openSUSE Security Announce
Threads by month
- ----- 2024 -----
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
January 2022
- 2 participants
- 52 discussions
openSUSE-SU-2022:0226-1: important: Security update for log4j12
by opensuse-security@opensuse.org 28 Jan '22
by opensuse-security@opensuse.org 28 Jan '22
28 Jan '22
openSUSE Security Update: Security update for log4j12
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0226-1
Rating: important
References: #1193184 #1194842 #1194843 #1194844
Cross-References: CVE-2022-23302 CVE-2022-23305 CVE-2022-23307
CVSS scores:
CVE-2022-23302 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23302 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23305 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23305 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23307 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.4
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves three vulnerabilities and has one
errata is now available.
Description:
This update for log4j12 fixes the following issues:
- CVE-2022-23307: Fix deserialization issue by removing the chainsaw
sub-package. (bsc#1194844)
- CVE-2022-23305: Fix SQL injection by removing
src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. (bsc#1194843)
- CVE-2022-23302: Fix remote code execution by removing
src/main/java/org/apache/log4j/net/JMSSink.java. (bsc#1194842)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-226=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-226=1
Package List:
- openSUSE Leap 15.4 (noarch):
log4j12-1.2.17-4.9.1
log4j12-javadoc-1.2.17-4.9.1
log4j12-manual-1.2.17-4.9.1
- openSUSE Leap 15.3 (noarch):
log4j12-1.2.17-4.9.1
log4j12-javadoc-1.2.17-4.9.1
log4j12-manual-1.2.17-4.9.1
References:
https://www.suse.com/security/cve/CVE-2022-23302.html
https://www.suse.com/security/cve/CVE-2022-23305.html
https://www.suse.com/security/cve/CVE-2022-23307.html
https://bugzilla.suse.com/1193184
https://bugzilla.suse.com/1194842
https://bugzilla.suse.com/1194843
https://bugzilla.suse.com/1194844
1
0
openSUSE-SU-2022:0214-1: important: Security update for log4j
by opensuse-security@opensuse.org 27 Jan '22
by opensuse-security@opensuse.org 27 Jan '22
27 Jan '22
openSUSE Security Update: Security update for log4j
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0214-1
Rating: important
References: #1194842 #1194843 #1194844
Cross-References: CVE-2022-23302 CVE-2022-23305 CVE-2022-23307
CVSS scores:
CVE-2022-23302 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23302 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23305 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23305 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23307 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.4
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for log4j fixes the following issues:
- CVE-2022-23307: Fixed deserialization flaw in the chainsaw component of
log4j leading to malicious code execution. (bsc#1194844)
- CVE-2022-23305: Fixed SQL injection when application is configured to
use JDBCAppender. (bsc#1194843)
- CVE-2022-23302: Fixed remote code execution when application is
configured to use JMSSink. (bsc#1194842)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-214=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-214=1
Package List:
- openSUSE Leap 15.4 (noarch):
log4j-manual-1.2.17-5.9.1
- openSUSE Leap 15.3 (noarch):
log4j-manual-1.2.17-5.9.1
References:
https://www.suse.com/security/cve/CVE-2022-23302.html
https://www.suse.com/security/cve/CVE-2022-23305.html
https://www.suse.com/security/cve/CVE-2022-23307.html
https://bugzilla.suse.com/1194842
https://bugzilla.suse.com/1194843
https://bugzilla.suse.com/1194844
1
0
27 Jan '22
openSUSE Security Update: Security update for qemu
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0210-1
Rating: low
References: #1172033 #1181361
Cross-References: CVE-2020-13253 CVE-2021-20196
CVSS scores:
CVE-2020-13253 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-13253 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2021-20196 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2021-20196 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for qemu fixes the following issues:
- CVE-2020-13253: Fixed an OOB access that could crash the guest resulting
in DoS (bsc#1172033)
- CVE-2021-20196: Fixed null pointer dereference that may lead to guest
crash (bsc#1181361).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-210=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
qemu-s390-4.2.1-11.34.2
qemu-s390-debuginfo-4.2.1-11.34.2
References:
https://www.suse.com/security/cve/CVE-2020-13253.html
https://www.suse.com/security/cve/CVE-2021-20196.html
https://bugzilla.suse.com/1172033
https://bugzilla.suse.com/1181361
1
0
openSUSE-SU-2022:0199-1: important: Security update for MozillaThunderbird
by opensuse-security@opensuse.org 26 Jan '22
by opensuse-security@opensuse.org 26 Jan '22
26 Jan '22
openSUSE Security Update: Security update for MozillaThunderbird
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0199-1
Rating: important
References: #1194547
Cross-References: CVE-2021-4140 CVE-2022-22737 CVE-2022-22738
CVE-2022-22739 CVE-2022-22740 CVE-2022-22741
CVE-2022-22742 CVE-2022-22743 CVE-2022-22744
CVE-2022-22745 CVE-2022-22746 CVE-2022-22747
CVE-2022-22748 CVE-2022-22751
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes 14 vulnerabilities is now available.
Description:
This update for MozillaThunderbird fixes the following issues:
- CVE-2021-4140: Fixed Iframe sandbox bypass with XSLT (bsc#1194547).
- CVE-2022-22737: Fixed race condition when playing audio files
(bsc#1194547).
- CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur
(bsc#1194547).
- CVE-2022-22739: Fixed missing throttling on external protocol launch
dialog (bsc#1194547).
- CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner
(bsc#1194547).
- CVE-2022-22741: Fixed browser window spoof using fullscreen mode
(bsc#1194547).
- CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in
edit mode (bsc#1194547).
- CVE-2022-22743: Fixed browser window spoof using fullscreen mode
(bsc#1194547).
- CVE-2022-22744: Fixed possible command injection via the 'Copy as curl'
feature in DevTools (bsc#1194547).
- CVE-2022-22745: Fixed leaking cross-origin URLs through
securitypolicyviolation event (bsc#1194547).
- CVE-2022-22746: Fixed calling into reportValidity could have lead to
fullscreen window spoof (bsc#1194547).
- CVE-2022-22747: Fixed crash when handling empty pkcs7
sequence(bsc#1194547).
- CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog
(bsc#1194547).
- CVE-2022-22751: Fixed memory safety bugs (bsc#1194547).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-199=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
MozillaThunderbird-91.5.0-8.51.1
MozillaThunderbird-debuginfo-91.5.0-8.51.1
MozillaThunderbird-debugsource-91.5.0-8.51.1
MozillaThunderbird-translations-common-91.5.0-8.51.1
MozillaThunderbird-translations-other-91.5.0-8.51.1
References:
https://www.suse.com/security/cve/CVE-2021-4140.html
https://www.suse.com/security/cve/CVE-2022-22737.html
https://www.suse.com/security/cve/CVE-2022-22738.html
https://www.suse.com/security/cve/CVE-2022-22739.html
https://www.suse.com/security/cve/CVE-2022-22740.html
https://www.suse.com/security/cve/CVE-2022-22741.html
https://www.suse.com/security/cve/CVE-2022-22742.html
https://www.suse.com/security/cve/CVE-2022-22743.html
https://www.suse.com/security/cve/CVE-2022-22744.html
https://www.suse.com/security/cve/CVE-2022-22745.html
https://www.suse.com/security/cve/CVE-2022-22746.html
https://www.suse.com/security/cve/CVE-2022-22747.html
https://www.suse.com/security/cve/CVE-2022-22748.html
https://www.suse.com/security/cve/CVE-2022-22751.html
https://bugzilla.suse.com/1194547
1
0
openSUSE-SU-2022:0198-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 26 Jan '22
by opensuse-security@opensuse.org 26 Jan '22
26 Jan '22
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0198-1
Rating: important
References: #1065729 #1071995 #1154353 #1154492 #1156395
#1167773 #1176447 #1176774 #1177437 #1190256
#1191271 #1191929 #1192931 #1193255 #1193328
#1193660 #1193669 #1193727 #1193901 #1193927
#1194001 #1194027 #1194087 #1194094 #1194266
#1194302 #1194493 #1194516 #1194517 #1194518
#1194529 #1194578 #1194580 #1194584 #1194586
#1194587 #1194589 #1194590 #1194591 #1194592
#1194888 #1194953 #1194985
Cross-References: CVE-2021-4083 CVE-2021-4135 CVE-2021-4149
CVE-2021-4197 CVE-2021-4202 CVE-2021-45485
CVE-2021-45486 CVE-2021-46283 CVE-2022-0185
CVE-2022-0322
CVSS scores:
CVE-2021-4083 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-4135 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-4149 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-4197 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
CVE-2021-4202 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-45485 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-45485 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2021-45486 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2021-46283 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-0185 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-0322 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap 15.4
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves 10 vulnerabilities and has 33 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2022-0185: Incorrect param length parsing in legacy_parse_param
which could have led to a local privilege escalation (bsc#1194517).
- CVE-2022-0322: Fixed a denial of service in SCTP sctp_addto_chunk
(bsc#1194985).
- CVE-2021-4197: Fixed a cgroup issue where lower privileged processes
could write to fds of lower privileged ones that could lead to privilege
escalation (bsc#1194302).
- CVE-2021-46283: nf_tables_newset in net/netfilter/nf_tables_api.c in the
Linux kernel allowed local users to cause a denial of service (NULL
pointer dereference and general protection fault) because of the missing
initialization for nft_set_elem_expr_alloc. A local user can set a
netfilter table expression in their own namespace (bnc#1194518).
- CVE-2021-4135: Fixed an information leak in the nsim_bpf_map_alloc
function (bsc#1193927).
- CVE-2021-4202: Fixed a race condition during NFC device remove which
could lead to a use-after-free memory corruption (bsc#1194529)
- CVE-2021-4083: A read-after-free memory flaw was found in the Linux
kernel's garbage collection for Unix domain socket file handlers in the
way users call close() and fget() simultaneously and can potentially
trigger a race condition. This flaw allowed a local user to crash the
system or escalate their privileges on the system. This flaw affects
Linux kernel versions prior to 5.16-rc4 (bnc#1193727).
- CVE-2021-4149: Fixed a locking condition in btrfs which could lead to
system deadlocks (bsc#1194001).
- CVE-2021-45485: In the IPv6 implementation in net/ipv6/output_core.c has
an information leak because of certain use of a hash table which,
although big, doesn't properly consider that IPv6-based attackers can
typically choose among many IPv6 source addresses (bnc#1194094).
