginfo-2.2.7-150000.3.51.2 * libcupsimage2-2.2.7-150000.3.51.2 * cups-devel-2.2.7-150000.3.51.2 * libcups2-2.2.7-150000.3.51.2 * cups-client-debuginfo-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-debuginfo-2.2.7-150000.3.51.2 * libcupsmime1-2.2.7-150000.3.51.2 * libcupsmime1-debuginfo-2.2.7-150000.3.51.2 * libcupsppdc1-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * libcupsimage2-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * libcupsppdc1-debuginfo-2.2.7-150000.3.51.2 * cups-ddk-2.2.7-150000.3.51.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.51.2 * libcups2-32bit-2.2.7-150000.3.51.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * cups-2.2.7-150000.3.51.2 * cups-client-2.2.7-150000.3.51.2 * cups-ddk-debuginfo-2.2.7-150000.3.51.2 * libcupsimage2-2.2.7-150000.3.51.2 * cups-devel-2.2.7-150000.3.51.2 * libcups2-2.2.7-150000.3.51.2 * cups-client-debuginfo-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-debuginfo-2.2.7-150000.3.51.2 * libcupsmime1-2.2.7-150000.3.51.2 * libcupsmime1-debuginfo-2.2.7-150000.3.51.2 * libcupsppdc1-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * libcupsimage2-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * libcupsppdc1-debuginfo-2.2.7-150000.3.51.2 * cups-ddk-2.2.7-150000.3.51.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.51.2 * libcups2-32bit-2.2.7-150000.3.51.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * cups-2.2.7-150000.3.51.2 * cups-client-2.2.7-150000.3.51.2 * cups-ddk-debuginfo-2.2.7-150000.3.51.2 * libcupsimage2-2.2.7-150000.3.51.2 * cups-devel-2.2.7-150000.3.51.2 * libcups2-2.2.7-150000.3.51.2 * cups-client-debuginfo-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-debuginfo-2.2.7-150000.3.51.2 * libcupsmime1-2.2.7-150000.3.51.2 * libcupsmime1-debuginfo-2.2.7-150000.3.51.2 * libcupsppdc1-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * libcupsimage2-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * libcupsppdc1-debuginfo-2.2.7-150000.3.51.2 * cups-ddk-2.2.7-150000.3.51.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.51.2 * libcups2-32bit-2.2.7-150000.3.51.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * cups-2.2.7-150000.3.51.2 * cups-client-2.2.7-150000.3.51.2 * cups-ddk-debuginfo-2.2.7-150000.3.51.2 * libcupsimage2-2.2.7-150000.3.51.2 * cups-devel-2.2.7-150000.3.51.2 * libcups2-2.2.7-150000.3.51.2 * cups-client-debuginfo-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-debuginfo-2.2.7-150000.3.51.2 * libcupsmime1-2.2.7-150000.3.51.2 * libcupsmime1-debuginfo-2.2.7-150000.3.51.2 * libcupsppdc1-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * libcupsimage2-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * libcupsppdc1-debuginfo-2.2.7-150000.3.51.2 * cups-ddk-2.2.7-150000.3.51.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.51.2 * libcups2-32bit-2.2.7-150000.3.51.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * cups-2.2.7-150000.3.51.2 * cups-client-2.2.7-150000.3.51.2 * cups-ddk-debuginfo-2.2.7-150000.3.51.2 * libcupsimage2-2.2.7-150000.3.51.2 * cups-devel-2.2.7-150000.3.51.2 * libcups2-2.2.7-150000.3.51.2 * cups-client-debuginfo-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-debuginfo-2.2.7-150000.3.51.2 * libcupsmime1-2.2.7-150000.3.51.2 * libcupsmime1-debuginfo-2.2.7-150000.3.51.2 * libcupsppdc1-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * libcupsimage2-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * libcupsppdc1-debuginfo-2.2.7-150000.3.51.2 * cups-ddk-2.2.7-150000.3.51.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.51.2 * libcups2-32bit-2.2.7-150000.3.51.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * cups-2.2.7-150000.3.51.2 * cups-client-2.2.7-150000.3.51.2 * cups-ddk-debuginfo-2.2.7-150000.3.51.2 * libcupsimage2-2.2.7-150000.3.51.2 * cups-devel-2.2.7-150000.3.51.2 * libcups2-2.2.7-150000.3.51.2 * cups-client-debuginfo-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-debuginfo-2.2.7-150000.3.51.2 * libcupsmime1-2.2.7-150000.3.51.2 * libcupsmime1-debuginfo-2.2.7-150000.3.51.2 * libcupsppdc1-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * libcupsimage2-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * libcupsppdc1-debuginfo-2.2.7-150000.3.51.2 * cups-ddk-2.2.7-150000.3.51.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.51.2 * libcups2-32bit-2.2.7-150000.3.51.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * cups-2.2.7-150000.3.51.2 * cups-client-2.2.7-150000.3.51.2 * cups-ddk-debuginfo-2.2.7-150000.3.51.2 * libcupsimage2-2.2.7-150000.3.51.2 * cups-devel-2.2.7-150000.3.51.2 * libcups2-2.2.7-150000.3.51.2 * cups-client-debuginfo-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-debuginfo-2.2.7-150000.3.51.2 * libcupsmime1-2.2.7-150000.3.51.2 * libcupsmime1-debuginfo-2.2.7-150000.3.51.2 * libcupsppdc1-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * libcupsimage2-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * libcupsppdc1-debuginfo-2.2.7-150000.3.51.2 * cups-ddk-2.2.7-150000.3.51.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.51.2 * libcups2-32bit-2.2.7-150000.3.51.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * cups-2.2.7-150000.3.51.2 * cups-client-2.2.7-150000.3.51.2 * cups-ddk-debuginfo-2.2.7-150000.3.51.2 * libcupsimage2-2.2.7-150000.3.51.2 * cups-devel-2.2.7-150000.3.51.2 * libcups2-2.2.7-150000.3.51.2 * cups-client-debuginfo-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-debuginfo-2.2.7-150000.3.51.2 * libcupsmime1-2.2.7-150000.3.51.2 * libcupsmime1-debuginfo-2.2.7-150000.3.51.2 * libcupsppdc1-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * libcupsimage2-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * libcupsppdc1-debuginfo-2.2.7-150000.3.51.2 * cups-ddk-2.2.7-150000.3.51.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.51.2 * libcups2-32bit-2.2.7-150000.3.51.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * cups-2.2.7-150000.3.51.2 * cups-client-2.2.7-150000.3.51.2 * cups-ddk-debuginfo-2.2.7-150000.3.51.2 * libcupsimage2-2.2.7-150000.3.51.2 * cups-devel-2.2.7-150000.3.51.2 * libcups2-2.2.7-150000.3.51.2 * cups-client-debuginfo-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-debuginfo-2.2.7-150000.3.51.2 * libcupsmime1-2.2.7-150000.3.51.2 * libcupsmime1-debuginfo-2.2.7-150000.3.51.2 * libcupsppdc1-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * libcupsimage2-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * libcupsppdc1-debuginfo-2.2.7-150000.3.51.2 * cups-ddk-2.2.7-150000.3.51.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.51.2 * libcups2-32bit-2.2.7-150000.3.51.2 * SUSE Manager Proxy 4.2 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.51.2 * cups-2.2.7-150000.3.51.2 * cups-client-2.2.7-150000.3.51.2 * libcupsppdc1-debuginfo-2.2.7-150000.3.51.2 * libcupsimage2-2.2.7-150000.3.51.2 * cups-devel-2.2.7-150000.3.51.2 * libcups2-2.2.7-150000.3.51.2 * cups-client-debuginfo-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcups2-32bit-2.2.7-150000.3.51.2 * libcupscgi1-debuginfo-2.2.7-150000.3.51.2 * libcupsmime1-2.2.7-150000.3.51.2 * libcupsmime1-debuginfo-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * libcupsimage2-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * libcupsppdc1-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.51.2 * cups-2.2.7-150000.3.51.2 * cups-client-2.2.7-150000.3.51.2 * libcupsppdc1-debuginfo-2.2.7-150000.3.51.2 * libcupsimage2-2.2.7-150000.3.51.2 * cups-devel-2.2.7-150000.3.51.2 * libcups2-2.2.7-150000.3.51.2 * cups-client-debuginfo-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcups2-32bit-2.2.7-150000.3.51.2 * libcupscgi1-debuginfo-2.2.7-150000.3.51.2 * libcupsmime1-2.2.7-150000.3.51.2 * libcupsmime1-debuginfo-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * libcupsimage2-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * libcupsppdc1-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * cups-2.2.7-150000.3.51.2 * cups-client-2.2.7-150000.3.51.2 * libcupsimage2-2.2.7-150000.3.51.2 * cups-devel-2.2.7-150000.3.51.2 * libcups2-2.2.7-150000.3.51.2 * cups-client-debuginfo-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-debuginfo-2.2.7-150000.3.51.2 * libcupsmime1-2.2.7-150000.3.51.2 * libcupsmime1-debuginfo-2.2.7-150000.3.51.2 * libcupsppdc1-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * libcupsimage2-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * libcupsppdc1-debuginfo-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * SUSE Manager Server 4.2 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.51.2 * libcups2-32bit-2.2.7-150000.3.51.