November 2022 - openSUSE Security Announce

SUSE-SU-2022:3947-1: important: Security update for xen
by opensuse-security＠opensuse.org 11 Nov '22

11 Nov '22

SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3947-1 Rating: important References: #1027519 #1193923 #1203806 #1203807 #1204482 #1204485 #1204487 #1204488 #1204489 #1204490 #1204494 #1204496 Cross-References: CVE-2022-33746 CVE-2022-33747 CVE-2022-33748 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326 CVSS scores: CVE-2022-33746 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-33746 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-33747 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVE-2022-33748 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-33748 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42309 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2022-42309 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-42310 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42310 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42311 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-42311 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42312 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42312 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42313 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42313 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42314 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42314 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42315 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42315 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42316 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42316 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42317 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42317 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42318 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42318 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42319 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42319 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42320 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42320 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-42321 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42321 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42322 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42322 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42323 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42323 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42325 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42325 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42326 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42326 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806) - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807) - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496) - xen: Frontends vulnerable to backends (bsc#1193923) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3947=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3947=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3947=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3947=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3947=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3947=1 Package List: - openSUSE Leap Micro 5.2 (x86_64): xen-debugsource-4.14.5_08-150300.3.40.1 xen-libs-4.14.5_08-150300.3.40.1 xen-libs-debuginfo-4.14.5_08-150300.3.40.1 - openSUSE Leap 15.3 (aarch64 x86_64): xen-4.14.5_08-150300.3.40.1 xen-debugsource-4.14.5_08-150300.3.40.1 xen-devel-4.14.5_08-150300.3.40.1 xen-doc-html-4.14.5_08-150300.3.40.1 xen-libs-4.14.5_08-150300.3.40.1 xen-libs-debuginfo-4.14.5_08-150300.3.40.1 xen-tools-4.14.5_08-150300.3.40.1 xen-tools-debuginfo-4.14.5_08-150300.3.40.1 xen-tools-domU-4.14.5_08-150300.3.40.1 xen-tools-domU-debuginfo-4.14.5_08-150300.3.40.1 - openSUSE Leap 15.3 (x86_64): xen-libs-32bit-4.14.5_08-150300.3.40.1 xen-libs-32bit-debuginfo-4.14.5_08-150300.3.40.1 - openSUSE Leap 15.3 (noarch): xen-tools-xendomains-wait-disk-4.14.5_08-150300.3.40.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): xen-tools-xendomains-wait-disk-4.14.5_08-150300.3.40.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): xen-4.14.5_08-150300.3.40.1 xen-debugsource-4.14.5_08-150300.3.40.1 xen-devel-4.14.5_08-150300.3.40.1 xen-tools-4.14.5_08-150300.3.40.1 xen-tools-debuginfo-4.14.5_08-150300.3.40.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): xen-debugsource-4.14.5_08-150300.3.40.1 xen-libs-4.14.5_08-150300.3.40.1 xen-libs-debuginfo-4.14.5_08-150300.3.40.1 xen-tools-domU-4.14.5_08-150300.3.40.1 xen-tools-domU-debuginfo-4.14.5_08-150300.3.40.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): xen-debugsource-4.14.5_08-150300.3.40.1 xen-libs-4.14.5_08-150300.3.40.1 xen-libs-debuginfo-4.14.5_08-150300.3.40.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): xen-debugsource-4.14.5_08-150300.3.40.1 xen-libs-4.14.5_08-150300.3.40.1 xen-libs-debuginfo-4.14.5_08-150300.3.40.1 References: https://www.suse.com/security/cve/CVE-2022-33746.html https://www.suse.com/security/cve/CVE-2022-33747.html https://www.suse.com/security/cve/CVE-2022-33748.html https://www.suse.com/security/cve/CVE-2022-42309.html https://www.suse.com/security/cve/CVE-2022-42310.html https://www.suse.com/security/cve/CVE-2022-42311.html https://www.suse.com/security/cve/CVE-2022-42312.html https://www.suse.com/security/cve/CVE-2022-42313.html https://www.suse.com/security/cve/CVE-2022-42314.html https://www.suse.com/security/cve/CVE-2022-42315.html https://www.suse.com/security/cve/CVE-2022-42316.html https://www.suse.com/security/cve/CVE-2022-42317.html https://www.suse.com/security/cve/CVE-2022-42318.html https://www.suse.com/security/cve/CVE-2022-42319.html https://www.suse.com/security/cve/CVE-2022-42320.html https://www.suse.com/security/cve/CVE-2022-42321.html https://www.suse.com/security/cve/CVE-2022-42322.html https://www.suse.com/security/cve/CVE-2022-42323.html https://www.suse.com/security/cve/CVE-2022-42325.html https://www.suse.com/security/cve/CVE-2022-42326.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1193923 https://bugzilla.suse.com/1203806 https://bugzilla.suse.com/1203807 https://bugzilla.suse.com/1204482 https://bugzilla.suse.com/1204485 https://bugzilla.suse.com/1204487 https://bugzilla.suse.com/1204488 https://bugzilla.suse.com/1204489 https://bugzilla.suse.com/1204490 https://bugzilla.suse.com/1204494 https://bugzilla.suse.com/1204496