- CVE-2021-45486: In the IPv4 implementation in net/ipv4/route.c has an
information leak because the hash table is very small (bnc#1194087).
The following non-security bugs were fixed:
- ACPI: APD: Check for NULL pointer after calling devm_ioremap()
(git-fixes).
- ACPI: Add stubs for wakeup handler functions (git-fixes).
- ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes
(git-fixes).
- ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls (git-fixes).
- ALSA: ctl: Fix copy of updated id with element read/write (git-fixes).
- ALSA: drivers: opl3: Fix incorrect use of vp->state (git-fixes).
- ALSA: hda/hdmi: Disable silent stream on GLK (git-fixes).
- ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform
(git-fixes).
- ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master
after reboot from Windows (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP OMEN 15 mute LED (git-fixes).
- ALSA: hda/realtek: Add quirk for ASRock NUC Box 1100 (git-fixes).
- ALSA: hda/realtek: Amp init fixup for HP ZBook 15 G6 (git-fixes).
- ALSA: hda/realtek: Fix quirk for Clevo NJ51CU (git-fixes).
- ALSA: hda/realtek: Fix quirk for TongFang PHxTxX1 (git-fixes).
- ALSA: hda/realtek: Fixes HP Spectre x360 15-eb1xxx speakers (git-fixes).
- ALSA: hda/realtek: Headset fixup for Clevo NH77HJQ (git-fixes).
- ALSA: hda: Add missing rwsem around snd_ctl_remove() calls (git-fixes).
- ALSA: hda: Make proper use of timecounter (git-fixes).
- ALSA: jack: Add missing rwsem around snd_ctl_remove() calls (git-fixes).
- ALSA: jack: Check the return value of kstrdup() (git-fixes).
- ALSA: oss: fix compile error when OSS_DEBUG is enabled (git-fixes).
- ALSA: pcm: oss: Fix negative period/buffer sizes (git-fixes).
- ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*()
(git-fixes).
- ALSA: pcm: oss: Limit the period size to 16MB (git-fixes).
- ALSA: usb-audio: Drop superfluous '0' in Presonus Studio 1810c's ID
(git-fixes).
- ALSA: usb-audio: Line6 HX-Stomp XL USB_ID for 48k-fixed quirk
(git-fixes).
- ASoC: codecs: wcd934x: handle channel mappping list correctly
(git-fixes).
- ASoC: codecs: wcd934x: return correct value from mixer put (git-fixes).
- ASoC: codecs: wcd934x: return error code correctly from hw_params
(git-fixes).
- ASoC: codecs: wsa881x: fix return values from kcontrol put (git-fixes).
- ASoC: cs42l42: Correct configuring of switch inversion from ts-inv
(git-fixes).
- ASoC: cs42l42: Disable regulators if probe fails (git-fixes).
- ASoC: cs42l42: Use device_property API instead of of_property
(git-fixes).
- ASoC: fsl_asrc: refine the check of available clock divider (git-fixes).
- ASoC: fsl_mqs: fix MODULE_ALIAS (git-fixes).
- ASoC: mediatek: Check for error clk pointer (git-fixes).
- ASoC: meson: aiu: Move AIU_I2S_MISC hold setting to aiu-fifo-i2s
(git-fixes).
- ASoC: meson: aiu: fifo: Add missing dma_coerce_mask_and_coherent()
(git-fixes).
- ASoC: qdsp6: q6routing: Fix return value from
msm_routing_put_audio_mixer (git-fixes).
- ASoC: rt5663: Handle device_property_read_u32_array error codes
(git-fixes).
- ASoC: samsung: idma: Check of ioremap return value (git-fixes).
- ASoC: soc-core: fix null-ptr-deref in snd_soc_del_component_unlocked()
(git-fixes).
- ASoC: sunxi: fix a sound binding broken reference (git-fixes).
- ASoC: tegra: Fix kcontrol put callback in ADMAIF (git-fixes).
- ASoC: tegra: Fix kcontrol put callback in AHUB (git-fixes).
- ASoC: tegra: Fix kcontrol put callback in DMIC (git-fixes).
- ASoC: tegra: Fix kcontrol put callback in DSPK (git-fixes).
- ASoC: tegra: Fix kcontrol put callback in I2S (git-fixes).
- ASoC: tegra: Fix wrong value type in ADMAIF (git-fixes).
- ASoC: tegra: Fix wrong value type in DMIC (git-fixes).
- ASoC: tegra: Fix wrong value type in DSPK (git-fixes).
- ASoC: tegra: Fix wrong value type in I2S (git-fixes).
- ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA
(git-fixes).
- Add cherry-picked IDs for qemu fw_cfg patches
- Bluetooth: L2CAP: Fix using wrong mode (git-fixes).
- Bluetooth: bfusb: fix division by zero in send path (git-fixes).
- Bluetooth: btmtksdio: fix resume failure (git-fixes).
- Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb()
(git-fixes).
- Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
(git-fixes).
- Bluetooth: hci_bcm: Check for error irq (git-fixes).
- Bluetooth: hci_qca: Stop IBS timer during BT OFF (git-fixes).
- Bluetooth: stop proccessing malicious adv data (git-fixes).
- Documentation: ACPI: Fix data node reference documentation (git-fixes).
- Documentation: dmaengine: Correctly describe dmatest with channel unset
(git-fixes).
- Documentation: refer to config RANDOMIZE_BASE for kernel address-space
randomization (git-fixes).
- HID: add USB_HID dependancy to hid-chicony (git-fixes).
- HID: add USB_HID dependancy to hid-prodikeys (git-fixes).
- HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option (git-fixes).
- HID: bigbenff: prevent null pointer dereference (git-fixes).
- HID: google: add eel USB id (git-fixes).
- HID: hid-uclogic-params: Invalid parameter check in
uclogic_params_frame_init_v1_buttonpad (git-fixes).
- HID: hid-uclogic-params: Invalid parameter check in
uclogic_params_get_str_desc (git-fixes).
- HID: hid-uclogic-params: Invalid parameter check in
uclogic_params_huion_init (git-fixes).
- HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init
(git-fixes).
- HID: quirks: Add quirk for the Microsoft Surface 3 type-cover
(git-fixes).
- Input: appletouch - initialize work before device registration
(git-fixes).
- Input: atmel_mxt_ts - fix double free in mxt_read_info_block (git-fixes).
- Input: elantech - fix stack out of bound access in
elantech_change_report_id() (git-fixes).
- Input: i8042 - add deferred probe support (bsc#1190256).
- Input: i8042 - enable deferred probe quirk for ASUS UM325UA
(bsc#1190256).
- Input: max8925_onkey - do not mark comment as kernel-doc (git-fixes).
- Input: spaceball - fix parsing of movement data packets (git-fixes).
- Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes).
- Input: ti_am335x_tsc - set ADCREFM for X configuration (git-fixes).
- Move upstreamed patches into sorted section
- NFC: st21nfca: Fix memory leak in device probe and remove (git-fixes).
- NFSD: Fix zero-length NFSv3 WRITEs (git-fixes).
- NFSv42: Do not fail clone() unless the OP_CLONE operation failed
(git-fixes).
- NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes).
- PCI/ACPI: Fix acpi_pci_osc_control_set() kernel-doc comment (git-fixes).
- PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (git-fixes).
- PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity() (git-fixes).
- PCI/MSI: Mask MSI-X vectors only on success (git-fixes).
- PCI: cadence: Add cdns_plat_pcie_probe() missing return (git-fixes).
- PCI: dwc: Do not remap invalid res (git-fixes).
- PCI: mvebu: Check for errors from pci_bridge_emul_init() call
(git-fixes).
- PCI: mvebu: Do not modify PCI IO type bits in conf_write (git-fixes).
- PCI: mvebu: Fix support for DEVCAP2, DEVCTL2 and LNKCTL2 registers on
emulated bridge (git-fixes).
- PCI: mvebu: Fix support for PCI_EXP_DEVCTL on emulated bridge
(git-fixes).
- PCI: mvebu: Fix support for PCI_EXP_RTSTA on emulated bridge (git-fixes).
- PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config
space (git-fixes).
- PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device
(git-fixes).
- PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
(git-fixes).
- PCI: xgene: Fix IB window setup (git-fixes).
- PM: runtime: Defer suspending suppliers (git-fixes).
- PM: sleep: Do not assume that "mem" is always present (git-fixes).
- RDMA/hns: Replace kfree() with kvfree() (jsc#SLE-14777).
- Revert "PM: sleep: Do not assume that "mem" is always present"
(git-fixes).
- Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST
quirk set" (git-fixes).
- Revert "net/mlx5: Add retry mechanism to the command entry index
allocation" (jsc#SLE-15172).
- USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status
(git-fixes).
- USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub (git-fixes).
- USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04)
(git-fixes).
- USB: cdc-acm: fix break reporting (git-fixes).
- USB: cdc-acm: fix racy tty buffer accesses (git-fixes).
- USB: chipidea: fix interrupt deadlock (git-fixes).
- USB: core: Fix bug in resuming hub's handling of wakeup requests
(git-fixes).
- USB: gadget: bRequestType is a bitfield, not a enum (git-fixes).
- USB: gadget: detect too-big endpoint 0 requests (git-fixes).
- USB: gadget: zero allocate endpoint 0 buffers (git-fixes).
- USB: serial: cp210x: fix CP2105 GPIO registration (git-fixes).
- USB: serial: option: add Telit FN990 compositions (git-fixes).
- Update
patches.suse/tpm-fix-potential-NULL-pointer-access-in-tpm_del_cha.patch
(git-fixes bsc#1193660 ltc#195634).
- Updated mpi3mr entry in supported.conf (bsc#1194578 jsc#SLE-18120)
Moving this driver into the "supported" package.
- amd/display: downgrade validation failure log level (git-fixes).
- ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile (git-fixes).
- atlantic: Fix buff_ring OOB in aq_ring_rx_clean (git-fixes).
- ax25: NPD bug when detaching AX25 device (git-fixes).
- backlight: qcom-wled: Fix off-by-one maximum with default num_strings
(git-fixes).
- backlight: qcom-wled: Override default length with qcom,enabled-strings
(git-fixes).
- backlight: qcom-wled: Pass number of elements to read to read_u32_array
(git-fixes).