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * cups-2.2.7-150000.3.51.2 * cups-client-2.2.7-150000.3.51.2 * cups-ddk-debuginfo-2.2.7-150000.3.51.2 * libcupsimage2-2.2.7-150000.3.51.2 * cups-devel-2.2.7-150000.3.51.2 * libcups2-2.2.7-150000.3.51.2 * cups-client-debuginfo-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-debuginfo-2.2.7-150000.3.51.2 * libcupsmime1-2.2.7-150000.3.51.2 * libcupsmime1-debuginfo-2.2.7-150000.3.51.2 * libcupsppdc1-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * libcupsimage2-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * libcupsppdc1-debuginfo-2.2.7-150000.3.51.2 * cups-ddk-2.2.7-150000.3.51.2 * SUSE Enterprise Storage 7.1 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.51.2 * libcups2-32bit-2.2.7-150000.3.51.2 * SUSE CaaS Platform 4.0 (x86_64) * libcupsmime1-debuginfo-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * libcupscgi1-debuginfo-2.2.7-150000.3.51.2 * cups-ddk-debuginfo-2.2.7-150000.3.51.2 * cups-client-2.2.7-150000.3.51.2 * libcupsimage2-2.2.7-150000.3.51.2 * cups-client-debuginfo-2.2.7-150000.3.51.2 * libcupsppdc1-debuginfo-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcupsmime1-2.2.7-150000.3.51.2 * libcupsimage2-debuginfo-2.2.7-150000.3.51.2 * libcupscgi1-2.2.7-150000.3.51.2 * libcups2-32bit-debuginfo-2.2.7-150000.3.51.2 * cups-2.2.7-150000.3.51.2 * libcups2-2.2.7-150000.3.51.2 * libcups2-32bit-2.2.7-150000.3.51.2 * libcupsppdc1-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * cups-ddk-2.2.7-150000.3.51.2 * cups-devel-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libcups2-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libcups2-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 * cups-debugsource-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 ## References: * https://www.suse.com/security/cve/CVE-2023-32360.html * https://www.suse.com/security/cve/CVE-2023-4504.html * https://bugzilla.suse.com/show_bug.cgi?id=1214254 * https://bugzilla.suse.com/show_bug.cgi?id=1215204 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 16:30:09 -0000 Subject: SUSE-SU-2023:3706-1: important: Security update for cups Message-ID: <169522740983.8343.7149012084343998990@smelt2.prg2.suse.org> # Security update for cups Announcement ID: SUSE-SU-2023:3706-1 Rating: important References: * #1212230 * #1214254 * #1215204 Cross-References: * CVE-2023-32360 * CVE-2023-34241 * CVE-2023-4504 CVSS scores: * CVE-2023-32360 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-32360 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34241 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-34241 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-4504 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves three vulnerabilities can now be installed. ## Description: This update for cups fixes the following issues: * CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204). * CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230). * CVE-2023-32360: Fixed information leak through Cups-Get-Document operation (bsc#1214254). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-3706=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-3706=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3706=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-3706=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-3706=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-3706=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3706=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3706=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3706=1 * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-3706=1 ## Package List: * SUSE OpenStack Cloud Crowbar 9 (x86_64) * cups-client-1.7.5-20.46.1 * cups-1.7.5-20.46.1 * cups-debuginfo-1.7.5-20.46.1 * cups-debugsource-1.7.5-20.46.1 * cups-libs-debuginfo-32bit-1.7.5-20.46.1 * cups-libs-32bit-1.7.5-20.46.1 * cups-client-debuginfo-1.7.5-20.46.1 * cups-libs-1.7.5-20.46.1 * cups-libs-debuginfo-1.7.5-20.46.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * cups-client-1.7.5-20.46.1 * cups-1.7.5-20.46.1 * cups-debuginfo-1.7.5-20.46.1 * cups-debugsource-1.7.5-20.46.1 * cups-client-debuginfo-1.7.5-20.46.1 * cups-libs-1.7.5-20.46.1 * cups-libs-debuginfo-1.7.5-20.46.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * cups-libs-32bit-1.7.5-20.46.1 * cups-libs-debuginfo-32bit-1.7.5-20.46.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * cups-devel-1.7.5-20.46.1 * cups-debuginfo-1.7.5-20.46.1 * cups-debugsource-1.7.5-20.46.1 * cups-ddk-debuginfo-1.7.5-20.46.1 * cups-ddk-1.7.5-20.46.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * cups-client-1.7.5-20.46.1 * cups-1.7.5-20.46.1 * cups-debuginfo-1.7.5-20.46.1 * cups-debugsource-1.7.5-20.46.1 * cups-libs-debuginfo-32bit-1.7.5-20.46.1 * cups-libs-32bit-1.7.5-20.46.1 * cups-client-debuginfo-1.7.5-20.46.1 * cups-libs-1.7.5-20.46.1 * cups-libs-debuginfo-1.7.5-20.46.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * cups-client-1.7.5-20.46.1 * cups-1.7.5-20.46.1 * cups-debuginfo-1.7.5-20.46.1 * cups-debugsource-1.7.5-20.46.1 * cups-client-debuginfo-1.7.5-20.46.1 * cups-libs-1.7.5-20.46.1 * cups-libs-debuginfo-1.7.5-20.46.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * cups-libs-32bit-1.7.5-20.46.1 * cups-libs-debuginfo-32bit-1.7.5-20.46.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * cups-client-1.7.5-20.46.1 * cups-1.7.5-20.46.1 * cups-debuginfo-1.7.5-20.46.1 * cups-debugsource-1.7.5-20.46.1 * cups-client-debuginfo-1.7.5-20.46.1 * cups-libs-1.7.5-20.46.1 * cups-libs-debuginfo-1.7.5-20.46.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * cups-libs-32bit-1.7.5-20.46.1 * cups-libs-debuginfo-32bit-1.7.5-20.46.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * cups-client-1.7.5-20.46.1 * cups-1.7.5-20.46.1 * cups-debuginfo-1.7.5-20.46.1 * cups-debugsource-1.7.5-20.46.1 * cups-client-debuginfo-1.7.5-20.46.1 * cups-libs-1.7.5-20.46.1 * cups-libs-debuginfo-1.7.5-20.46.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * cups-libs-32bit-1.7.5-20.46.1 * cups-libs-debuginfo-32bit-1.7.5-20.46.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * cups-client-1.7.5-20.46.1 * cups-1.7.5-20.46.1 * cups-debuginfo-1.7.5-20.46.1 * cups-debugsource-1.7.5-20.46.1 * cups-client-debuginfo-1.7.5-20.46.1 * cups-libs-1.7.5-20.46.1 * cups-libs-debuginfo-1.7.5-20.46.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * cups-libs-32bit-1.7.5-20.46.1 * cups-libs-debuginfo-32bit-1.7.5-20.46.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * cups-client-1.7.5-20.46.1 * cups-1.7.5-20.46.1 * cups-debuginfo-1.7.5-20.46.1 * cups-debugsource-1.7.5-20.46.1 * cups-client-debuginfo-1.7.5-20.46.1 * cups-libs-1.7.5-20.46.1 * cups-libs-debuginfo-1.7.5-20.46.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * cups-libs-32bit-1.7.5-20.46.1 * cups-libs-debuginfo-32bit-1.7.5-20.46.1 * SUSE OpenStack Cloud 9 (x86_64) * cups-client-1.7.5-20.46.1 * cups-1.7.5-20.46.1 * cups-debuginfo-1.7.5-20.46.1 * cups-debugsource-1.7.5-20.46.1 * cups-libs-debuginfo-32bit-1.7.5-20.46.1 * cups-libs-32bit-1.7.5-20.46.1 * cups-client-debuginfo-1.7.5-20.46.1 * cups-libs-1.7.5-20.46.1 * cups-libs-debuginfo-1.7.5-20.46.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32360.html * https://www.suse.com/security/cve/CVE-2023-34241.html * https://www.suse.com/security/cve/CVE-2023-4504.html * https://bugzilla.suse.com/show_bug.cgi?id=1212230 * https://bugzilla.suse.com/show_bug.cgi?id=1214254 * https://bugzilla.suse.com/show_bug.cgi?id=1215204 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 20:30:02 -0000 Subject: SUSE-SU-2023:3714-1: important: Security update for rubygem-rails-html-sanitizer Message-ID: <169524180291.22962.13338277363155323358@smelt2.prg2.suse.org> # Security update for rubygem-rails-html-sanitizer Announcement ID: SUSE-SU-2023:3714-1 Rating: important References: * #1206433 * #1206434 * #1206435 * #1206436 Cross-References: * CVE-2022-23517 * CVE-2022-23518 * CVE-2022-23519 * CVE-2022-23520 CVSS scores: * CVE-2022-23517 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2022-23517 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-23518 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L * CVE-2022-23518 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2022-23518 ( NVD ): 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2022-23519 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N * CVE-2022-23519 ( NVD ): 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N * CVE-2022-23520 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2022-23520 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves four vulnerabilities can now be installed. ## Description: This update for rubygem-rails-html-sanitizer fixes the following issues: * CVE-2022-23517: Fixed inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. (bsc#1206433) * CVE-2022-23518: Fixed XSS via data URIs when used in combination with Loofah. (bsc#1206434) * CVE-2022-23519: Fixed XSS vulnerability with certain configurations of Rails::Html::Sanitizer. (bsc#1206435) * CVE-2022-23520: Fixed XSS vulnerability with certain configurations of Rails::Html::Sanitizer. (bsc#1206436) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3714=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3714=1 * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-3714=1 * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-3714=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-3714=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-3714=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-3714=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rails-html-sanitizer-doc-1.0.4-150000.4.6.1 * ruby2.5-rubygem-rails-html-sanitizer-testsuite-1.0.4-150000.4.6.1 * ruby2.5-rubygem-rails-html-sanitizer-1.0.4-150000.4.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rails-html-sanitizer-doc-1.0.4-150000.4.6.1 * ruby2.5-rubygem-rails-html-sanitizer-testsuite-1.0.4-150000.4.6.1 * ruby2.5-rubygem-rails-html-sanitizer-1.0.4-150000.4.6.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rails-html-sanitizer-1.0.4-150000.4.6.