1 0

SUSE-SU-2022:3955-1: important: Security update for samba
by opensuse-security＠opensuse.org 11 Nov '22

11 Nov '22

SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3955-1 Rating: important References: #1200102 #1202803 #1202976 Cross-References: CVE-2022-1615 CVE-2022-32743 CVSS scores: CVE-2022-1615 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1615 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32743 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-32743 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for samba fixes the following issues: - CVE-2022-1615: Fixed error handling in random number generation (bso#15103)(bsc#1202976). - CVE-2022-32743: Implement validated dnsHostName write rights (bso#14833)(bsc#1202803). Bugfixes: - Fixed use after free when iterating smbd_server_connection->connections after tree disconnect failure (bso#15128)(bsc#1200102). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3955=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3955=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-3955=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3955=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3955=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-3955=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-3955=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): samba-client-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debugsource-4.15.8+git.527.8d0c05d313e-150300.3.40.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ctdb-4.15.8+git.527.8d0c05d313e-150300.3.40.2 ctdb-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 ctdb-pcp-pmda-4.15.8+git.527.8d0c05d313e-150300.3.40.2 ctdb-pcp-pmda-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 libsamba-policy-devel-4.15.8+git.527.8d0c05d313e-150300.3.40.2 libsamba-policy-python3-devel-4.15.8+git.527.8d0c05d313e-150300.3.40.2 libsamba-policy0-python3-4.15.8+git.527.8d0c05d313e-150300.3.40.2 libsamba-policy0-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ad-dc-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ad-dc-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ad-dc-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ad-dc-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debugsource-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-devel-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-dsdb-modules-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-dsdb-modules-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-gpupdate-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ldb-ldap-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ldb-ldap-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-python3-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-python3-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-test-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-test-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-tool-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 - openSUSE Leap 15.3 (aarch64 x86_64): samba-ceph-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ceph-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 - openSUSE Leap 15.3 (aarch64_ilp32): libsamba-policy0-python3-64bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 libsamba-policy0-python3-64bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-64bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-64bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-64bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-64bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-python3-64bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-python3-64bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 - openSUSE Leap 15.3 (x86_64): libsamba-policy0-python3-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 libsamba-policy0-python3-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ad-dc-libs-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ad-dc-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-libs-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-devel-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-python3-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-python3-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-libs-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 - openSUSE Leap 15.3 (noarch): samba-doc-4.15.8+git.527.8d0c05d313e-150300.3.40.2 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): samba-ad-dc-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ad-dc-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debugsource-4.15.8+git.527.8d0c05d313e-150300.3.40.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libsamba-policy-devel-4.15.8+git.527.8d0c05d313e-150300.3.40.2 libsamba-policy-python3-devel-4.15.8+git.527.8d0c05d313e-150300.3.40.2 libsamba-policy0-python3-4.15.8+git.527.8d0c05d313e-150300.3.40.2 libsamba-policy0-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ad-dc-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ad-dc-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debugsource-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-devel-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-dsdb-modules-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-dsdb-modules-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-gpupdate-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ldb-ldap-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ldb-ldap-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-python3-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-python3-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-tool-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): samba-ceph-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ceph-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): samba-ad-dc-libs-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ad-dc-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-libs-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-devel-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-libs-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): samba-client-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debugsource-4.15.8+git.527.8d0c05d313e-150300.3.40.2 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ctdb-4.15.8+git.527.8d0c05d313e-150300.3.40.2 ctdb-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debugsource-4.15.8+git.527.8d0c05d313e-150300.3.40.2 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): ctdb-4.15.8+git.527.8d0c05d313e-150300.3.40.2 ctdb-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ceph-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ceph-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debugsource-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-python3-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 References: https://www.suse.com/security/cve/CVE-2022-1615.html https://www.suse.com/security/cve/CVE-2022-32743.html https://bugzilla.suse.com/1200102 https://bugzilla.suse.com/1202803 https://bugzilla.suse.com/1202976