- backlight: qcom-wled: Validate enabled string indices in DT (git-fixes).
- batman-adv: mcast: do not send link-local multicast to mcast routers
(git-fixes).
- blk-cgroup: synchronize blkg creation against policy deactivation
(bsc#1194584).
- block/scsi-ioctl: Fix kernel-infoleak in scsi_put_cdrom_generic_arg()
(git-fixes).
- block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586).
- can: gs_usb: fix use of uninitialized variable, detach device on
reception of invalid USB data (git-fixes).
- can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved}
(git-fixes).
- can: kvaser_usb: get CAN clock frequency from device (git-fixes).
- can: sja1000: fix use after free in ems_pcmcia_add_card() (git-fixes).
- can: softing: softing_startstop(): fix set but not used variable warning
(git-fixes).
- can: softing_cs: softingcs_probe(): fix memleak on registration failure
(git-fixes).
- can: usb_8dev: remove unused member echo_skb from struct usb_8dev_priv
(git-fixes).
- can: xilinx_can: xcan_probe(): check for error irq (git-fixes).
- char/mwave: Adjust io port register size (git-fixes).
- clk: Do not parent clks until the parent is fully registered (git-fixes).
- clk: Gemini: fix struct name in kernel-doc (git-fixes).
- clk: bcm-2835: Pick the closest clock rate (git-fixes).
- clk: bcm-2835: Remove rounding up the dividers (git-fixes).
- clk: imx8mn: Fix imx8mn_clko1_sels (git-fixes).
- clk: imx: pllv1: fix kernel-doc notation for struct clk_pllv1
(git-fixes).
- clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk (git-fixes).
- clk: qcom: regmap-mux: fix parent clock lookup (git-fixes).
- clk: stm32: Fix ltdc's clock turn off by clk_disable_unused() after
system enter shell (git-fixes).
- crypto: caam - replace this_cpu_ptr with raw_cpu_ptr (git-fixes).
- crypto: mxs-dcp - Use sg_mapping_iter to copy data (git-fixes).
- crypto: omap-sham - clear dma flags only after
omap_sham_update_dma_stop() (git-fixes).
- crypto: qat - do not ignore errors from enable_vf2pf_comms() (git-fixes).
- crypto: qat - fix reuse of completion variable (git-fixes).
- crypto: qat - handle both source of interrupt in VF ISR (git-fixes).
- crypto: qce - fix uaf on qce_ahash_register_one (git-fixes).
- crypto: stm32/crc32 - Fix kernel BUG triggered in probe() (git-fixes).
- crypto: stm32/cryp - fix double pm exit (git-fixes).
- crypto: stm32/cryp - fix lrw chaining mode (git-fixes).
- crypto: stm32/cryp - fix xts and race condition in crypto_engine
requests (git-fixes).
- debugfs: lockdown: Allow reading debugfs files that are not world
readable (bsc#1193328 ltc#195566).
- device property: Fix documentation for FWNODE_GRAPH_DEVICE_DISABLED
(git-fixes).
- dm crypt: document encrypted keyring key option (git-fixes).
- dm writecache: add "cleaner" and "max_age" to Documentation (git-fixes).
- dm writecache: advance the number of arguments when reporting max_age
(git-fixes).
- dm writecache: fix performance degradation in ssd mode (git-fixes).
- dm writecache: flush origin device when writing and cache is full
(git-fixes).
- dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled()
(git-fixes).
- dmaengine: at_xdmac: Do not start transactions at tx_submit level
(git-fixes).
- dmaengine: at_xdmac: Fix at_xdmac_lld struct definition (git-fixes).
- dmaengine: at_xdmac: Fix concurrency over xfers_list (git-fixes).
- dmaengine: at_xdmac: Fix lld view setting (git-fixes).
- dmaengine: at_xdmac: Print debug message after realeasing the lock
(git-fixes).
- dmaengine: bestcomm: fix system boot lockups (git-fixes).
- dmaengine: idxd: add module parameter to force disable of SVA
(bsc#1192931).
- dmaengine: idxd: enable SVA feature for IOMMU (bsc#1192931).
- dmaengine: pxa/mmp: stop referencing config->slave_id (git-fixes).
- dmaengine: st_fdma: fix MODULE_ALIAS (git-fixes).
- drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10 (git-fixes).
- drm/amd/display: Fix for the no Audio bug with Tiled Displays
(git-fixes).
- drm/amd/display: Update bounding box states (v2) (git-fixes).
- drm/amd/display: Update number of DCN3 clock states (git-fixes).
- drm/amd/display: add connector type check for CRC source set (git-fixes).
- drm/amd/display: dcn20_resource_construct reduce scope of FPU enabled
(git-fixes).
- drm/amd/display: fix incorrect CM/TF programming sequence in dwb
(git-fixes).
- drm/amd/display: fix missing writeback disablement if plane is removed
(git-fixes).
- drm/amdgpu: Fix a NULL pointer dereference in
amdgpu_connector_lcd_native_mode() (git-fixes).
- drm/amdgpu: Fix a printing message (git-fixes).
- drm/amdgpu: Fix amdgpu_ras_eeprom_init() (git-fixes).
- drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE
(git-fixes).
- drm/amdgpu: revert "Add autodump debugfs node for gpu reset v8"
(git-fixes).
- drm/amdkfd: Account for SH/SE count when setting up cu masks (git-fixes).
- drm/amdkfd: Check for null pointer after calling kmemdup (git-fixes).
- drm/ast: potential dereference of null pointer (git-fixes).
- drm/atomic: Check new_crtc_state->active to determine if CRTC needs
disable in self refresh mode (git-fixes).
- drm/bridge: analogix_dp: Make PSR-exit block less (git-fixes).
- drm/bridge: display-connector: fix an uninitialized pointer in probe()
(git-fixes).
- drm/bridge: nwl-dsi: Avoid potential multiplication overflow on 32-bit
(git-fixes).
- drm/bridge: ti-sn65dsi86: Set max register for regmap (git-fixes).
- drm/display: fix possible null-pointer dereference in dcn10_set_clock()
(git-fixes).
- drm/exynos: Always initialize mapping in exynos_drm_register_dma()
(git-fixes).
- drm/i915/fb: Fix rounding error in subsampled plane size calculation
(git-fixes).
- drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk()
(git-fixes).
- drm/mediatek: Check plane visibility in atomic_update (git-fixes).
- drm/msm/dpu: fix safe status debugfs file (git-fixes).
- drm/msm/dsi: Fix DSI and DSI PHY regulator config from SDM660
(git-fixes).
- drm/msm/dsi: set default num_data_lanes (git-fixes).
- drm/msm/mdp5: fix cursor-related warnings (git-fixes).
- drm/msm: mdp4: drop vblank get/put from prepare/complete_commit
(git-fixes).
- drm/msm: prevent NULL dereference in msm_gpu_crashstate_capture()
(git-fixes).
- drm/panel: innolux-p079zca: Delete panel on attach() failure (git-fixes).
- drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure
(git-fixes).
- drm/radeon/radeon_kms: Fix a NULL pointer dereference in
radeon_driver_open_kms() (git-fixes).
- drm/rockchip: dsi: Disable PLL clock on bind error (git-fixes).
- drm/rockchip: dsi: Fix unbalanced clock on probe error (git-fixes).
- drm/rockchip: dsi: Hold pm-runtime across bind/unbind (git-fixes).
- drm/rockchip: dsi: Reconfigure hardware on resume() (git-fixes).
- drm/sun4i: dw-hdmi: Fix missing put_device() call in sun8i_hdmi_phy_get
(git-fixes).
- drm/sun4i: fix unmet dependency on RESET_CONTROLLER for
PHY_SUN6I_MIPI_DPHY (git-fixes).
- drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence
(git-fixes).
- drm/tegra: vic: Fix DMA API misuse (git-fixes).
- drm/vboxvideo: fix a NULL vs IS_ERR() check (git-fixes).
- drm/vc4: hdmi: Make sure the controller is powered up during bind
(git-fixes).
- drm/vc4: hdmi: Set HD_CTL_WHOLSMP and HD_CTL_CHALIGN_SET (git-fixes).
- drm/vc4: hdmi: Set a default HSM rate (git-fixes).
- drm: fix null-ptr-deref in drm_dev_init_release() (git-fixes).
- drm: xlnx: zynqmp: release reset to DP controller before accessing DP
registers (git-fixes).
- drm: xlnx: zynqmp_dpsub: Call pm_runtime_get_sync before setting pixel
clock (git-fixes).
- eeprom: idt_89hpesx: Put fwnode in matching case during ->probe()
(git-fixes).
- eeprom: idt_89hpesx: Restore printing the unsupported fwnode name
(git-fixes).
- ext4: Avoid trim error on fs with small groups (bsc#1191271).
- ext4: fix lazy initialization next schedule time computation in more
granular unit (bsc#1194580).
- fget: clarify and improve __fget_files() implementation (bsc#1193727).
- firmware: Update Kconfig help text for Google firmware (git-fixes).
- firmware: arm_scmi: pm: Propagate return value to caller (git-fixes).
- firmware: arm_scpi: Fix string overflow in SCPI genpd driver (git-fixes).
- firmware: qcom_scm: Fix error retval in __qcom_scm_is_call_available()
(git-fixes).
- firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries
(git-fixes).
- firmware: qemu_fw_cfg: fix kobject leak in probe error path (git-fixes).
- firmware: qemu_fw_cfg: fix sysfs information leak (git-fixes).
- firmware: raspberrypi: Fix a leak in 'rpi_firmware_get()' (git-fixes).
- firmware: smccc: Fix check for ARCH_SOC_ID not implemented (git-fixes).
- firmware: tegra: Fix error application of sizeof() to pointer
(git-fixes).
- firmware: tegra: Reduce stack usage (git-fixes).
- firmware_loader: fix pre-allocated buf built-in firmware use (git-fixes).
- floppy: Fix hang in watchdog when disk is ejected (git-fixes).
- flow_offload: return EOPNOTSUPP for the unsupported mpls action type
(bsc#1154353).
- fuse: Pass correct lend value to filemap_write_and_wait_range()
(bsc#1194953).
- gpiolib: acpi: Make set-debounce-timeout failures non fatal (git-fixes).
- gpu: host1x: Add back arm_iommu_detach_device() (git-fixes).