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rails-html-sanitizer-1.0.4-150000.4.6.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rails-html-sanitizer-1.0.4-150000.4.6.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rails-html-sanitizer-1.0.4-150000.4.6.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rails-html-sanitizer-1.0.4-150000.4.6.1 ## References: * https://www.suse.com/security/cve/CVE-2022-23517.html * https://www.suse.com/security/cve/CVE-2022-23518.html * https://www.suse.com/security/cve/CVE-2022-23519.html * https://www.suse.com/security/cve/CVE-2022-23520.html * https://bugzilla.suse.com/show_bug.cgi?id=1206433 * https://bugzilla.suse.com/show_bug.cgi?id=1206434 * https://bugzilla.suse.com/show_bug.cgi?id=1206435 * https://bugzilla.suse.com/show_bug.cgi?id=1206436 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 20:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 20:30:05 -0000 Subject: SUSE-SU-2023:3713-1: important: Security update for skopeo Message-ID: <169524180585.22962.6006712121906721495@smelt2.prg2.suse.org> # Security update for skopeo Announcement ID: SUSE-SU-2023:3713-1 Rating: important References: * #1212475 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that has one security fix can now be installed. ## Description: This update of skopeo fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3713=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3713=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3713=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3713=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3713=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3713=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3713=1 ## Package List: * SUSE Enterprise Storage 7 (aarch64 x86_64) * skopeo-debuginfo-0.1.41-150000.4.20.1 * skopeo-0.1.41-150000.4.20.1 * SUSE CaaS Platform 4.0 (x86_64) * skopeo-debuginfo-0.1.41-150000.4.20.1 * skopeo-0.1.41-150000.4.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * skopeo-debuginfo-0.1.41-150000.4.20.1 * skopeo-0.1.41-150000.4.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * skopeo-debuginfo-0.1.41-150000.4.20.1 * skopeo-0.1.41-150000.4.20.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * skopeo-debuginfo-0.1.41-150000.4.20.1 * skopeo-0.1.41-150000.4.20.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * skopeo-debuginfo-0.1.41-150000.4.20.1 * skopeo-0.1.41-150000.4.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * skopeo-debuginfo-0.1.41-150000.4.20.1 * skopeo-0.1.41-150000.4.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * skopeo-debuginfo-0.1.41-150000.4.20.1 * skopeo-0.1.41-150000.4.20.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 20:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 20:30:07 -0000 Subject: SUSE-SU-2023:3712-1: low: Security update for mariadb Message-ID: <169524180795.22962.16970741654277027048@smelt2.prg2.suse.org> # Security update for mariadb Announcement ID: SUSE-SU-2023:3712-1 Rating: low References: * #1207404 Cross-References: * CVE-2022-47015 CVSS scores: * CVE-2022-47015 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2022-47015 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for mariadb fixes the following issues: Updated to version 10.4.31: * CVE-2022-47015: Fixed a denial of service that could be triggered by a crafted SQL query (bsc#1207404). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3712=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3712=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3712=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3712=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * mariadb-client-debuginfo-10.4.31-150200.3.45.1 * mariadb-client-10.4.31-150200.3.45.1 * mariadb-tools-10.4.31-150200.3.45.1 * mariadb-debugsource-10.4.31-150200.3.45.1 * libmariadbd19-debuginfo-10.4.31-150200.3.45.1 * mariadb-tools-debuginfo-10.4.31-150200.3.45.1 * mariadb-debuginfo-10.4.31-150200.3.45.1 * mariadb-10.4.31-150200.3.45.1 * libmariadbd19-10.4.31-150200.3.45.1 * libmariadbd-devel-10.4.31-150200.3.45.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * mariadb-errormessages-10.4.31-150200.3.45.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * mariadb-client-debuginfo-10.4.31-150200.3.45.1 * mariadb-client-10.4.31-150200.3.45.1 * mariadb-tools-10.4.31-150200.3.45.1 * mariadb-debugsource-10.4.31-150200.3.45.1 * libmariadbd19-debuginfo-10.4.31-150200.3.45.1 * mariadb-tools-debuginfo-10.4.31-150200.3.45.1 * mariadb-debuginfo-10.4.31-150200.3.45.1 * mariadb-10.4.31-150200.3.45.1 * libmariadbd19-10.4.31-150200.3.45.1 * libmariadbd-devel-10.4.31-150200.3.45.1 * SUSE Enterprise Storage 7 (noarch) * mariadb-errormessages-10.4.31-150200.3.45.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * mariadb-client-debuginfo-10.4.31-150200.3.45.1 * mariadb-client-10.4.31-150200.3.45.1 * mariadb-tools-10.4.31-150200.3.45.1 * mariadb-debugsource-10.4.31-150200.3.45.1 * libmariadbd19-debuginfo-10.4.31-150200.3.45.1 * mariadb-tools-debuginfo-10.4.31-150200.3.45.1 * mariadb-debuginfo-10.4.31-150200.3.45.1 * mariadb-10.4.31-150200.3.45.1 * libmariadbd19-10.4.31-150200.3.45.1 * libmariadbd-devel-10.4.31-150200.3.45.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * mariadb-errormessages-10.4.31-150200.3.45.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * mariadb-client-debuginfo-10.4.31-150200.3.45.1 * mariadb-client-10.4.31-150200.3.45.1 * mariadb-tools-10.4.31-150200.3.45.1 * mariadb-debugsource-10.4.31-150200.3.45.1 * libmariadbd19-debuginfo-10.4.31-150200.3.45.1 * mariadb-tools-debuginfo-10.4.31-150200.3.45.1 * mariadb-debuginfo-10.4.31-150200.3.45.1 * mariadb-10.4.31-150200.3.45.1 * libmariadbd19-10.4.31-150200.3.45.1 * libmariadbd-devel-10.4.31-150200.3.45.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * mariadb-errormessages-10.4.31-150200.3.45.1 ## References: * https://www.suse.com/security/cve/CVE-2022-47015.html * https://bugzilla.suse.com/show_bug.cgi?id=1207404 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 20:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 20:30:09 -0000 Subject: SUSE-SU-2023:3711-1: low: Security update for redis7 Message-ID: <169524180997.22962.12036203534836411880@smelt2.prg2.suse.org> # Security update for redis7 Announcement ID: SUSE-SU-2023:3711-1 Rating: low References: * #1215094 Cross-References: * CVE-2023-41053 CVSS scores: * CVE-2023-41053 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-41053 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for redis7 fixes the following issues: * CVE-2023-41053: Fixed SORT_RO may bypass ACL configuration (bsc#1215094). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3711=1 openSUSE-SLE-15.5-2023-3711=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3711=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * redis7-debuginfo-7.0.8-150500.3.6.1 * redis7-debugsource-7.0.8-150500.3.6.1 * redis7-7.0.8-150500.3.6.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * redis7-debuginfo-7.0.8-150500.3.6.1 * redis7-debugsource-7.0.8-150500.3.6.1 * redis7-7.0.8-150500.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41053.html * https://bugzilla.suse.com/show_bug.cgi?id=1215094 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 20:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 20:30:13 -0000 Subject: SUSE-SU-2023:3710-1: moderate: Security update for openvswitch3 Message-ID: <169524181338.22962.15836910206990074563@smelt2.prg2.suse.org> # Security update for openvswitch3 Announcement ID: SUSE-SU-2023:3710-1 Rating: moderate References: * #1212125 Cross-References: * CVE-2023-3152 * CVE-2023-3153 CVSS scores: * CVE-2023-3152 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3152 ( NVD ): 6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-3153 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for openvswitch3 fixes the following issues: * CVE-2023-3153: Fixed service monitor MAC flow is not rate limited (bsc#1212125). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3710=1 openSUSE-SLE-15.5-2023-3710=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3710=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * ovn3-debuginfo-23.03.0-150500.3.6.2 * openvswitch3-test-3.1.0-150500.3.6.2 * ovn3-host-23.03.0-150500.3.6.2 * libovn-23_03-0-debuginfo-23.03.0-150500.3.6.2 * openvswitch3-debugsource-3.1.0-150500.3.6.2 * libopenvswitch-3_1-0-3.1.0-150500.3.6.2 * openvswitch3-vtep-3.1.0-150500.3.6.2 * openvswitch3-ipsec-3.1.0-150500.3.6.2 * ovn3-23.03.0-150500.3.6.2 * openvswitch3-devel-3.1.0-150500.3.6.2 * ovn3-devel-23.03.0-150500.3.6.2 * ovn3-host-debuginfo-23.03.0-150500.3.6.2 * openvswitch3-vtep-debuginfo-3.1.0-150500.3.6.2 * ovn3-central-debuginfo-23.03.0-150500.3.6.2 * openvswitch3-3.1.0-150500.3.6.2 * ovn3-vtep-23.03.0-150500.3.6.2 * openvswitch3-debuginfo-3.1.0-150500.3.6.2 * ovn3-central-23.03.0-150500.3.6.2 * libopenvswitch-3_1-0-debuginfo-3.1.0-150500.3.6.2 * openvswitch3-test-debuginfo-3.1.0-150500.3.6.2 * python3-ovs3-3.1.0-150500.3.6.2 * libovn-23_03-0-23.03.0-150500.3.6.2 * ovn3-vtep-debuginfo-23.03.0-150500.3.6.2 * ovn3-docker-23.03.0-150500.3.6.2 * openvswitch3-pki-3.1.0-150500.3.6.2 * openSUSE Leap 15.5 (noarch) * openvswitch3-doc-3.1.0-150500.3.6.2 * ovn3-doc-23.03.0-150500.3.6.2 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * ovn3-debuginfo-23.03.0-150500.3.6.2 * openvswitch3-test-3.1.0-150500.3.6.2 * ovn3-host-23.03.0-150500.3.6.2 * libovn-23_03-0-debuginfo-23.03.0-150500.3.6.2 * openvswitch3-debugsource-3.1.0-150500.3.6.2 * libopenvswitch-3_1-0-3.1.0-150500.3.6.2 * openvswitch3-vtep-3.1.0-150500.3.6.2 * openvswitch3-ipsec-3.1.0-150500.3.6.2 * ovn3-23.03.0-150500.3.6.2 * openvswitch3-devel-3.1.0-150500.3.6.2 * ovn3-devel-23.03.0-150500.3.6.2 * ovn3-host-debuginfo-23.03.0-150500.3.6.2 * openvswitch3-vtep-debuginfo-3.1.0-150500.3.6.2 * ovn3-central-debuginfo-23.03.0-150500.3.6.2 * openvswitch3-3.1.0-150500.3.6.2 * ovn3-vtep-23.03.0-150500.3.6.2 * openvswitch3-debuginfo-3.1.0-150500.3.6.2 * ovn3-central-23.03.0-150500.3.6.2 * libopenvswitch-3_1-0-debuginfo-3.1.0-150500.3.6.2 * openvswitch3-test-debuginfo-3.1.0-150500.3.6.2 * python3-ovs3-3.1.0-150500.3.6.2 * libovn-23_03-0-23.03.0-150500.3.6.2 * ovn3-vtep-debuginfo-23.03.0-150500.3.6.2 * ovn3-docker-23.03.0-150500.3.6.2 * openvswitch3-pki-3.1.0-150500.3.6.2 ## References: * https://www.suse.com/security/cve/CVE-2023-3152.html * https://www.suse.com/security/cve/CVE-2023-3153.html * https://bugzilla.suse.com/show_bug.cgi?id=1212125 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Sep 20 20:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Sep 2023 20:30:16 -0000 Subject: SUSE-SU-2023:3709-1: important: Security update for frr Message-ID: <169524181629.22962.7634223057471377344@smelt2.prg2.suse.org> # Security update for frr Announcement ID: SUSE-SU-2023:3709-1 Rating: important References: * #1213284 * #1213434 * #1214735 * #1214739 * #1215065 Cross-References: * CVE-2023-3748 * CVE-2023-38802 * CVE-2023-41358 * CVE-2023-41360 * CVE-2023-41909 CVSS scores: * CVE-2023-3748 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3748 ( NVD ): 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-38802 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38802 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-41358 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-41358 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-41360 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-41360 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2023-41909 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-41909 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for frr fixes the following issues: * CVE-2023-38802: Fixed bad length handling in BGP attribute handling (bsc#1213284). * CVE-2023-41358: Fixed crash in bgpd/bgp_packet.c (bsc#1214735). * CVE-2023-41360: Fixed out-of-bounds read in bgpd/bgp_packet.c (bsc#1214739). * CVE-2023-3748: Fixed inifinite loop in babld message parsing may cause DoS (bsc#1213434). * CVE-2023-41909: Fixed NULL pointer dereference due to processing in bgp_nlri_parse_flowspec (bsc#1215065). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3709=1 openSUSE-SLE-15.5-2023-3709=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3709=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libfrrzmq0-8.4-150500.4.8.1 * libfrr_pb0-8.4-150500.4.8.1 * frr-devel-8.4-150500.4.8.1 * libfrr0-8.4-150500.4.8.1 * libfrr_pb0-debuginfo-8.4-150500.4.8.1 * libfrrzmq0-debuginfo-8.4-150500.4.8.1 * libfrrcares0-debuginfo-8.4-150500.4.8.1 * libfrrsnmp0-debuginfo-8.4-150500.4.8.1 * libmlag_pb0-8.4-150500.4.8.1 * libmlag_pb0-debuginfo-8.4-150500.4.8.1 * libfrrospfapiclient0-8.4-150500.4.8.1 * libfrrfpm_pb0-8.4-150500.4.8.1 * libfrrospfapiclient0-debuginfo-8.4-150500.4.8.1 * frr-debuginfo-8.4-150500.4.8.1 * frr-8.4-150500.4.8.1 * libfrrsnmp0-8.4-150500.4.8.1 * libfrrfpm_pb0-debuginfo-8.4-150500.4.8.1 * frr-debugsource-8.4-150500.4.8.1 * libfrrcares0-8.4-150500.4.8.1 * libfrr0-debuginfo-8.4-150500.4.8.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libfrrzmq0-8.4-150500.4.8.1 * libfrr_pb0-8.4-150500.4.8.1 * frr-devel-8.4-150500.4.8.1 * libfrr0-8.4-150500.4.8.1 * libfrr_pb0-debuginfo-8.4-150500.4.8.1 * libfrrzmq0-debuginfo-8.4-150500.4.8.1 * libfrrcares0-debuginfo-8.4-150500.4.8.1 * libfrrsnmp0-debuginfo-8.4-150500.4.8.1 * libmlag_pb0-8.4-150500.4.8.1 * libmlag_pb0-debuginfo-8.4-150500.4.8.1 * libfrrospfapiclient0-8.4-150500.4.8.1 * libfrrfpm_pb0-8.4-150500.4.8.1 * libfrrospfapiclient0-debuginfo-8.4-150500.4.8.1 * frr-debuginfo-8.4-150500.4.8.1 * frr-8.4-150500.4.8.1 * libfrrsnmp0-8.4-150500.4.8.1 * libfrrfpm_pb0-debuginfo-8.4-150500.4.8.1 * frr-debugsource-8.4-150500.4.8.1 * libfrrcares0-8.4-150500.4.8.1 * libfrr0-debuginfo-8.4-150500.4.8.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3748.html * https://www.suse.com/security/cve/CVE-2023-38802.html * https://www.suse.com/security/cve/CVE-2023-41358.html * https://www.suse.com/security/cve/CVE-2023-41360.html * https://www.suse.com/security/cve/CVE-2023-41909.html * https://bugzilla.suse.com/show_bug.cgi?id=1213284 * https://bugzilla.suse.com/show_bug.cgi?id=1213434 * https://bugzilla.suse.com/show_bug.cgi?id=1214735 * https://bugzilla.suse.com/show_bug.cgi?id=1214739 * https://bugzilla.suse.com/show_bug.cgi?id=1215065 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Sep 21 07:05:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Sep 2023 09:05:52 +0200 (CEST) Subject: SUSE-CU-2023:3063-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20230921070552.C0813FD98@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3063-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.52 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.52 Severity : important Type : security References : 1214052 1214768 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - container:sles15-image-15.0.0-36.5.34 updated From sle-updates at lists.suse.com Thu Sep 21 07:08:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Sep 2023 09:08:19 +0200 (CEST) Subject: SUSE-CU-2023:3064-1: Security update of suse/sle15 Message-ID: <20230921070819.4FD57FD98@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3064-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.185 , suse/sle15:15.3 , suse/sle15:15.3.17.20.185 Container Release : 17.20.185 Severity : important Type : security References : 1198165 1211078 1214052 1214768 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3639-1 Released: Mon Sep 18 13:33:16 2023 Summary: Security update for libeconf Type: security Severity: moderate References: 1198165,1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following non-security bug was fixed: - Fixed parsing files correctly which have space characters AND none space characters as delimiters (bsc#1198165). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3698-1 Released: Wed Sep 20 11:01:15 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libeconf0-0.5.2-150300.3.11.1 updated - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.9.7-150000.3.60.1 updated From sle-updates at lists.suse.com Thu Sep 21 07:08:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Sep 2023 09:08:50 +0200 (CEST) Subject: SUSE-CU-2023:3066-1: Security update of bci/golang Message-ID: <20230921070850.0388BFD98@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3066-1 Container Tags : bci/golang:1.19-openssl , bci/golang:1.19-openssl-5.7 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-5.7 Container Release : 5.7 Severity : important Type : security References : 1195517 1196861 1204505 1205145 1214052 1214052 1214768 CVE-2023-39615 CVE-2023-4039 CVE-2023-4039 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3686-1 Released: Tue Sep 19 17:23:03 2023 Summary: Security update for gcc7 Type: security Severity: important References: 1195517,1196861,1204505,1205145,1214052,CVE-2023-4039 This update for gcc7 fixes the following issues: Security issue fixed: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). Other fixes: - Fixed KASAN kernel compile. [bsc#1205145] - Fixed ICE with C++17 code as reported in [bsc#1204505] - Fixed altivec.h redefining bool in C++ which makes bool unusable (bsc#1195517): - Adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - libasan4-7.5.0+r278197-150000.4.35.1 updated - libatomic1-12.3.0+git1204-150000.1.16.1 updated - libcilkrts5-7.5.0+r278197-150000.4.35.1 updated - libgomp1-12.3.0+git1204-150000.1.16.1 updated - libitm1-12.3.0+git1204-150000.1.16.1 updated - liblsan0-12.3.0+git1204-150000.1.16.1 updated - libubsan0-7.5.0+r278197-150000.4.35.1 updated - cpp7-7.5.0+r278197-150000.4.35.1 updated - gcc7-7.5.0+r278197-150000.4.35.1 updated - container:sles15-image-15.0.0-36.5.34 updated From sle-updates at lists.suse.com Thu Sep 21 07:09:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Sep 2023 09:09:08 +0200 (CEST) Subject: SUSE-CU-2023:3067-1: Security update of bci/golang Message-ID: <20230921070908.170F4FD98@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3067-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-1.2.7 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.2.7 Container Release : 2.7 Severity : important Type : security References : 1195517 1196861 1204505 1205145 1212475 1214052 1214052 1214768 1215084 1215085 1215086 1215087 1215090 CVE-2023-39318 CVE-2023-39319 CVE-2023-39320 CVE-2023-39321 CVE-2023-39322 CVE-2023-39615 CVE-2023-4039 CVE-2023-4039 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3686-1 Released: Tue Sep 19 17:23:03 2023 Summary: Security update for gcc7 Type: security Severity: important References: 1195517,1196861,1204505,1205145,1214052,CVE-2023-4039 This update for gcc7 fixes the following issues: Security issue fixed: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). Other fixes: - Fixed KASAN kernel compile. [bsc#1205145] - Fixed ICE with C++17 code as reported in [bsc#1204505] - Fixed altivec.h redefining bool in C++ which makes bool unusable (bsc#1195517): - Adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3701-1 Released: Wed Sep 20 11:19:10 2023 Summary: Security update for go1.21 Type: security Severity: important References: 1212475,1215084,1215085,1215086,1215087,1215090,CVE-2023-39318,CVE-2023-39319,CVE-2023-39320,CVE-2023-39321,CVE-2023-39322 This update for go1.21 fixes the following issues: Update to go1.21.1 (bsc#1212475). - CVE-2023-39318: Fixed improper handling of HTML-like comments within script contexts in html/template (bsc#1215084). - CVE-2023-39319: Fixed improper handling of special tags within script contexts in html/template (bsc#1215085). - CVE-2023-39320: Fixed arbitrary execution in go.mod toolchain directive (bsc#1215086). - CVE-2023-39321, CVE-2023-39322: Fixed a panic when processing post-handshake message on QUIC connections in crypto/tls (bsc#1215087). The following non-security bug was fixed: - Add missing directory pprof html asset directory to package (bsc#1215090). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - go1.21-doc-1.21.1-150000.1.6.1 updated - libasan4-7.5.0+r278197-150000.4.35.1 updated - libatomic1-12.3.0+git1204-150000.1.16.1 updated - libcilkrts5-7.5.0+r278197-150000.4.35.1 updated - libgomp1-12.3.0+git1204-150000.1.16.1 updated - libitm1-12.3.0+git1204-150000.1.16.1 updated - liblsan0-12.3.0+git1204-150000.1.16.1 updated - libubsan0-7.5.0+r278197-150000.4.35.1 updated - cpp7-7.5.0+r278197-150000.4.35.1 updated - gcc7-7.5.0+r278197-150000.4.35.1 updated - go1.21-1.21.1-150000.1.6.1 updated - go1.21-race-1.21.1-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.34 updated From sle-updates at lists.suse.com Thu Sep 21 07:09:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Sep 2023 09:09:25 +0200 (CEST) Subject: SUSE-CU-2023:3068-1: Security update of bci/openjdk Message-ID: <20230921070925.2EB78FD98@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3068-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-9.50 Container Release : 9.50 Severity : important Type : security References : 1214052 1214768 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3641-1 Released: Mon Sep 18 15:02:47 2023 Summary: Recommended update for java-11-openjdk Type: recommended Severity: important References: This update for java-11-openjdk fixes the following issues: - Fix a regression where the validation would reject valid zip64 (zip with 64-bit offset extensions) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - java-11-openjdk-headless-11.0.20.1-150000.3.102.1 updated - java-11-openjdk-11.0.20.1-150000.3.102.1 updated - container:sles15-image-15.0.0-36.5.34 updated From sle-updates at lists.suse.com Thu Sep 21 07:31:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Sep 2023 09:31:51 +0200 (CEST) Subject: SUSE-CU-2023:3070-1: Security update of ses/7.1/cephcsi/cephcsi Message-ID: <20230921073151.B9F35FD98@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3070-1 Container Tags : ses/7.1/cephcsi/cephcsi:3.8.0.1 , ses/7.1/cephcsi/cephcsi:3.8.0.1.0.4.7.1 , ses/7.1/cephcsi/cephcsi:latest , ses/7.1/cephcsi/cephcsi:sle15.3.pacific , ses/7.1/cephcsi/cephcsi:v3.8.0.1 , ses/7.1/cephcsi/cephcsi:v3.8.0.1.0 Container Release : 4.7.1 Severity : important Type : security References : 1089497 1099269 1103893 1112183 1133277 1144068 1157881 1158763 1162343 1177127 1178168 1182066 1182142 1184753 1186673 1193412 1194530 1197726 1198165 1198331 1199282 1200710 1201627 1202234 1203681 1203750 1204072 1204256 1206627 1207534 1207805 1208721 1209229 1209279 1209536 1209565 1209859 1210740 1210999 1211078 1211079 1211158 1211261 1211419 1211661 1211674 1211828 1212126 1212187 1212187 1212222 1212260 1213004 1213008 1213189 1213231 1213282 1213487 1213504 1213514 1213517 1213557 1213582 1213582 1213673 1213853 1214025 1214052 1214054 1214071 1214248 1214290 1214768 CVE-2007-4559 CVE-2018-1000518 CVE-2020-25659 CVE-2020-36242 CVE-2021-22569 CVE-2021-22570 CVE-2022-1941 CVE-2022-3171 CVE-2022-41409 CVE-2022-4304 CVE-2023-22652 CVE-2023-2603 CVE-2023-30078 CVE-2023-30079 CVE-2023-31484 CVE-2023-32181 CVE-2023-32681 CVE-2023-3446 CVE-2023-34969 CVE-2023-36054 CVE-2023-3817 CVE-2023-38408 CVE-2023-39615 CVE-2023-4016 CVE-2023-4039 CVE-2023-4156 ----------------------------------------------------------------- The container ses/7.1/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2497-1 Released: Tue Jun 13 15:37:25 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1211661,1212187 This update for libzypp fixes the following issues: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2517-1 Released: Thu Jun 15 07:09:52 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1203750,1211158,CVE-2007-4559 This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2742-1 Released: Fri Jun 30 11:40:56 2023 Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Type: recommended Severity: moderate References: 1202234,1209565,1211261,1212187,1212222 This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2783-1 Released: Tue Jul 4 22:08:19 2023 Summary: Security update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets Type: security Severity: important References: 1099269,1133277,1144068,1162343,1177127,1178168,1182066,1184753,1194530,1197726,1198331,1199282,1203681,1204256,CVE-2018-1000518,CVE-2020-25659,CVE-2020-36242,CVE-2021-22569,CVE-2021-22570,CVE-2022-1941,CVE-2022-3171 This update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets fixes the following issues: grpc: - Update in SLE-15 (bsc#1197726, bsc#1144068) protobuf: - Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941, bsc#1203681 - Fix a potential DoS issue when parsing with binary data in protobuf-java, CVE-2022-3171, bsc#1204256 - Fix potential Denial of Service in protobuf-java in the parsing procedure for binary data, CVE-2021-22569, bsc#1194530 - Add missing dependency of python subpackages on python-six (bsc#1177127) - Updated to version 3.9.2 (bsc#1162343) * Remove OSReadLittle* due to alignment requirements. * Don't use unions and instead use memcpy for the type swaps. - Disable LTO (bsc#1133277) python-aiocontextvars: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-avro: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-cryptography: - update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331) * SECURITY ISSUE: Fixed a bug where certain sequences of update() calls when symmetrically encrypting very large payloads (>2GB) could result in an integer overflow, leading to buffer overflows. CVE-2020-36242 python-cryptography-vectors: - update to 3.2 (bsc#1178168, CVE-2020-25659): * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability. * Support for OpenSSL 1.0.2 has been removed. * Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder. - update to 3.3.2 (bsc#1198331) python-Deprecated: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - update to 1.2.13: python-google-api-core: - Update to 1.14.2 python-googleapis-common-protos: - Update to 1.6.0 python-grpcio-gcp: - Initial spec for v0.2.2 python-humanfriendly: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to 10.0 python-jsondiff: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to version 1.3.0 python-knack: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to version 0.9.0 python-opencensus: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Disable Python2 build - Update to 0.8.0 python-opencensus-context: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-opencensus-ext-threading: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Initial build version 0.1.2 python-opentelemetry-api: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Version update to 1.5.0 python-psutil: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - update to 5.9.1 - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS. (bsc#1184753) - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-PyGithub: - Update to 1.43.5: python-pytest-asyncio: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Initial release of python-pytest-asyncio 0.8.0 python-requests: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-websocket-client: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to version 1.3.2 python-websockets: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - update to 9.1: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2866-1 Released: Tue Jul 18 11:09:03 2023 Summary: Security update for python-requests Type: security Severity: moderate References: 1211674,CVE-2023-32681 This update for python-requests fixes the following issues: - CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2879-1 Released: Wed Jul 19 09:45:34 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2945-1 Released: Mon Jul 24 09:37:30 2023 Summary: Security update for openssh Type: security Severity: important References: 1186673,1209536,1213004,1213008,1213504,CVE-2023-38408 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2956-1 