1 0

SUSE-SU-2022:3959-1: important: Security update for busybox
by opensuse-security＠opensuse.org 11 Nov '22

11 Nov '22

SUSE Security Update: Security update for busybox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3959-1 Rating: important References: #1064976 #1064978 #1069412 #1099260 #1099263 #1102912 #1121426 #1121428 #1184522 #1192869 #951562 #970662 #970663 #991940 Cross-References: CVE-2011-5325 CVE-2015-9261 CVE-2016-2147 CVE-2016-2148 CVE-2016-6301 CVE-2017-15873 CVE-2017-15874 CVE-2017-16544 CVE-2018-1000500 CVE-2018-1000517 CVE-2018-20679 CVE-2019-5747 CVE-2021-28831 CVE-2021-42373 CVE-2021-42374 CVE-2021-42375 CVE-2021-42376 CVE-2021-42377 CVE-2021-42378 CVE-2021-42379 CVE-2021-42380 CVE-2021-42381 CVE-2021-42382 CVE-2021-42383 CVE-2021-42384 CVE-2021-42385 CVE-2021-42386 CVSS scores: CVE-2011-5325 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2015-9261 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2015-9261 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-2147 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-2148 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-6301 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-15873 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-15873 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-15874 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-15874 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-16544 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-16544 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-1000500 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-1000500 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2018-1000517 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-1000517 (SUSE): 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2018-20679 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2018-20679 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-5747 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-5747 (SUSE): 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-28831 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28831 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-42373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-42373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-42374 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2021-42374 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2021-42375 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-42375 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-42376 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-42376 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-42377 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-42377 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42378 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42378 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42379 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42379 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42380 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42380 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42381 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42381 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42382 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42382 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42383 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42383 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42384 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42384 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42385 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42385 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42386 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42386 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 27 vulnerabilities is now available. Description: This update for busybox fixes the following issues: - Enable switch_root With this change virtme --force-initramfs works as expected. - Enable udhcpc busybox was updated to 1.35.0 - Adjust busybox.config for new features in find, date and cpio - Annotate CVEs already fixed in upstream, but not mentioned in .changes yet: * CVE-2017-16544 (bsc#1069412): Insufficient sanitization of filenames when autocompleting * CVE-2015-9261 (bsc#1102912): huft_build misuses a pointer, causing segfaults * CVE-2016-2147 (bsc#970663): out of bounds write (heap) due to integer underflow in udhcpc * CVE-2016-2148 (bsc#970662): heap-based buffer overflow in OPTION_6RD parsing * CVE-2016-6301 (bsc#991940): NTP server denial of service flaw * CVE-2017-15873 (bsc#1064976): The get_next_block function in archival/libarchive/decompress_bunzip2.c has an Integer Overflow * CVE-2017-15874 (bsc#1064978): archival/libarchive/decompress_unlzma.c has an Integer Underflow * CVE-2019-5747 (bsc#1121428): out of bounds read in udhcp components * CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386 (bsc#1192869) : v1.34.0 bugfixes * CVE-2021-28831 (bsc#1184522): invalid free or segmentation fault via malformed gzip data * CVE-2018-20679 (bsc#1121426): out of bounds read in udhcp * CVE-2018-1000517 (bsc#1099260): Heap-based buffer overflow in the retrieve_file_data() * CVE-2011-5325 (bsc#951562): tar directory traversal * CVE-2018-1000500 (bsc#1099263): wget: Missing SSL certificate validation Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3959=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3959=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): busybox-1.35.0-150400.3.3.1 busybox-static-1.35.0-150400.3.3.1 busybox-testsuite-1.35.0-150400.3.3.1 - openSUSE Leap 15.4 (aarch64 x86_64): busybox-warewulf3-1.35.0-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): busybox-1.35.0-150400.3.3.1 busybox-static-1.35.0-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2011-5325.html https://www.suse.com/security/cve/CVE-2015-9261.html https://www.suse.com/security/cve/CVE-2016-2147.html https://www.suse.com/security/cve/CVE-2016-2148.html https://www.suse.com/security/cve/CVE-2016-6301.html https://www.suse.com/security/cve/CVE-2017-15873.html https://www.suse.com/security/cve/CVE-2017-15874.html https://www.suse.com/security/cve/CVE-2017-16544.html https://www.suse.com/security/cve/CVE-2018-1000500.html https://www.suse.com/security/cve/CVE-2018-1000517.html https://www.suse.com/security/cve/CVE-2018-20679.html https://www.suse.com/security/cve/CVE-2019-5747.html https://www.suse.com/security/cve/CVE-2021-28831.html https://www.suse.com/security/cve/CVE-2021-42373.html https://www.suse.com/security/cve/CVE-2021-42374.html https://www.suse.com/security/cve/CVE-2021-42375.html https://www.suse.com/security/cve/CVE-2021-42376.html https://www.suse.com/security/cve/CVE-2021-42377.html https://www.suse.com/security/cve/CVE-2021-42378.html https://www.suse.com/security/cve/CVE-2021-42379.html https://www.suse.com/security/cve/CVE-2021-42380.html https://www.suse.com/security/cve/CVE-2021-42381.html https://www.suse.com/security/cve/CVE-2021-42382.html https://www.suse.com/security/cve/CVE-2021-42383.html https://www.suse.com/security/cve/CVE-2021-42384.html https://www.suse.com/security/cve/CVE-2021-42385.html https://www.suse.com/security/cve/CVE-2021-42386.html https://bugzilla.suse.com/1064976 https://bugzilla.suse.com/1064978 https://bugzilla.suse.com/1069412 https://bugzilla.suse.com/1099260 https://bugzilla.suse.com/1099263 https://bugzilla.suse.com/1102912 https://bugzilla.suse.com/1121426 https://bugzilla.suse.com/1121428 https://bugzilla.suse.com/1184522 https://bugzilla.suse.com/1192869 https://bugzilla.suse.com/951562 https://bugzilla.suse.com/970662 https://bugzilla.suse.com/970663 https://bugzilla.suse.com/991940