- hwmon: (lm90) Add basic support for TI TMP461 (git-fixes).
- hwmon: (lm90) Add max6654 support to lm90 driver (git-fixes).
- hwmon: (lm90) Do not report 'busy' status bit as alarm (git-fixes).
- hwmon: (lm90) Drop critical attribute support for MAX6654 (git-fixes).
- hwmon: (lm90) Fix usage of CONFIG2 register in detect function
(git-fixes).
- hwmon: (lm90) Introduce flag indicating extended temperature support
(git-fixes).
- i2c: rk3x: Handle a spurious start completion interrupt flag (git-fixes).
- i2c: validate user data in compat ioctl (git-fixes).
- i3c: fix incorrect address slot lookup on 64-bit (git-fixes).
- i3c: master: dw: check return of dw_i3c_master_get_free_pos()
(git-fixes).
- i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc (git-fixes).
- i40e: Fix for displaying message regarding NVM version (git-fixes).
- i40e: Fix incorrect netdev's real number of RX/TX queues (git-fixes).
- i40e: Fix to not show opcode msg on unsuccessful VF MAC change
(git-fixes).
- i40e: fix use-after-free in i40e_sync_filters_subtask() (git-fixes).
- iavf: Fix limit of total number of queues to active queues of VF
(git-fixes).
- iavf: restore MSI state on reset (git-fixes).
- ieee802154: atusb: fix uninit value in atusb_set_extended_addr
(git-fixes).
- ieee802154: fix error return code in ieee802154_llsec_getparams()
(git-fixes).
- ieee802154: fix error return code in ieee802154_add_iface() (git-fixes).
- ieee802154: hwsim: Fix memory leak in hwsim_add_one (git-fixes).
- ieee802154: hwsim: Fix possible memory leak in
hwsim_subscribe_all_others (git-fixes).
- ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl()
(git-fixes).
- ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi (git-fixes).
- igb: Fix removal of unicast MAC filters of VFs (git-fixes).
- igbvf: fix double free in `igbvf_probe` (git-fixes).
- igc: Fix typo in i225 LTR functions (jsc#SLE-13533).
- iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove
(git-fixes).
- iio: ad7768-1: Call iio_trigger_notify_done() on error (git-fixes).
- iio: adc: axp20x_adc: fix charging current reporting on AXP22x
(git-fixes).
- iio: at91-sama5d2: Fix incorrect sign extension (git-fixes).
- iio: dln2-adc: Fix lockdep complaint (git-fixes).
- iio: dln2: Check return value of devm_iio_trigger_register() (git-fixes).
- iio: itg3200: Call iio_trigger_notify_done() on error (git-fixes).
- iio: kxsd9: Do not return error code in trigger handler (git-fixes).
- iio: ltr501: Do not return error code in trigger handler (git-fixes).
- iio: mma8452: Fix trigger reference couting (git-fixes).
- iio: stk3310: Do not return error code in interrupt handler (git-fixes).
- iio: trigger: Fix reference counting (git-fixes).
- iio: trigger: stm32-timer: fix MODULE_ALIAS (git-fixes).
- ionic: Initialize the 'lif->dbid_inuse' bitmap (bsc#1167773).
- isofs: Fix out of bound access for corrupted isofs image (bsc#1194591).
- iwlwifi: fw: correctly limit to monitor dump (git-fixes).
- iwlwifi: mvm: Fix scan channel flags settings (git-fixes).
- iwlwifi: mvm: Use div_s64 instead of do_div in
iwl_mvm_ftm_rtt_smoothing() (git-fixes).
- iwlwifi: mvm: avoid static queue number aliasing (git-fixes).
- iwlwifi: mvm: disable RX-diversity in powersave (git-fixes).
- iwlwifi: mvm: fix 32-bit build in FTM (git-fixes).
- iwlwifi: mvm: fix access to BSS elements (git-fixes).
- iwlwifi: mvm: test roc running status bits before removing the sta
(git-fixes).
- iwlwifi: pcie: free RBs during configure (git-fixes).
- ixgbe: set X550 MDIO speed before talking to PHY (git-fixes).
- kmod: make request_module() return an error when autoloading is disabled
(git-fixes).
- kobject: Restore old behaviour of kobject_del(NULL) (git-fixes).
- kobject_uevent: remove warning in init_uevent_argv() (git-fixes).
- kprobes: Limit max data_size of the kretprobe instances (bsc#1193669).
- libata: add horkage for ASMedia 1092 (git-fixes).
- libata: if T_LENGTH is zero, dma direction should be DMA_NONE
(git-fixes).
- livepatch: Avoid CPU hogging with cond_resched (bsc#1071995).
- lockdown: Allow unprivileged users to see lockdown status (git-fixes).
- mISDN: change function names to avoid conflicts (git-fixes).
- mac80211: Fix monitor MTU limit so that A-MSDUs get through (git-fixes).
- mac80211: agg-tx: do not schedule_and_wake_txq() under sta->lock
(git-fixes).
- mac80211: do not access the IV when it was stripped (git-fixes).
- mac80211: fix lookup when adding AddBA extension element (git-fixes).
- mac80211: fix regression in SSN handling of addba tx (git-fixes).
- mac80211: initialize variable have_higher_than_11mbit (git-fixes).
- mac80211: mark TX-during-stop for TX in in_reconfig (git-fixes).
- mac80211: send ADDBA requests using the tid/queue of the aggregation
session (git-fixes).
- mac80211: track only QoS data frames for admission control (git-fixes).
- mac80211: validate extended element ID is present (git-fixes).
- mailbox: hi3660: convert struct comments to kernel-doc notation
(git-fixes).
- media: Revert "media: uvcvideo: Set unique vdev name based in type"
(bsc#1193255).
- media: aspeed: Update signal status immediately to ensure sane hw state
(git-fixes).
- media: aspeed: fix mode-detect always time out at 2nd run (git-fixes).
- media: cpia2: fix control-message timeouts (git-fixes).
- media: dib0700: fix undefined behavior in tuner shutdown (git-fixes).
- media: dib8000: Fix a memleak in dib8000_init() (git-fixes).
- media: dmxdev: fix UAF when dvb_register_device() fails (git-fixes).
- media: dw2102: Fix use after free (git-fixes).
- media: em28xx: fix control-message timeouts (git-fixes).
- media: em28xx: fix memory leak in em28xx_init_dev (git-fixes).
- media: flexcop-usb: fix control-message timeouts (git-fixes).
- media: hantro: Fix probe func error path (git-fixes).
- media: i2c: imx274: fix trivial typo expsoure/exposure (git-fixes).
- media: i2c: imx274: fix trivial typo obainted/obtained (git-fixes).
- media: imx-pxp: Initialize the spinlock prior to using it (git-fixes).
- media: mceusb: fix control-message timeouts (git-fixes).
- media: msi001: fix possible null-ptr-deref in msi001_probe() (git-fixes).
- media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released
(git-fixes).
- media: pvrusb2: fix control-message timeouts (git-fixes).
- media: rcar-csi2: Correct the selection of hsfreqrange (git-fixes).
- media: rcar-csi2: Optimize the selection PHTW register (git-fixes).
- media: redrat3: fix control-message timeouts (git-fixes).
- media: s2255: fix control-message timeouts (git-fixes).
- media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
(git-fixes).
- media: si2157: Fix "warm" tuner state detection (git-fixes).
- media: si470x-i2c: fix possible memory leak in si470x_i2c_probe()
(git-fixes).
- media: stk1160: fix control-message timeouts (git-fixes).
- media: streamzap: remove unnecessary ir_raw_event_reset and handle
(git-fixes).
- media: uvcvideo: fix division by zero at stream start (git-fixes).
- media: venus: core: Fix a resource leak in the error handling path of
'venus_probe()' (git-fixes).
- memblock: ensure there is no overflow in memblock_overlaps_region()
(git-fixes).
- memory: emif: Remove bogus debugfs error handling (git-fixes).
- mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe()
(git-fixes).
- misc: fastrpc: Add missing lock before accessing find_vma() (git-fixes).
- misc: fastrpc: fix improper packet size calculation (git-fixes).
- misc: lattice-ecp3-config: Fix task hung when firmware load failed
(git-fixes).
- mmc: meson-mx-sdio: add IRQ check (git-fixes).
- mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard
tuning circuit (git-fixes).
- mmc: sdhci-esdhc-imx: disable CMDQ support (git-fixes).
- mmc: sdhci-pci: Add PCI ID for Intel ADL (git-fixes).
- mmc: sdhci-tegra: Fix switch to HS400ES mode (git-fixes).
- move to "mainline soon" section: -
patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch
- moxart: fix potential use-after-free on remove path (bsc#1194516).
- mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode
(git-fixes).
- mt76: mt7915: fix an off-by-one bound check (git-fixes).
- mtd: rawnand: fsmc: Fix timing computation (git-fixes).
- mtd: rawnand: fsmc: Take instruction delay into account (git-fixes).
- mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip()
(git-fixes).
- mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare()
(git-fixes).
- mwifiex: Fix possible ABBA deadlock (git-fixes).
- mwifiex: Try waking the firmware until we get an interrupt (git-fixes).
- net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources
(jsc#SLE-8464).
- net/mlx5: Set command entry semaphore up once got index free
(jsc#SLE-15172).
- net/mlx5e: Fix wrong features assignment in case of error (git-fixes).
- net/mlx5e: Wrap the tx reporter dump callback to extract the sq
(jsc#SLE-15172).
- net/sched: fq_pie: prevent dismantle issue (jsc#SLE-15172).
- net/sched: sch_ets: do not remove idle classes from the round-robin list
(bsc#1176774).
- net: create netdev->dev_addr assignment helpers (git-fixes).
- net: ena: Fix error handling when calculating max IO queues number
(bsc#1154492).
- net: ena: Fix undefined state when tx request id is out of bounds
(bsc#1154492).
- net: ena: Fix wrong rx request id by resetting device (git-fixes).
- net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg
(jsc#SLE-14777).
- net: usb: lan78xx: add Allied Telesis AT29M2-AF (git-fixes).
- net: usb: pegasus: Do not drop long Ethernet frames (git-fixes).
- netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone
(bsc#1176447).
- nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
(git-fixes).
- nfc: fix segfault in nfc_genl_dump_devices_done (git-fixes).