Released: Tue Jul 25 08:33:38 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211419,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2994-1 Released: Thu Jul 27 06:45:29 2023 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1157881,1200710,1209859 This update for nfs-utils fixes the following issues: - SLE15-SP5 and earlier don't use /usr/lib/modprobe.d (bsc#1200710) - Avoid unhelpful warnings (bsc#1157881) - Fix rpc.nfsd man pages (bsc#1209859) - Allow scope to be set in sysconfig: NFSD_SCOPE ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3179-1 Released: Thu Aug 3 13:59:38 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,1213487,CVE-2022-4304,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). - Update further expiring certificates that affect tests [bsc#1201627] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3210-1 Released: Mon Aug 7 15:20:04 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3218-1 Released: Mon Aug 7 16:52:13 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3284-1 Released: Fri Aug 11 10:29:50 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3288-1 Released: Fri Aug 11 12:30:14 2023 Summary: Recommended update for python-apipkg Type: recommended Severity: moderate References: 1213582 This update for python-apipkg provides python3-apipkg to SUSE Linux Enterprise Micro 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3291-1 Released: Fri Aug 11 12:51:21 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3330-1 Released: Wed Aug 16 08:59:33 2023 Summary: Recommended update for python-pyasn1 Type: recommended Severity: important References: 1207805 This update for python-pyasn1 fixes the following issues: - To avoid users of this package having to recompile bytecode files, change the mtime of any __init__.py. (bsc#1207805) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3365-1 Released: Fri Aug 18 20:35:01 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3388-1 Released: Wed Aug 23 17:14:22 2023 Summary: Recommended update for binutils Type: recommended Severity: important References: 1213282 This update for binutils fixes the following issues: - Add `binutils-disable-dt-relr.sh` to address compatibility problems with the glibc version included in future SUSE Linux Enterprise releases (bsc#1213282, jsc#PED-1435) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3466-1 Released: Tue Aug 29 07:33:16 2023 Summary: Recommended update for icu Type: recommended Severity: moderate References: 1103893,1112183 This update for icu fixes the following issues: - Japanese era Reiwa (bsc#1112183, bsc#1103893, fate570, fate#325570, fate#325419) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3470-1 Released: Tue Aug 29 10:49:33 2023 Summary: Recommended update for parted Type: recommended Severity: low References: 1182142,1193412 This update for parted fixes the following issues: - fix null pointer dereference (bsc#1193412) - update mkpart options in manpage (bsc#1182142) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3487-1 Released: Tue Aug 29 14:28:35 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3515-1 Released: Fri Sep 1 15:54:25 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3521-1 Released: Tue Sep 5 08:56:45 2023 Summary: Recommended update for python-iniconfig Type: recommended Severity: moderate References: 1213582 This update for python-iniconfig provides python3-iniconfig to SUSE Linux Enterprise Micro 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3639-1 Released: Mon Sep 18 13:33:16 2023 Summary: Security update for libeconf Type: security Severity: moderate References: 1198165,1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following non-security bug was fixed: - Fixed parsing files correctly which have space characters AND none space characters as delimiters (bsc#1198165). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3698-1 Released: Wed Sep 20 11:01:15 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3720-1 Released: Thu Sep 21 09:01:11 2023 Summary: Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook Type: recommended Severity: moderate References: 1204072,1209279 This update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook fixes the following issues: - Update to v4.1.0 * Updated Kubernetes dependencies to 1.26.0 (#395, @sunnylovestiramisu) - Update version to 3.4.0 Feature * Add support for cross-namespace data sources alpha feature (#805, [@ttakahashi21] * Register metrics exposed by sig-storage-lib (#792, @RaunakShah) * Update the annotation that needs to be applies to VolumeSnapshotContents from snapshot.storage.kubernetes.io/allowVolumeModeChange to snapshot.storage.kubernetes.io/allow-volume-mode-change (#791, @RaunakShah) Bug or Regression * Fix string pointer comparison for source volume mode conversion (#793, @RaunakShah) * Fix nil pointer crash for PV without ClaimRef (#796, @zezaeoh) Uncategorized * Update go to 1.19 and dependencies for k8s v1.26.0 (#834, @sunnylovestiramisu) - Update to version 1.7.0 * Fix panic in recovery path if marking pvc as resize in progress fails (#246, @gnufied) - Update to version 6.2.1 Feature * Add --retry-crd-interval-max flag to the snapshot-controller in order to allow customization of CRD detection on startup. (#777, @mattcary) Uncategorized * Change webhook example to be compatible with TLS-type secrets. (#793, @haslersn) * Fixes an issue introduced by PR 793 by respecting the format of TLS-type secrets in the script. (#796, @haslersn) * Update go to v1.19 and kubernetes dependencies to 1.26.0. (#797, @sunnylovestiramisu) - Update to version 2.7.0 * Revert of #214, node-driver-registrar will create the path specified by --kubelet-registration-path (#247, @mauriciopoppe) - Regular upgrade bsc#1204072 - Update to 1.11.9 Rook v1.11.9 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator. * multus: Fix 'deletecollection' permission not present (#12437, @sudharsanomprakash) * dashboard: Remove deprecated kubernetes.io/ingress.class annotation (#12418, @Jeansen) * external: Make import script idempotent (#12417, @parth-gr) * exporter: Ignore failed deletion of service monitor (#12430, @travisn) * multus: Add config file for validation tool (#12396, @BlaineEXE) * object: Clarify success message when reconciling CephObjectStoreUser (#12406, @polyedre) * docs: Update storage architecture diagram (#12252, @galexrt) * operator: Add ceph image version label to PVC (#12372, @YZ775) * object : Add SSL ref in cephobjectstore user secret (#12341, @thotz) - Update to 1.11.8 Rook v1.11.8 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator. * helm: add EC Block Pool config in helm chart (#12324, @Javlopez) * pool: Add .mgr pool to the stretch cluster examples (#12360, @travisn) * nfs: Add Spec.Security.Kerberos.DomainName to the CRD to configure /etc/idmapd.conf (#12220, @spuiuk) * mgr: Removing unnecessary rook-ceph-mgr rbac entries (#12337, @rkachach) * core: typo in logs to print fullname of CephCluster (#12217, @takirala) * core: empty ceph-daemons-sock-dir for osd onPVC (#12299, @avanthakkar) * docs: prevent to delete other clusters data on cluster deletion (#12334, @satoru-takeuchi) * docs: improve external doc format (#12383, @parth-gr) * docs: Suggest qemu driver for minikube on apple silicon (#11722, @BlaineEXE) - Update to 1.11.7 Rook v1.11.7 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator. * core: Delete exporter resources if ceph version is not supported (#12271, @avanthakkar) * external: FQDN should be persisted instead of using the ip endpoint (#12264, @parth-gr) * object: Implement more capabilities for object store users (#12256, @thotz) * test: Add CI e2e test for multus validation test (#12282, @BlaineEXE) * core: Use default-* logging flags for ceph daemons so they can be overridden (#12302, @Javlopez) * helm: Add exporter resource entry to ceph cluster documentation (#12251, @galexrt) * mgr: Allow other namespaces in the ServiceMonitor resource (#12293, @kerryeon) * object: Add missing cephcluster spec addition in object controller (#12273, @thotz) * monitoring: Service monitor should not use mgr_role label (#12268, @travisn) * test: Allow specifying custom nginx image for multus validation (#12231, @iPraveenParihar) * operator: Pull multus validation test images before test (#12211, @BlaineEXE) * rbdmirror: Ensure rbd mirror daemon is upgraded (#12247, @travisn) - Update to 1.11.6 Rook v1.11.6 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator. * osd: Support expanding lvm osd on pvc (#12164, @satoru-takeuchi) * monitoring: Skip creating the service monitor for the exporter if monitoring is not enabled (#12216, @travisn) * docs: Generate documentation for CRDs (#12110 #12179, @Javlopez) * core: Add termination grace period for exporter pods (#12215, @avanthakkar) * csi: servicemonitor for rook-ceph csi drivers (#12170, @jouve) * monitoring: Configurable option to disable prometheus metrics (#12193, @travisn) * mgr: Default to active mgr label if only one mgr is running (#12137, @travisn) * osd: Allow scanning devices with filter (#11976, @Javlopez) * core: Disable controller runtime metrics server (#12194, @Madhu-1) * mgr: Use mgr_role dynamic label to tag the active ceph manager (#11845, @rkachach) * operator: use KUBECONFIG context for cli if present (#12192, @BlaineEXE) * external: fix rgw multisite config check (#12182 #12238, @parth-gr) * operator: validate multus validation networks in cli (#12187, @BlaineEXE) * operator: Fix package logger name for rookcli (#12186, @BlaineEXE) * ceph: Unset the encryption configuration before updating the setting (#12181, @Madhu-1) - Update to 1.11.5 Rook v1.11.5 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator. * mgr: Retry creating ceph dashboard credentials (#12149, @parth-gr) * nfs: Reduce size CephNFS CRD from unnecessary file volume sources (#12155, @BlaineEXE) * core: Update k8s API references to more recent version (#12161, @subhamkrai) * test: Add multus validation test routine to rook binary (#12069, @BlaineEXE) * external: check that the pool and cluster name is provided (#12132, @parth-gr) * core: Skip OBC controllers if not needed based (#12075, @sp98) * Add an ingress for Ceph object stores (#12109, @jouve) * core: Disable the exporter service (#12118, @avanthakkar) * nfs: Fixes for mounting CephNFS using Kerberos auth (#12086, @spuiuk) - Update to 1.11.4 Rook v1.11.4 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator. * core: Update default image to Ceph v17.2.6 (#12068, @travisn) * core: Disable the Ceph exporter daemon (#12077, @avanthakkar) * helm: Add option to scale down rook operator (#12048, @TomHellier) * helm: Drop snapshot.storage.k8s.io/v1beta1 (#12051, @sathieu) * external: Add support for RGW multisite in external cluster script (#12037, @parth-gr) * external: Do not require the monitoring endpoint (#12061, @neoaggelos) * external: Allow creating pools with special characters in name (#12056, @parth-gr) * external: Do not enforce rbd, cephfs and rgw flags for the external cluster (#12028, @parth-gr) * core: Use cluster ID for ns lookup on exported multi-cluster service (#12064, @sp98) * docs: Add scenario for deleted namespace to the disaster recovery guide (#11895, @gaord) * mgr: Failed to update the port of dashboard (#11932, @zhucan) - Update to 1.11.3 Rook v1.11.3 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator. * csi: Make AttachRequired as configurable for RWX volumes (#11899, @Madhu-1) * nfs: Add support for nfs-ganesha metrics monitoring (#12007, @synarete) * mgr: Add option to disable the prometheus mgr module (#11980, @thenamehasbeentake) * object: Check OBC provisioner for bucket notification (#11975, @thotz) * external: Make rgw call separate from cephfs and rbd in export script (#11947, @parth-gr) * core: Update vault pkg to 1.13.1 (#12013, @subhamkrai) * core: Fix config format for msgr2 ipv6 monitors (#11993, @heliochronix) * osd: Handle global or node-local device class configuration correctly (#11966, @satoru-takeuchi) * csi: IPv6 compatibility for requiring msgr2 (#11992, @travisn) * mon: Remove condition to use 6790 mon port (#11963, @sp98) - Update to 1.11.2 Rook v1.11.2 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator. * osd: Implemented encryption key rotation (#11749, @Rakshith-R) * core: Remove unnecessary ceph-conf-dir volume mount from exporter (#11950, @avanthakkar) * core: Set key rotation default in code instead of in CRDs (#11951, @travisn) * external: Use f-strings for formatting (#11944, @Sheetalpamecha) * core: Use msgr2 if compression is enabled (#11928, @uhthomas) * ci: Skip building csv on arm64 (#11906, @subhamkrai) * osd: Validate and remove duplicate topology labels (#11823, @parth-gr) * rgw: RGW dashboard can be disabled in the object CR (#11908, @thenamehasbeentake) * external: Pool and metadata EC pools were reversed in scripts (#11919, @dragon2611) * rgw: Skip objectstore name length validation when cluster is external (#11911, @parth-gr) * nfs: Network mode can be set separately for cephcluster and nfs (#11777, @taxilian) * csi: Update port to 3300 if msgr2 is required (#11859, @travisn) * core: Add FSID to the additionalPrinterColumns on cephcluster CRD (#11864, @thenamehasbeentake) * core: Add missing labels in exporter deployment (#11866, @avanthakkar) - Update to 1.11.1 Rook v1.11.1 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator. * ceph: Fix host networking by only adding OSD ports when required for multi-cluster config (#11797, @sp98) * core: Ceph exporter requires ceph config where OSDs are not running (#11848, @avanthakkar) * monitoring: Remove prometheus alerts that don't apply to rook (#11842, @travisn) * mgr: Revert readiness probe and go back to the original sidecar HA implementation (#11829, @rkachach) * manifest: Align whitespace in example cluster.yaml (#11804, @gauravsitlani) * external: Add realm support for external cluster (#11584, @parth-gr) * object: Make OBC genUserID unique across clusters (#11665, @BlaineEXE) * file: Check if a filesystem exists before checking dependencies during deletion (#11221, @zhucan) * core: On crash pod ensure rook version label is not set (#11760, @gaord) - Update to 1.11.0 Breaking Changes * The minimum version of K8s version supported is v1.21. * The minimum version of the Ceph-CSI driver is v3.7. * Removed support for MachineDisruptionBudgets, including settings removed from the CephCluster CR: * manageMachineDisruptionBudgets * machineDisruptionBudgetNamespace * Versions of golang supported during development are v1.19 and v1.20. Features * Ceph-CSI v3.8 is now the version deployed by default with Rook. The driver has a number of important updates to add more storage features available to clients. * Added setting requireMsgr2 on the CephCluster CR to allow clusters with a kernel of 5.11 or newer to fully communicate with msgr2 and disable the msgr1 port. This allows for more flexibility to enable msgr2 features such as encryption and compression on the wire. * Change pspEnable default value to false in helm charts, and remove documentation for enabling PSP. If still using a version of K8s where PSPs are required, see the v1.10 documentation. * Object store bucket notifications and topics are now marked as stable features. * The Ceph exporter daemon is configured as the source of metrics based on performance counters from Ceph daemons. The exporter daemon provides more scalability of metrics collection to reduce load on the Ceph mgr. * Read affinity for RBD volumes is now available, leveraging the krbd map options to allow serving reads from an OSD in proximity to the client, according to OSD locations defined in the CRUSH map and topology labels on nodes. * Mirroring data across clusters with overlapping networks is now supported. Mon and OSD services will be configured with global IPs across multiple clusters with overlapping CIDRs. The clusters must be configured using an MCS API-compatible applications such as submariner globalnet. This feature is supported for Ceph version v17.2.6 or later. * The Ceph Mgr standby now is managed with a readiness probe instead of a sidecar. Note that the standby mgr is expected to fail the readiness probe, while the active mgr passes the readiness probe. The following package changes have been done: - binutils-2.39-150100.7.43.2 updated - ca-certificates-mozilla-2.62-150200.30.1 updated - ceph-csi-3.8.0.1+git0.5d5c932-150300.3.15.1 updated - cryptsetup-2.3.7-150300.3.8.1 updated - dbus-1-1.12.2-150100.8.17.1 updated - device-mapper-2.03.05_1.02.163-150200.8.52.1 updated - gawk-4.2.1-150000.3.3.1 updated - glibc-locale-base-2.31-150300.52.2 updated - glibc-2.31-150300.52.2 updated - krb5-1.19.2-150300.13.1 updated - libassuan0-2.5.5-150000.4.5.2 updated - libcap2-2.26-150000.4.9.1 updated - libcryptsetup12-hmac-2.3.7-150300.3.8.1 updated - libcryptsetup12-2.3.7-150300.3.8.1 updated - libctf-nobfd0-2.39-150100.7.43.2 updated - libctf0-2.39-150100.7.43.2 updated - libdbus-1-3-1.12.2-150100.8.17.1 updated - libdevmapper-event1_03-2.03.05_1.02.163-150200.8.52.1 updated - libdevmapper1_03-2.03.05_1.02.163-150200.8.52.1 updated - libeconf0-0.5.2-150300.3.11.1 updated - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libicu-suse65_1-65.1-150200.4.8.1 updated - libicu65_1-ledata-65.1-150200.4.8.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libldap-data-2.4.46-150200.14.17.1 updated - liblvm2cmd2_03-2.03.05-150200.8.52.