1 0

openSUSE-SU-2022:10196-1: important: Security update for libmodbus
by opensuse-security＠opensuse.org 11 Nov '22

11 Nov '22

openSUSE Security Update: Security update for libmodbus ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10196-1 Rating: important References: #1195124 Cross-References: CVE-2022-0367 CVSS scores: CVE-2022-0367 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libmodbus fixes the following issues: - CVE-2022-0367: Fixed heap-based Buffer Overflow in modbus_reply (boo#1195124). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10196=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): libmodbus-devel-3.1.6-bp154.2.3.1 libmodbus5-3.1.6-bp154.2.3.1 References: https://www.suse.com/security/cve/CVE-2022-0367.html https://bugzilla.suse.com/1195124

1 0

openSUSE-SU-2022:10197-1: important: Security update for autotrace
by opensuse-security＠opensuse.org 11 Nov '22

11 Nov '22

openSUSE Security Update: Security update for autotrace ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10197-1 Rating: important References: #1201529 Cross-References: CVE-2022-32323 CVSS scores: CVE-2022-32323 (NVD) : 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for autotrace fixes the following issues: - CVE-2022-32323: Fixed Heap overflow in ReadImage() (boo#1201529). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10197=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): autotrace-0.31.1-bp154.3.3.1 autotrace-devel-0.31.1-bp154.3.3.1 libautotrace3-0.31.1-bp154.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-32323.html https://bugzilla.suse.com/1201529

1 0

SUSE-SU-2022:3953-1: moderate: Security update for xterm
by opensuse-security＠opensuse.org 11 Nov '22