- nfsd: Fix nsfd startup race (again) (git-fixes).
- nft_set_pipapo: Fix bucket load in AVX2 lookup routine for six 8-bit
groups (bsc#1176447).
- nvme-tcp: block BH in sk state_change sk callback (git-fixes).
- nvme-tcp: can't set sk_user_data without write_lock (git-fixes).
- nvme-tcp: check sgl supported by target (git-fixes).
- nvme-tcp: do not update queue count when failing to set io queues
(git-fixes).
- nvme-tcp: fix a NULL deref when receiving a 0-length r2t PDU (git-fixes).
- nvme-tcp: fix crash triggered with a dataless request submission
(git-fixes).
- nvme-tcp: fix error codes in nvme_tcp_setup_ctrl() (git-fixes).
- nvme-tcp: fix io_work priority inversion (git-fixes).
- nvme-tcp: fix possible data corruption with bio merges (git-fixes).
- nvme-tcp: fix possible req->offset corruption (git-fixes).
- nvme-tcp: fix wrong setting of request iov_iter (git-fixes).
- nvme-tcp: get rid of unused helper function (git-fixes).
- nvme-tcp: pair send_mutex init with destroy (git-fixes).
- nvme-tcp: pass multipage bvec to request iov_iter (git-fixes).
- nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME (git-fixes).
- pcmcia: fix setting of kthread task states (git-fixes).
- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in
__nonstatic_find_io_region() (git-fixes).
- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in
nonstatic_find_mem_region() (git-fixes).
- pcnet32: Use pci_resource_len to validate PCI resource (git-fixes).
- pinctrl: mediatek: fix global-out-of-bounds issue (git-fixes).
- pinctrl: qcom: spmi-gpio: correct parent irqspec translation (git-fixes).
- pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines
(git-fixes).
- pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume()
(git-fixes).
- pipe: increase minimum default pipe size to 2 pages (bsc#1194587).
- platform/x86: apple-gmux: use resource_size() with res (git-fixes).
- platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3
deep (git-fixes).
- power: reset: ltc2952: Fix use of floating point literals (git-fixes).
- power: supply: core: Break capacity loop (git-fixes).
- power: supply: max17042_battery: Clear status bits in interrupt handler
(git-fixes).
- powerpc/64s: fix program check interrupt emergency stack path
(bsc#1156395).
- powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with
panic (bsc#1193901 ltc#194976).
- powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an
overflown PMC (bsc#1156395).
- powerpc/perf: Fix data source encodings for L2.1 and L3.1 accesses
(bsc#1065729).
- powerpc/prom_init: Fix improper check of prom_getprop() (bsc#1065729).
- powerpc/pseries/cpuhp: cache node corrections (bsc#1065729).
- powerpc/pseries/cpuhp: delete add/remove_by_count code (bsc#1065729).
- powerpc/pseries/mobility: ignore ibm, platform-facilities updates
(bsc#1065729).
- powerpc/traps: do not enable irqs in _exception (bsc#1065729).
- powerpc/xive: Add missing null check after calling kmalloc (bsc#1177437
ltc#188522 jsc#SLE-13294 git-fixes).
- powerpc: add interrupt_cond_local_irq_enable helper (bsc#1065729).
- powerpc: handle kdump appropriately with crash_kexec_post_notifiers
option (bsc#1193901 ltc#194976).
- pwm: mxs: Do not modify HW state in .probe() after the PWM chip was
registered (git-fixes).
- pwm: tiecap: Drop .free() callback (git-fixes).
- qlcnic: potential dereference null pointer of rx_queue->page_ring
(git-fixes).
- quota: check block number when reading the block in quota file
(bsc#1194589).
- quota: correct error number in free_dqentry() (bsc#1194590).
- random: fix data race on crng init time (git-fixes).
- random: fix data race on crng_node_pool (git-fixes).
- regmap: Call regmap_debugfs_exit() prior to _init() (git-fixes).
- rndis_host: support Hytera digital radios (git-fixes).
- rpmsg: core: Clean up resources on announce_create failure (git-fixes).
- rtl8xxxu: Fix the handling of TX A-MPDU aggregation (git-fixes).
- rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with
interrupts enabled (git-fixes).
- rtw88: use read_poll_timeout instead of fixed sleep (git-fixes).
- rtw88: wow: build wow function only if CONFIG_PM is on (git-fixes).
- rtw88: wow: fix size access error of probe request (git-fixes).
- sata: nv: fix debug format string mismatch (git-fixes).
- scsi: lpfc: Add additional debugfs support for CMF (bsc#1194266).
- scsi: lpfc: Adjust CMF total bytes and rxmonitor (bsc#1194266).
- scsi: lpfc: Cap CMF read bytes to MBPI (bsc#1194266).
- scsi: lpfc: Change return code on I/Os received during link bounce
(bsc#1194266).
- scsi: lpfc: Fix NPIV port deletion crash (bsc#1194266).
- scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV
(bsc#1194266).
- scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance (bsc#1194266).
- scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup
(bsc#1194266).
- scsi: lpfc: Update lpfc version to 14.0.0.4 (bsc#1194266).
- scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id()
(git-fixes).
- scsi: qla2xxx: Format log strings only if needed (git-fixes).
- scsi: qla2xxx: edif: Fix EDIF bsg (git-fixes).
- scsi: qla2xxx: edif: Fix app start delay (git-fixes).
- scsi: qla2xxx: edif: Fix app start fail (git-fixes).
- scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo()
(git-fixes).
- scsi: qla2xxx: edif: Flush stale events and msgs on session down
(git-fixes).
- scsi: qla2xxx: edif: Increase ELS payload (git-fixes).
- select: Fix indefinitely sleeping task in poll_schedule_timeout()
(bsc#1194027).
- selftests: KVM: Explicitly use movq to read xmm registers (git-fixes).
- selinux: fix potential memleak in selinux_add_opt() (git-fixes).
- seq_buf: Fix overflow in seq_buf_putmem_hex() (git-fixes).
- seq_buf: Make trace_seq_putmem_hex() support data longer than 8
(git-fixes).
- serial: pl011: Add ACPI SBSA UART match id (git-fixes).
- serial: tty: uartlite: fix console setup (git-fixes).
- sfc: Check null pointer of rx_queue->page_ring (git-fixes).
- sfc: The RX page_ring is optional (git-fixes).
- sfc: falcon: Check null pointer of rx_queue->page_ring (git-fixes).
- sfc_ef100: potential dereference of null pointer (jsc#SLE-16683).
- shmem: shmem_writepage() split unlikely i915 THP (git-fixes).
- slimbus: qcom: fix potential NULL dereference in qcom_slim_prg_slew()
(git-fixes).
- soc/tegra: fuse: Fix bitwise vs. logical OR warning (git-fixes).
- soc: fsl: dpaa2-console: free buffer before returning from
dpaa2_console_read (git-fixes).
- soc: fsl: dpio: rename the enqueue descriptor variable (git-fixes).
- soc: fsl: dpio: replace smp_processor_id with raw_smp_processor_id
(git-fixes).
- soc: fsl: dpio: use an explicit NULL instead of 0 (git-fixes).
- soc: fsl: dpio: use the combined functions to protect critical zone
(git-fixes).
- spi: change clk_disable_unprepare to clk_unprepare (git-fixes).
- spi: spi-meson-spifc: Add missing pm_runtime_disable() in
meson_spifc_probe (git-fixes).
- spi: spi-rspi: Drop redeclaring ret variable in qspi_transfer_in()
(git-fixes).
- staging: emxx_udc: Fix passing of NULL to dma_alloc_coherent()
(git-fixes).
- staging: fbtft: Do not spam logs when probe is deferred (git-fixes).
- staging: fbtft: Rectify GPIO handling (git-fixes).
- staging: fieldbus: anybuss: jump to correct label in an error path
(git-fixes).
- staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC (git-fixes).
- staging: rtl8192e: return error code from rtllib_softmac_init()
(git-fixes).
- staging: rtl8192e: rtllib_module: fix error handle case in
alloc_rtllib() (git-fixes).
- staging: wlan-ng: Avoid bitwise vs logical OR warning in
hfa384x_usb_throttlefn() (git-fixes).
- string.h: fix incompatibility between FORTIFY_SOURCE and KASAN
(git-fixes).
- thermal/drivers/imx8mm: Enable ADC when enabling monitor (git-fixes).
- thermal/drivers/int340x: Do not set a wrong tcc offset on resume
(git-fixes).
- thermal: core: Reset previous low and high trip during thermal zone init
(git-fixes).
- tpm: add request_locality before write TPM_INT_ENABLE (git-fixes).
- tpm: fix potential NULL pointer access in tpm_del_char_device
(git-fixes).
- tracing/kprobes: 'nmissed' not showed correctly for kretprobe
(git-fixes).
- tracing/uprobes: Check the return value of kstrdup() for tu->filename
(git-fixes).
- tracing: Add test for user space strings when filtering on string
pointers (git-fixes).
- tracing: Fix check for trace_percpu_buffer validity in get_trace_buf()
(git-fixes).
- tty: max310x: fix flexible_array.cocci warnings (git-fixes).
- tty: serial: atmel: Call dma_async_issue_pending() (git-fixes).
- tty: serial: atmel: Check return code of dmaengine_submit() (git-fixes).
- tty: serial: earlycon dependency (git-fixes).
- tty: serial: qcom_geni_serial: Drop __init from qcom_geni_console_setup
(git-fixes).
- tty: serial: uartlite: allow 64 bit address (git-fixes).
- tty: synclink_gt: rename a conflicting function name (git-fixes).
- udf: Fix crash after seekdir (bsc#1194592).
- uio: uio_dmem_genirq: Catch the Exception (git-fixes).
- usb: core: config: fix validation of wMaxPacketValue entries (git-fixes).
- usb: core: config: using bit mask instead of individual bits (git-fixes).
- usb: dwc2: check return value after calling platform_get_resource()
(git-fixes).
- usb: dwc3: gadget: Continue to process pending requests (git-fixes).
- usb: dwc3: gadget: Ignore EP queue requests during bus reset (git-fixes).
- usb: dwc3: gadget: Reclaim extra TRBs after request completion
(git-fixes).
- usb: dwc3: pci: Enable dis_uX_susphy_quirk for Intel Merrifield
(git-fixes).