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.75.1 updated - libopenssl1_1-1.1.1d-150200.11.75.1 updated - libparted0-3.2-150300.21.3.1 updated - libpcre2-8-0-10.31-150000.3.15.1 updated - libprocps7-3.3.15-150000.7.34.1 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 updated - libpython3_6m1_0-3.6.15-150300.10.48.1 updated - libsolv-tools-0.7.24-150200.20.2 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.9.7-150000.3.60.1 updated - libzypp-17.31.20-150200.75.1 updated - login_defs-4.8.1-150300.4.9.1 updated - lvm2-2.03.05-150200.8.52.1 updated - nfs-client-2.1.1-150100.10.37.1 updated - nfs-kernel-server-2.1.1-150100.10.37.1 updated - openssh-clients-8.4p1-150300.3.22.1 updated - openssh-common-8.4p1-150300.3.22.1 updated - openssh-fips-8.4p1-150300.3.22.1 updated - openssh-server-8.4p1-150300.3.22.1 updated - openssh-8.4p1-150300.3.22.1 updated - openssl-1_1-1.1.1d-150200.11.75.1 updated - parted-3.2-150300.21.3.1 updated - perl-base-5.26.1-150300.17.14.1 updated - procps-3.3.15-150000.7.34.1 updated - python3-apipkg-1.4-150000.3.6.1 updated - python3-base-3.6.15-150300.10.48.1 updated - python3-curses-3.6.15-150300.10.48.1 updated - python3-iniconfig-1.1.1-150000.1.11.1 updated - python3-pyasn1-0.4.2-150000.3.5.1 updated - python3-requests-2.24.0-150300.3.3.1 updated - python3-websocket-client-1.3.2-150100.6.7.3 updated - python3-3.6.15-150300.10.48.1 updated - shadow-4.8.1-150300.4.9.1 updated - zypper-1.14.63-150200.59.1 updated - container:ceph-image-1.0.0-4.7.86 updated From sle-updates at lists.suse.com Thu Sep 21 07:32:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Sep 2023 09:32:02 +0200 (CEST) Subject: SUSE-CU-2023:3071-1: Security update of ses/7.1/ceph/grafana Message-ID: <20230921073202.E7FA7FD98@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/grafana ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3071-1 Container Tags : ses/7.1/ceph/grafana:9.5.5 , ses/7.1/ceph/grafana:9.5.5.3.4.156 , ses/7.1/ceph/grafana:latest , ses/7.1/ceph/grafana:sle15.3.pacific Container Release : 3.4.156 Severity : critical Type : security References : 1089497 1158763 1192154 1192696 1198165 1200480 1201535 1201539 1201627 1202234 1203185 1203596 1203597 1204501 1206627 1207534 1208721 1209229 1209565 1209645 1210740 1210907 1210999 1211078 1211261 1211419 1211661 1211828 1212099 1212100 1212187 1212187 1212222 1212260 1212641 1213189 1213231 1213487 1213517 1213557 1213673 1213853 1214052 1214054 1214290 1214768 CVE-2020-7753 CVE-2021-3807 CVE-2021-3918 CVE-2021-43138 CVE-2022-0155 CVE-2022-27664 CVE-2022-31097 CVE-2022-31107 CVE-2022-32149 CVE-2022-35957 CVE-2022-36062 CVE-2022-4304 CVE-2023-1387 CVE-2023-1410 CVE-2023-2183 CVE-2023-22652 CVE-2023-2603 CVE-2023-2801 CVE-2023-30078 CVE-2023-30079 CVE-2023-3128 CVE-2023-31484 CVE-2023-32181 CVE-2023-3446 CVE-2023-36054 CVE-2023-3817 CVE-2023-39615 CVE-2023-4016 CVE-2023-4039 ----------------------------------------------------------------- The container ses/7.1/ceph/grafana was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2497-1 Released: Tue Jun 13 15:37:25 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1211661,1212187 This update for libzypp fixes the following issues: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2575-1 Released: Wed Jun 21 13:41:49 2023 Summary: Security update for SUSE Manager Client Tools Type: security Severity: important References: 1192154,1192696,1200480,1201535,1201539,1203185,1203596,1203597,1204501,1209645,1210907,CVE-2020-7753,CVE-2021-3807,CVE-2021-3918,CVE-2021-43138,CVE-2022-0155,CVE-2022-27664,CVE-2022-31097,CVE-2022-31107,CVE-2022-32149,CVE-2022-35957,CVE-2022-36062,CVE-2023-1387,CVE-2023-1410 This update fixes the following issues: grafana: - Version update from 8.5.22 to 9.5.1 (jsc#PED-3694): * Security fixes: - CVE-2023-1410: grafana: Stored XSS in Graphite FunctionDescription tooltip (bsc#1209645) - CVE-2023-1387: grafana: JWT URL-login flow leaks token to data sources through request parameter in proxy requests (bnc#1210907) - CVE-2022-36062: grafana: Fix RBAC folders/dashboards privilege escalation (bsc#1203596) - CVE-2022-35957: grafana: Escalation from admin to server admin when auth proxy is used (bsc#1203597) - CVE-2022-32149: Upgrade x/text to version unaffected by CVE-2022-32149 (bsc#1204501) - CVE-2022-31107: grafana: OAuth account takeover (bsc#1201539) - CVE-2022-31097: grafana: stored XSS vulnerability (bsc#1201535) - CVE-2022-27664: go1.18,go1.19: net/http: handle server errors after sending GOAWAY (bsc#1203185) - CVE-2022-0155: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor - CVE-2021-43138: spacewalk-web: a malicious user can obtain privileges via the mapValues() method(bsc#1200480) - CVE-2021-3918: json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (bsc#1192696) - CVE-2021-3807: node-ansi-regex: Inefficient Regular Expression Complexity in chalk/ansi-regex (bsc#1192154) - CVE-2020-7753: nodejs-trim: Regular Expression Denial of Service (ReDoS) in trim function * Important changes: - Default named retention policies won't be used to query. Users who have a default named retention policy in their influxdb database, have to rename it to something else. To change the hardcoded retention policy in the dashboard.json, users must then select the right retention policy from dropdown and save the panel/dashboard. - Grafana Alerting rules with NoDataState configuration set to Alerting will now respect 'For' duration. - Users who use LDAP role sync to only sync Viewer, Editor and Admin roles, but grant Grafana Server Admin role manually will not be able to do that anymore. After this change, LDAP role sync will override any manual changes to Grafana Server Admin role assignments. If grafana_admin is left unset in LDAP role mapping configuration, it will default to false. - The InfluxDB backend migration feature toggle (influxdbBackendMigration) has been reintroduced in this version as issues were discovered with backend processing of InfluxDB data. Unless this feature toggle is enabled, all InfluxDB data will be parsed in the frontend. This frontend processing is the default behavior. In Grafana 9.4.4, InfluxDB data parsing started to be handled in the backend. If you have upgraded to 9.4.4 and then added new transformations on InfluxDB data, those panels will fail to render. To resolve this either: Remove the affected panel and re-create it or edit the `time` field as `Time` in `panel.json` or `dashboard.json` - The `@grafana/ui` package helper function `selectOptionInTest` used in frontend tests has been removed as it caused testing libraries to be bundled in the production code of Grafana. If you were using this helper function in your tests please update your code accordingly. - Removed deprecated `checkHealth` prop from the `@grafana/e2e` `addDataSource` configuration. Previously this value defaulted to `false`, and has not been used in end-to-end tests since Grafana 8.0.3. - Removed the deprecated `LegacyBaseMap`, `LegacyValueMapping`, `LegacyValueMap`, and `LegacyRangeMap` types, and `getMappedValue` function from grafana-data. See the documentation for the migration. This change fixes a bug in Grafana where intermittent failure of database, network between Grafana and the database, or error in querying the database would cause all alert rules to be unscheduled in Grafana. Following this change scheduled alert rules are not updated unless the query is successful. - The `get_alert_rules_duration_seconds` metric has been renamed to `schedule_query_alert_rules_duration_seconds` - Any secret (data sources credential, alert manager credential, etc, etc) created or modified with Grafana v9.0 won't be decryptable from any previous version (by default) because the way encrypted secrets are stored into the database has changed. Although secrets created or modified with previous versions will still be decryptable by Grafana v9.0. - If required, although generally discouraged, the `disableEnvelopeEncryption` feature toggle can be enabled to keep envelope encryption disabled once updating to Grafana - In case of need to rollback to an earlier version of Grafana (i.e. Grafana v8.x) for any reason, after being created or modified any secret with Grafana v9.0, the `envelopeEncryption` feature toggle will need to be enabled to keep backwards compatibility (only from `v8.3.x` a bit unstable, from `8.5.x` stable). - As a final attempt to deal with issues related with the aforementioned situations, the `grafana-cli admin secrets-migration rollback` command has been designed to move back all the Grafana secrets encrypted with envelope encryption to legacy encryption. So, after running that command it should be safe to disable envelope encryption and/or roll back to a previous version of Grafana. Alternatively or complementarily to all the points above, backing up the Grafana database before updating could be a good idea to prevent disasters (although the risk of getting some secrets corrupted only applies to those updates/created with after updating to Grafana v9.0). - In Elasticsearch, browser access mode was deprecated in grafana 7.4.0 and removed in 9.0.0. If you used this mode please switch to server access mode on the datasource configuration page. - Environment variables passed from Grafana to external Azure plugins have been renamed: `AZURE_CLOUD` renamed to `GFAZPL_AZURE_CLOUD`, `AZURE_MANAGED_IDENTITY_ENABLED` renamed to `GFAZPL_MANAGED_IDENTITY_ENABLED`, `AZURE_MANAGED_IDENTITY_CLIENT_ID` renamed to `GFAZPL_MANAGED_IDENTITY_CLIENT_ID`. There are no known plugins which were relying on these variables. Moving forward plugins should read Azure settings only via Grafana Azure SDK which properly handles old and new environment variables. - Removes support for for ElasticSearch versions after their end-of-life, currently versions < 7.10.0. To continue to use ElasticSearch data source, upgrade ElasticSearch to version 7.10.0+. - Application Insights and Insight Analytics queries in Azure Monitor were deprecated in Grafana 8.0 and finally removed in 9.0. Deprecated queries will no longer be executed. - grafana/ui: Button now specifies a default type='button'. The `Button` component provided by @grafana/ui now specifies a default `type='button'` when no type is provided. In previous versions, if the attribute was not specified for buttons associated with a `
` the default value was `submit` per the specification. You can preserve the old behavior by explicitly setting the type attribute: `