11 Nov '22

SUSE Security Update: Security update for xterm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3953-1 Rating: moderate References: #1195387 Cross-References: CVE-2022-24130 CVSS scores: CVE-2022-24130 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-24130 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xterm fixes the following issues: - CVE-2022-24130: Fixed buffer overflow in set_sixel when Sixel support is enabled (bsc#1195387). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3953=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3953=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3953=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3953=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): xterm-330-150200.11.6.1 xterm-bin-330-150200.11.6.1 xterm-bin-debuginfo-330-150200.11.6.1 xterm-debugsource-330-150200.11.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): xterm-330-150200.11.6.1 xterm-bin-330-150200.11.6.1 xterm-bin-debuginfo-330-150200.11.6.1 xterm-debugsource-330-150200.11.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): xterm-330-150200.11.6.1 xterm-bin-330-150200.11.6.1 xterm-bin-debuginfo-330-150200.11.6.1 xterm-debugsource-330-150200.11.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): xterm-330-150200.11.6.1 xterm-bin-330-150200.11.6.1 xterm-bin-debuginfo-330-150200.11.6.1 xterm-debugsource-330-150200.11.6.1 References: https://www.suse.com/security/cve/CVE-2022-24130.html https://bugzilla.suse.com/1195387

1 0

openSUSE-SU-2022:10199-1: important: Security update for autotrace
by opensuse-security＠opensuse.org 11 Nov '22

11 Nov '22

openSUSE Security Update: Security update for autotrace ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10199-1 Rating: important References: #1201529 Cross-References: CVE-2022-32323 CVSS scores: CVE-2022-32323 (NVD) : 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for autotrace fixes the following issues: - CVE-2022-32323: Fixed Heap overflow in ReadImage() (boo#1201529). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-10199=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64): autotrace-0.31.1-bp153.2.6.1 autotrace-devel-0.31.1-bp153.2.6.1 libautotrace3-0.31.1-bp153.2.6.1 References: https://www.suse.com/security/cve/CVE-2022-32323.html https://bugzilla.suse.com/1201529

1 0

SUSE-SU-2022:3949-1: moderate: Security update for rustup
by opensuse-security＠opensuse.org 11 Nov '22

11 Nov '22

SUSE Security Update: Security update for rustup ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3949-1 Rating: moderate References: #1194119 #1196972 Cross-References: CVE-2021-45710 CVE-2022-24713 CVSS scores: CVE-2021-45710 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-45710 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-24713 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-24713 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rustup fixes the following issues: Updated to version 1.25.1~0: - CVE-2022-24713: Fixed Regex denial of service (bsc#1196972). - CVE-2021-45710: Fixed tokio data race with memory corruption (bsc#1194119). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3949=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3949=1 Package List: - openSUSE Leap 15.3 (aarch64 x86_64): rustup-1.25.1~0-150300.7.13.2 rustup-debuginfo-1.25.1~0-150300.7.13.2 rustup-debugsource-1.25.1~0-150300.7.13.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): rustup-1.25.1~0-150300.7.13.2 rustup-debuginfo-1.25.1~0-150300.7.13.2 rustup-debugsource-1.25.1~0-150300.7.13.2 References: https://www.suse.com/security/cve/CVE-2021-45710.html https://www.suse.com/security/cve/CVE-2022-24713.html https://bugzilla.suse.com/1194119 https://bugzilla.suse.com/1196972

1 0

SUSE-SU-2022:3935-1: moderate: Security update for libarchive
by opensuse-security＠opensuse.org 10 Nov '22

10 Nov '22

SUSE Security Update: Security update for libarchive ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3935-1 Rating: moderate References: #1192426 #1192427 Cross-References: CVE-2021-31566 CVSS scores: CVE-2021-31566 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-31566 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libarchive fixes the following issues: - CVE-2021-31566: Fixed incorrect usage of file flags (bsc#1192426). - Fixed issues where postprocessing alters symlink targets instead of actual file (bsc#1192427). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3935=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3935=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3935=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): bsdtar-3.4.2-150200.4.12.1 bsdtar-debuginfo-3.4.2-150200.4.12.1 libarchive-debugsource-3.4.2-150200.4.12.1 libarchive-devel-3.4.2-150200.4.12.1 libarchive13-3.4.2-150200.4.12.1 libarchive13-debuginfo-3.4.2-150200.4.12.1 - openSUSE Leap 15.3 (x86_64): libarchive13-32bit-3.4.2-150200.4.12.1 libarchive13-32bit-debuginfo-3.4.2-150200.4.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): bsdtar-3.4.2-150200.4.12.1 bsdtar-debuginfo-3.4.2-150200.4.12.1 libarchive-debugsource-3.4.2-150200.4.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libarchive-debugsource-3.4.2-150200.4.12.1 libarchive-devel-3.4.2-150200.4.12.1 libarchive13-3.4.2-150200.4.12.1 libarchive13-debuginfo-3.4.2-150200.4.12.1 References: https://www.suse.com/security/cve/CVE-2021-31566.html https://bugzilla.suse.com/1192426 https://bugzilla.suse.com/1192427