- usb: dwc3: ulpi: Fix USB2.0 HS/FS/LS PHY suspend regression (git-fixes).
- usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one
(git-fixes).
- usb: dwc3: ulpi: fix checkpatch warning (git-fixes).
- usb: ftdi-elan: fix memory leak on device disconnect (git-fixes).
- usb: gadget: composite: Allow bMaxPower=0 if self-powered (git-fixes).
- usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear (git-fixes).
- usb: gadget: u_ether: fix race in setting MAC address in setup phase
(git-fixes).
- usb: mtu3: add memory barrier before set GPD's HWO (git-fixes).
- usb: mtu3: fix interval value for intr and isoc (git-fixes).
- usb: mtu3: fix list_head check warning (git-fixes).
- usb: mtu3: set interval of FS intr and isoc endpoint (git-fixes).
- usb: typec: tcpm: handle SRC_STARTUP state if cc changes (git-fixes).
- usb: xhci: Extend support for runtime power management for AMD's Yellow
carp (git-fixes).
- usermodehelper: reset umask to default before executing user process
(git-fixes).
- vfs: check fd has read access in kernel_read_file_from_fd()
(bsc#1194888).
- video: backlight: Drop maximum brightness override for brightness zero
(git-fixes).
- watchdog: Fix OMAP watchdog early handling (git-fixes).
- watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
(git-fixes).
- wcn36xx: Fix missing frame timestamp for beacon/probe-resp (git-fixes).
- wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
(git-fixes).
- wcn36xx: Release DMA channel descriptor allocations (git-fixes).
- wcn36xx: handle connection loss indication (git-fixes).
- wireguard: allowedips: add missing __rcu annotation to satisfy sparse
(git-fixes).
- wireguard: device: reset peer src endpoint when netns exits (git-fixes).
- wireguard: ratelimiter: use kvcalloc() instead of kvzalloc() (git-fixes).
- wireguard: receive: drop handshakes if queue lock is contended
(git-fixes).
- wireguard: receive: use ring buffer for incoming handshakes (git-fixes).
- wireguard: selftests: actually test for routing loops (git-fixes).
- wireguard: selftests: increase default dmesg log size (git-fixes).
- wireless: iwlwifi: Fix a double free in iwl_txq_dyn_alloc_dma
(git-fixes).
- x86/platform/uv: Add more to secondary CPU kdump info (bsc#1194493).
- xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set
(git-fixes).
- xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime
suspending (git-fixes).
- xhci: avoid race between disable slot command and host runtime suspend
(git-fixes).
- xhci: fix unsafe memory usage in xhci tracing (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-198=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-198=1
Package List:
- openSUSE Leap 15.4 (aarch64):
dtb-al-5.3.18-150300.59.43.1
dtb-zte-5.3.18-150300.59.43.1
- openSUSE Leap 15.4 (x86_64):
cluster-md-kmp-preempt-5.3.18-150300.59.43.1
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.43.1
dlm-kmp-preempt-5.3.18-150300.59.43.1
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.43.1
gfs2-kmp-preempt-5.3.18-150300.59.43.1
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.43.1
kernel-preempt-5.3.18-150300.59.43.1
kernel-preempt-debuginfo-5.3.18-150300.59.43.1
kernel-preempt-debugsource-5.3.18-150300.59.43.1
kernel-preempt-devel-5.3.18-150300.59.43.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.43.1
kernel-preempt-extra-5.3.18-150300.59.43.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.43.1
kernel-preempt-livepatch-devel-5.3.18-150300.59.43.1
kernel-preempt-optional-5.3.18-150300.59.43.1
kernel-preempt-optional-debuginfo-5.3.18-150300.59.43.1
kselftests-kmp-preempt-5.3.18-150300.59.43.1
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.43.1
ocfs2-kmp-preempt-5.3.18-150300.59.43.1
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.43.1
reiserfs-kmp-preempt-5.3.18-150300.59.43.1
reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.43.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-150300.59.43.1
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.43.1
dlm-kmp-default-5.3.18-150300.59.43.1
dlm-kmp-default-debuginfo-5.3.18-150300.59.43.1
gfs2-kmp-default-5.3.18-150300.59.43.1
gfs2-kmp-default-debuginfo-5.3.18-150300.59.43.1
kernel-default-5.3.18-150300.59.43.1
kernel-default-base-5.3.18-150300.59.43.1.150300.18.27.1
kernel-default-base-rebuild-5.3.18-150300.59.43.1.150300.18.27.1
kernel-default-debuginfo-5.3.18-150300.59.43.1
kernel-default-debugsource-5.3.18-150300.59.43.1
kernel-default-devel-5.3.18-150300.59.43.1
kernel-default-devel-debuginfo-5.3.18-150300.59.43.1
kernel-default-extra-5.3.18-150300.59.43.1
kernel-default-extra-debuginfo-5.3.18-150300.59.43.1
kernel-default-livepatch-5.3.18-150300.59.43.1
kernel-default-livepatch-devel-5.3.18-150300.59.43.1
kernel-default-optional-5.3.18-150300.59.43.1
kernel-default-optional-debuginfo-5.3.18-150300.59.43.1
kernel-obs-build-5.3.18-150300.59.43.1
kernel-obs-build-debugsource-5.3.18-150300.59.43.1
kernel-obs-qa-5.3.18-150300.59.43.1
kernel-syms-5.3.18-150300.59.43.1
kselftests-kmp-default-5.3.18-150300.59.43.1
kselftests-kmp-default-debuginfo-5.3.18-150300.59.43.1
ocfs2-kmp-default-5.3.18-150300.59.43.1
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.43.1
reiserfs-kmp-default-5.3.18-150300.59.43.1
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.43.1
- openSUSE Leap 15.3 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-150300.59.43.1
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.43.1
dlm-kmp-preempt-5.3.18-150300.59.43.1
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.43.1
gfs2-kmp-preempt-5.3.18-150300.59.43.1
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.43.1
kernel-preempt-5.3.18-150300.59.43.1
kernel-preempt-debuginfo-5.3.18-150300.59.43.1
kernel-preempt-debugsource-5.3.18-150300.59.43.1
kernel-preempt-devel-5.3.18-150300.59.43.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.43.1
kernel-preempt-extra-5.3.18-150300.59.43.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.43.1
kernel-preempt-livepatch-devel-5.3.18-150300.59.43.1
kernel-preempt-optional-5.3.18-150300.59.43.1
kernel-preempt-optional-debuginfo-5.3.18-150300.59.43.1
kselftests-kmp-preempt-5.3.18-150300.59.43.1
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.43.1
ocfs2-kmp-preempt-5.3.18-150300.59.43.1
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.43.1
reiserfs-kmp-preempt-5.3.18-150300.59.43.1
reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.43.1
- openSUSE Leap 15.3 (ppc64le x86_64):
kernel-debug-5.3.18-150300.59.43.1
kernel-debug-debuginfo-5.3.18-150300.59.43.1
kernel-debug-debugsource-5.3.18-150300.59.43.1
kernel-debug-devel-5.3.18-150300.59.43.1
kernel-debug-devel-debuginfo-5.3.18-150300.59.43.1
kernel-debug-livepatch-devel-5.3.18-150300.59.43.1
kernel-kvmsmall-5.3.18-150300.59.43.1
kernel-kvmsmall-debuginfo-5.3.18-150300.59.43.1
kernel-kvmsmall-debugsource-5.3.18-150300.59.43.1
kernel-kvmsmall-devel-5.3.18-150300.59.43.1
kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.43.1
kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.43.1
- openSUSE Leap 15.3 (aarch64):
cluster-md-kmp-64kb-5.3.18-150300.59.43.1
cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.43.1
dlm-kmp-64kb-5.3.18-150300.59.43.1
dlm-kmp-64kb-debuginfo-5.3.18-150300.59.43.1
dtb-al-5.3.18-150300.59.43.1
dtb-allwinner-5.3.18-150300.59.43.1
dtb-altera-5.3.18-150300.59.43.1
dtb-amd-5.3.18-150300.59.43.1
dtb-amlogic-5.3.18-150300.59.43.1
dtb-apm-5.3.18-150300.59.43.1
dtb-arm-5.3.18-150300.59.43.1
dtb-broadcom-5.3.18-150300.59.43.1
dtb-cavium-5.3.18-150300.59.43.1
dtb-exynos-5.3.18-150300.59.43.1
dtb-freescale-5.3.18-150300.59.43.1
dtb-hisilicon-5.3.18-150300.59.43.1
dtb-lg-5.3.18-150300.59.43.1
dtb-marvell-5.3.18-150300.59.43.1
dtb-mediatek-5.3.18-150300.59.43.1
dtb-nvidia-5.3.18-150300.59.43.1
dtb-qcom-5.3.18-150300.59.43.1
dtb-renesas-5.3.18-150300.59.43.1
dtb-rockchip-5.3.18-150300.59.43.1
dtb-socionext-5.3.18-150300.59.43.1
dtb-sprd-5.3.18-150300.59.43.1
dtb-xilinx-5.3.18-150300.59.43.1
dtb-zte-5.3.18-150300.59.43.1
gfs2-kmp-64kb-5.3.18-150300.59.43.1
gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.43.1
kernel-64kb-5.3.18-150300.59.43.1
kernel-64kb-debuginfo-5.3.18-150300.59.43.1
kernel-64kb-debugsource-5.3.18-150300.59.43.1
kernel-64kb-devel-5.3.18-150300.59.43.1
kernel-64kb-devel-debuginfo-5.3.18-150300.59.43.1
kernel-64kb-extra-5.3.18-150300.59.43.1
kernel-64kb-extra-debuginfo-5.3.18-150300.59.43.1
kernel-64kb-livepatch-devel-5.3.18-150300.59.43.1
kernel-64kb-optional-5.3.18-150300.59.43.1
kernel-64kb-optional-debuginfo-5.3.18-150300.59.43.1
kselftests-kmp-64kb-5.3.18-150300.59.43.1
kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.43.1
ocfs2-kmp-64kb-5.3.18-150300.59.43.1
ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.43.1
reiserfs-kmp-64kb-5.3.18-150300.59.43.1
reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.43.1
- openSUSE Leap 15.3 (noarch):
kernel-devel-5.3.18-150300.59.43.1
kernel-docs-5.3.18-150300.59.43.1
kernel-docs-html-5.3.18-150300.59.43.1
kernel-macros-5.3.18-150300.59.43.1
kernel-source-5.3.18-150300.59.43.1
kernel-source-vanilla-5.3.18-150300.59.43.1
- openSUSE Leap 15.3 (s390x):
kernel-zfcpdump-5.3.18-150300.59.43.1
kernel-zfcpdump-debuginfo-5.3.18-150300.59.43.1
kernel-zfcpdump-debugsource-5.3.18-150300.59.43.1
References:
https://www.suse.com/security/cve/CVE-2021-4083.html
https://www.suse.com/security/cve/CVE-2021-4135.html
https://www.suse.com/security/cve/CVE-2021-4149.html
https://www.suse.com/security/cve/CVE-2021-4197.html
https://www.suse.com/security/cve/CVE-2021-4202.html
https://www.suse.com/security/cve/CVE-2021-45485.html
https://www.suse.com/security/cve/CVE-2021-45486.html
https://www.suse.com/security/cve/CVE-2021-46283.html
https://www.suse.com/security/cve/CVE-2022-0185.html
https://www.suse.com/security/cve/CVE-2022-0322.html
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1071995
https://bugzilla.suse.com/1154353
https://bugzilla.suse.com/1154492
https://bugzilla.suse.com/1156395
https://bugzilla.suse.com/1167773
https://bugzilla.suse.com/1176447
https://bugzilla.suse.com/1176774
https://bugzilla.suse.com/1177437
https://bugzilla.suse.com/1190256
https://bugzilla.suse.com/1191271
https://bugzilla.suse.com/1191929
https://bugzilla.suse.com/1192931
https://bugzilla.suse.com/1193255
https://bugzilla.suse.com/1193328
https://bugzilla.suse.com/1193660
https://bugzilla.suse.com/1193669
https://bugzilla.suse.com/1193727
https://bugzilla.suse.com/1193901
https://bugzilla.suse.com/1193927
https://bugzilla.suse.com/1194001
https://bugzilla.suse.com/1194027
https://bugzilla.suse.com/1194087
https://bugzilla.suse.com/1194094
https://bugzilla.suse.com/1194266
https://bugzilla.suse.com/1194302
https://bugzilla.suse.com/1194493
https://bugzilla.suse.com/1194516
https://bugzilla.suse.com/1194517
https://bugzilla.suse.com/1194518
https://bugzilla.suse.com/1194529
https://bugzilla.suse.com/1194578
https://bugzilla.suse.com/1194580
https://bugzilla.suse.com/1194584
https://bugzilla.suse.com/1194586
https://bugzilla.suse.com/1194587
https://bugzilla.suse.com/1194589
https://bugzilla.suse.com/1194590
https://bugzilla.suse.com/1194591
https://bugzilla.suse.com/1194592
https://bugzilla.suse.com/1194888
https://bugzilla.suse.com/1194953
https://bugzilla.suse.com/1194985
1
0
openSUSE-SU-2022:0190-1: important: Security update for polkit
by opensuse-security@opensuse.org 25 Jan '22
by opensuse-security@opensuse.org 25 Jan '22
25 Jan '22
openSUSE Security Update: Security update for polkit
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0190-1
Rating: important
References: #1194568
Cross-References: CVE-2021-4034
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for polkit fixes the following issues:
- CVE-2021-4034: Fixed a local privilege escalation in pkexec
(bsc#1194568).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-190=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libpolkit0-0.116-3.6.1
libpolkit0-debuginfo-0.116-3.6.1
polkit-0.116-3.6.1
polkit-debuginfo-0.116-3.6.1
polkit-debugsource-0.116-3.6.1
polkit-devel-0.116-3.6.1
polkit-devel-debuginfo-0.116-3.6.1
typelib-1_0-Polkit-1_0-0.116-3.6.1
- openSUSE Leap 15.3 (x86_64):
libpolkit0-32bit-0.116-3.6.1
libpolkit0-32bit-debuginfo-0.116-3.6.1
- openSUSE Leap 15.3 (noarch):
polkit-doc-0.116-3.6.1
References:
https://www.suse.com/security/cve/CVE-2021-4034.html
https://bugzilla.suse.com/1194568
1
0
openSUSE-SU-2022:0182-1: important: Security update for webkit2gtk3
by opensuse-security@opensuse.org 25 Jan '22
by opensuse-security@opensuse.org 25 Jan '22
25 Jan '22
openSUSE Security Update: Security update for webkit2gtk3
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0182-1
Rating: important
References: #1194019
Cross-References: CVE-2019-8766 CVE-2019-8782 CVE-2019-8808
CVE-2019-8815 CVE-2020-13753 CVE-2020-27918
CVE-2020-29623 CVE-2020-3902 CVE-2020-9802
CVE-2020-9803 CVE-2020-9805 CVE-2020-9947
CVE-2020-9948 CVE-2020-9951 CVE-2020-9952
CVE-2021-1765 CVE-2021-1788 CVE-2021-1817
CVE-2021-1820 CVE-2021-1825 CVE-2021-1826
CVE-2021-1844 CVE-2021-1871 CVE-2021-30661
CVE-2021-30666 CVE-2021-30682 CVE-2021-30761
CVE-2021-30762 CVE-2021-30809 CVE-2021-30818
CVE-2021-30823 CVE-2021-30836 CVE-2021-30846
CVE-2021-30848 CVE-2021-30849 CVE-2021-30851
CVE-2021-30858 CVE-2021-30884 CVE-2021-30887
CVE-2021-30888 CVE-2021-30889 CVE-2021-30890
CVE-2021-30897
CVSS scores:
CVE-2019-8766 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2019-8766 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2019-8782 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2019-8782 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2019-8808 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2019-8808 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2019-8815 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2019-8815 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-13753 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2020-13753 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2020-27918 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-27918 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-29623 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVE-2020-29623 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVE-2020-3902 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2020-3902 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2020-9802 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-9802 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2020-9803 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-9803 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2020-9805 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CVE-2020-9805 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CVE-2020-9947 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-9947 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-9948 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-9951 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-9951 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-9952 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CVE-2020-9952 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2021-1765 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2021-1765 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2021-1788 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-1788 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-1844 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-1844 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-1871 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-1871 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-30809 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30809 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30818 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30818 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30823 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVE-2021-30823 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVE-2021-30836 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2021-30836 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2021-30846 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30846 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30848 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30848 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30849 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30849 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30851 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30851 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30858 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30858 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30884 (NVD) : 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
CVE-2021-30884 (SUSE): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
CVE-2021-30887 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2021-30887 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2021-30888 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CVE-2021-30888 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CVE-2021-30889 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30889 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30890 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2021-30890 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2021-30897 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes 43 vulnerabilities is now available.
Description:
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.34.3 (bsc#1194019).
- CVE-2021-30887: Fixed logic issue allowing unexpectedly unenforced
Content Security Policy when processing maliciously crafted web content.
- CVE-2021-30890: Fixed logic issue allowing universal cross site
scripting when processing maliciously crafted web content.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-182=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.34.3-23.3
libjavascriptcoregtk-4_0-18-debuginfo-2.34.3-23.3
libwebkit2gtk-4_0-37-2.34.3-23.3
libwebkit2gtk-4_0-37-debuginfo-2.34.3-23.3
typelib-1_0-JavaScriptCore-4_0-2.34.3-23.3
typelib-1_0-WebKit2-4_0-2.34.3-23.3
typelib-1_0-WebKit2WebExtension-4_0-2.34.3-23.3
webkit-jsc-4-2.34.3-23.3
webkit-jsc-4-debuginfo-2.34.3-23.3
webkit2gtk-4_0-injected-bundles-2.34.3-23.3
webkit2gtk-4_0-injected-bundles-debuginfo-2.34.3-23.3
webkit2gtk3-debugsource-2.34.3-23.3
webkit2gtk3-devel-2.34.3-23.3
webkit2gtk3-minibrowser-2.34.3-23.3
webkit2gtk3-minibrowser-debuginfo-2.34.3-23.3
- openSUSE Leap 15.3 (noarch):
libwebkit2gtk3-lang-2.34.3-23.3
- openSUSE Leap 15.3 (x86_64):
libjavascriptcoregtk-4_0-18-32bit-2.34.3-23.3
libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.34.3-23.3
libwebkit2gtk-4_0-37-32bit-2.34.3-23.3
libwebkit2gtk-4_0-37-32bit-debuginfo-2.34.3-23.3
References:
https://www.suse.com/security/cve/CVE-2019-8766.html
https://www.suse.com/security/cve/CVE-2019-8782.html
https://www.suse.com/security/cve/CVE-2019-8808.html
https://www.suse.com/security/cve/CVE-2019-8815.html
https://www.suse.com/security/cve/CVE-2020-13753.html
https://www.suse.com/security/cve/CVE-2020-27918.html
https://www.suse.com/security/cve/CVE-2020-29623.html
https://www.suse.com/security/cve/CVE-2020-3902.html
https://www.suse.com/security/cve/CVE-2020-9802.html
https://www.suse.com/security/cve/CVE-2020-9803.html
https://www.suse.com/security/cve/CVE-2020-9805.html
https://www.suse.com/security/cve/CVE-2020-9947.html
https://www.suse.com/security/cve/CVE-2020-9948.html
https://www.suse.com/security/cve/CVE-2020-9951.html
https://www.suse.com/security/cve/CVE-2020-9952.html
https://www.suse.com/security/cve/CVE-2021-1765.html
https://www.suse.com/security/cve/CVE-2021-1788.html
https://www.suse.com/security/cve/CVE-2021-1817.html
https://www.suse.com/security/cve/CVE-2021-1820.html
https://www.suse.com/security/cve/CVE-2021-1825.html
https://www.suse.com/security/cve/CVE-2021-1826.html
https://www.suse.com/security/cve/CVE-2021-1844.html
https://www.suse.com/security/cve/CVE-2021-1871.html
https://www.suse.com/security/cve/CVE-2021-30661.html
https://www.suse.com/security/cve/CVE-2021-30666.html
https://www.suse.com/security/cve/CVE-2021-30682.html
https://www.suse.com/security/cve/CVE-2021-30761.html
https://www.suse.com/security/cve/CVE-2021-30762.html
https://www.suse.com/security/cve/CVE-2021-30809.html
https://www.suse.com/security/cve/CVE-2021-30818.html
https://www.suse.com/security/cve/CVE-2021-30823.html
https://www.suse.com/security/cve/CVE-2021-30836.html
https://www.suse.com/security/cve/CVE-2021-30846.html
https://www.suse.com/security/cve/CVE-2021-30848.html
https://www.suse.com/security/cve/CVE-2021-30849.html
https://www.suse.com/security/cve/CVE-2021-30851.html
https://www.suse.com/security/cve/CVE-2021-30858.html
https://www.suse.com/security/cve/CVE-2021-30884.html
https://www.suse.com/security/cve/CVE-2021-30887.html
https://www.suse.com/security/cve/CVE-2021-30888.html
https://www.suse.com/security/cve/CVE-2021-30889.html
https://www.suse.com/security/cve/CVE-2021-30890.html
https://www.suse.com/security/cve/CVE-2021-30897.html
https://bugzilla.suse.com/1194019
1
0
openSUSE-SU-2022:0184-1: important: Security update for json-c
by opensuse-security@opensuse.org 25 Jan '22
by opensuse-security@opensuse.org 25 Jan '22
25 Jan '22
openSUSE Security Update: Security update for json-c
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0184-1
Rating: important
References: #1171479
Cross-References: CVE-2020-12762
CVSS scores:
CVE-2020-12762 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-12762 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for json-c fixes the following issues:
- CVE-2020-12762: Fixed integer overflow and out-of-bounds write.
(bsc#1171479)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-184=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
json-c-debugsource-0.13-3.3.1
libjson-c-devel-0.13-3.3.1
libjson-c3-0.13-3.3.1
libjson-c3-debuginfo-0.13-3.3.1
- openSUSE Leap 15.3 (noarch):
libjson-c-doc-0.13-3.3.1
- openSUSE Leap 15.3 (x86_64):
libjson-c3-32bit-0.13-3.3.1
libjson-c3-32bit-debuginfo-0.13-3.3.1
References:
https://www.suse.com/security/cve/CVE-2020-12762.html
https://bugzilla.suse.com/1171479
1
0
25 Jan '22
openSUSE Security Update: Security update for qemu
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0177-1
Rating: low
References: #1181361
Cross-References: CVE-2021-20196
CVSS scores:
CVE-2021-20196 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2021-20196 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for qemu fixes the following issues:
- CVE-2021-20196: Fixed null pointer dereference that may lead to guest
crash (bsc#1181361).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-177=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
qemu-5.2.0-150300.109.2
qemu-arm-5.2.0-150300.109.2
qemu-arm-debuginfo-5.2.0-150300.109.2
qemu-audio-alsa-5.2.0-150300.109.2
qemu-audio-alsa-debuginfo-5.2.0-150300.109.2
qemu-audio-pa-5.2.0-150300.109.2
qemu-audio-pa-debuginfo-5.2.0-150300.109.2
qemu-audio-spice-5.2.0-150300.109.2
qemu-audio-spice-debuginfo-5.2.0-150300.109.2
qemu-block-curl-5.2.0-150300.109.2
qemu-block-curl-debuginfo-5.2.0-150300.109.2
qemu-block-dmg-5.2.0-150300.109.2
qemu-block-dmg-debuginfo-5.2.0-150300.109.2
qemu-block-gluster-5.2.0-150300.109.2
qemu-block-gluster-debuginfo-5.2.0-150300.109.2
qemu-block-iscsi-5.2.0-150300.109.2
qemu-block-iscsi-debuginfo-5.2.0-150300.109.2
qemu-block-nfs-5.2.0-150300.109.2
qemu-block-nfs-debuginfo-5.2.0-150300.109.2
qemu-block-rbd-5.2.0-150300.109.2
qemu-block-rbd-debuginfo-5.2.0-150300.109.2
qemu-block-ssh-5.2.0-150300.109.2
qemu-block-ssh-debuginfo-5.2.0-150300.109.2
qemu-chardev-baum-5.2.0-150300.109.2
qemu-chardev-baum-debuginfo-5.2.0-150300.109.2
qemu-chardev-spice-5.2.0-150300.109.2
qemu-chardev-spice-debuginfo-5.2.0-150300.109.2
qemu-debuginfo-5.2.0-150300.109.2
qemu-debugsource-5.2.0-150300.109.2
qemu-extra-5.2.0-150300.109.2
qemu-extra-debuginfo-5.2.0-150300.109.2
qemu-guest-agent-5.2.0-150300.109.2
qemu-guest-agent-debuginfo-5.2.0-150300.109.2
qemu-hw-display-qxl-5.2.0-150300.109.2
qemu-hw-display-qxl-debuginfo-5.2.0-150300.109.2
qemu-hw-display-virtio-gpu-5.2.0-150300.109.2
qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.109.2
qemu-hw-display-virtio-gpu-pci-5.2.0-150300.109.2
qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.109.2
qemu-hw-display-virtio-vga-5.2.0-150300.109.2
qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.109.2
qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.109.2
qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.109.2
qemu-hw-usb-redirect-5.2.0-150300.109.2
qemu-hw-usb-redirect-debuginfo-5.2.0-150300.109.2
qemu-hw-usb-smartcard-5.2.0-150300.109.2
qemu-hw-usb-smartcard-debuginfo-5.2.0-150300.109.2
qemu-ivshmem-tools-5.2.0-150300.109.2
qemu-ivshmem-tools-debuginfo-5.2.0-150300.109.2
qemu-ksm-5.2.0-150300.109.2
qemu-lang-5.2.0-150300.109.2
qemu-linux-user-5.2.0-150300.109.2
qemu-linux-user-debuginfo-5.2.0-150300.109.2
qemu-linux-user-debugsource-5.2.0-150300.109.2
qemu-ppc-5.2.0-150300.109.2
qemu-ppc-debuginfo-5.2.0-150300.109.2
qemu-s390x-5.2.0-150300.109.2
qemu-s390x-debuginfo-5.2.0-150300.109.2
qemu-testsuite-5.2.0-150300.109.4
qemu-tools-5.2.0-150300.109.2
qemu-tools-debuginfo-5.2.0-150300.109.2
qemu-ui-curses-5.2.0-150300.109.2
qemu-ui-curses-debuginfo-5.2.0-150300.109.2
qemu-ui-gtk-5.2.0-150300.109.2
qemu-ui-gtk-debuginfo-5.2.0-150300.109.2
qemu-ui-opengl-5.2.0-150300.109.2
qemu-ui-opengl-debuginfo-5.2.0-150300.109.2
qemu-ui-spice-app-5.2.0-150300.109.2
qemu-ui-spice-app-debuginfo-5.2.0-150300.109.2
qemu-ui-spice-core-5.2.0-150300.109.2
qemu-ui-spice-core-debuginfo-5.2.0-150300.109.2
qemu-vhost-user-gpu-5.2.0-150300.109.2
qemu-vhost-user-gpu-debuginfo-5.2.0-150300.109.2
qemu-x86-5.2.0-150300.109.2
qemu-x86-debuginfo-5.2.0-150300.109.2
- openSUSE Leap 15.3 (s390x x86_64):
qemu-kvm-5.2.0-150300.109.2
- openSUSE Leap 15.3 (noarch):
qemu-ipxe-1.0.0+-150300.109.2
qemu-microvm-5.2.0-150300.109.2
qemu-seabios-1.14.0_0_g155821a-150300.109.2
qemu-sgabios-8-150300.109.2
qemu-skiboot-5.2.0-150300.109.2
qemu-vgabios-1.14.0_0_g155821a-150300.109.2
References:
https://www.suse.com/security/cve/CVE-2021-20196.html
https://bugzilla.suse.com/1181361
1
0
openSUSE-SU-2022:0178-1: important: Security update for expat
by opensuse-security@opensuse.org 25 Jan '22
by opensuse-security@opensuse.org 25 Jan '22
25 Jan '22
openSUSE Security Update: Security update for expat
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0178-1
Rating: important
References: #1194251 #1194362 #1194474 #1194476 #1194477
#1194478 #1194479 #1194480
Cross-References: CVE-2021-45960 CVE-2021-46143 CVE-2022-22822
CVE-2022-22823 CVE-2022-22824 CVE-2022-22825
CVE-2022-22826 CVE-2022-22827
CVSS scores:
CVE-2021-45960 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-45960 (SUSE): 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
CVE-2021-46143 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-46143 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22822 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22822 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-22823 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22823 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-22824 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22824 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-22825 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-22825 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-22826 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-22826 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-22827 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-22827 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes 8 vulnerabilities is now available.
Description:
This update for expat fixes the following issues:
- CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c
that can lead to realloc misbehavior (bsc#1194251).
- CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog
(bsc#1194362).
- CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c
(bsc#1194474).
- CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c
(bsc#1194476).
- CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c
(bsc#1194477).
- CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c
(bsc#1194478).
- CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c
(bsc#1194479).
- CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c
(bsc#1194480).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-178=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
expat-2.2.5-3.9.1
expat-debuginfo-2.2.5-3.9.1
expat-debugsource-2.2.5-3.9.1
libexpat-devel-2.2.5-3.9.1
libexpat1-2.2.5-3.9.1
libexpat1-debuginfo-2.2.5-3.9.1
- openSUSE Leap 15.3 (x86_64):
expat-32bit-debuginfo-2.2.5-3.9.1
libexpat-devel-32bit-2.2.5-3.9.1
libexpat1-32bit-2.2.5-3.9.1
libexpat1-32bit-debuginfo-2.2.5-3.9.1
References:
https://www.suse.com/security/cve/CVE-2021-45960.html
https://www.suse.com/security/cve/CVE-2021-46143.html
https://www.suse.com/security/cve/CVE-2022-22822.html
https://www.suse.com/security/cve/CVE-2022-22823.html
https://www.suse.com/security/cve/CVE-2022-22824.html
https://www.suse.com/security/cve/CVE-2022-22825.html
https://www.suse.com/security/cve/CVE-2022-22826.html
https://www.suse.com/security/cve/CVE-2022-22827.html
https://bugzilla.suse.com/1194251
https://bugzilla.suse.com/1194362
https://bugzilla.suse.com/1194474
https://bugzilla.suse.com/1194476
https://bugzilla.suse.com/1194477
https://bugzilla.suse.com/1194478
https://bugzilla.suse.com/1194479
https://bugzilla.suse.com/1194480
1
0