1 0

SUSE-SU-2022:3936-1: moderate: Security update for libarchive
by opensuse-security＠opensuse.org 10 Nov '22

10 Nov '22

SUSE Security Update: Security update for libarchive ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3936-1 Rating: moderate References: #1192426 #1192427 Cross-References: CVE-2021-31566 CVSS scores: CVE-2021-31566 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-31566 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libarchive fixes the following issues: - CVE-2021-31566: Fixed vulnerability where libarchive modifies file flags of symlink target (bsc#1192426) - Fixed issue where processing fixup entries may follow symbolic links (bsc#1192427). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3936=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3936=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3936=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3936=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): bsdtar-3.5.1-150400.3.9.1 bsdtar-debuginfo-3.5.1-150400.3.9.1 libarchive-debugsource-3.5.1-150400.3.9.1 libarchive-devel-3.5.1-150400.3.9.1 libarchive13-3.5.1-150400.3.9.1 libarchive13-debuginfo-3.5.1-150400.3.9.1 - openSUSE Leap 15.4 (x86_64): libarchive13-32bit-3.5.1-150400.3.9.1 libarchive13-32bit-debuginfo-3.5.1-150400.3.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): bsdtar-3.5.1-150400.3.9.1 bsdtar-debuginfo-3.5.1-150400.3.9.1 libarchive-debugsource-3.5.1-150400.3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libarchive-debugsource-3.5.1-150400.3.9.1 libarchive-devel-3.5.1-150400.3.9.1 libarchive13-3.5.1-150400.3.9.1 libarchive13-debuginfo-3.5.1-150400.3.9.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libarchive-debugsource-3.5.1-150400.3.9.1 libarchive13-3.5.1-150400.3.9.1 libarchive13-debuginfo-3.5.1-150400.3.9.1 References: https://www.suse.com/security/cve/CVE-2021-31566.html https://bugzilla.suse.com/1192426 https://bugzilla.suse.com/1192427

1 0

SUSE-SU-2022:3941-1: important: Security update for xwayland
by opensuse-security＠opensuse.org 10 Nov '22

10 Nov '22

SUSE Security Update: Security update for xwayland ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3941-1 Rating: important References: #1204412 #1204416 Cross-References: CVE-2022-3550 CVE-2022-3551 CVSS scores: CVE-2022-3550 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3550 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3551 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3551 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xwayland fixes the following issues: - CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412). - CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3941=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3941=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): xwayland-21.1.4-150400.3.3.1 xwayland-debuginfo-21.1.4-150400.3.3.1 xwayland-debugsource-21.1.4-150400.3.3.1 xwayland-devel-21.1.4-150400.3.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): xwayland-21.1.4-150400.3.3.1 xwayland-debuginfo-21.1.4-150400.3.3.1 xwayland-debugsource-21.1.4-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-3550.html https://www.suse.com/security/cve/CVE-2022-3551.html https://bugzilla.suse.com/1204412 https://bugzilla.suse.com/1204416

1 0

SUSE-SU-2022:3932-1: moderate: Security update for python-rsa
by opensuse-security＠opensuse.org 10 Nov '22

10 Nov '22

SUSE Security Update: Security update for python-rsa ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3932-1 Rating: moderate References: #1178676 Cross-References: CVE-2020-25658 CVSS scores: CVE-2020-25658 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-25658 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-rsa fixes the following issues: - CVE-2020-25658: Fixed bleichenbacher timing oracle attack against RSA decryption (bsc#1178676). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3932=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3932=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3932=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3932=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3932=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3932=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3932=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3932=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3932=1 Package List: - openSUSE Leap Micro 5.2 (noarch): python3-rsa-3.4.2-150000.3.7.1 - openSUSE Leap 15.4 (noarch): python3-rsa-3.4.2-150000.3.7.1 - openSUSE Leap 15.3 (noarch): python2-rsa-3.4.2-150000.3.7.1 python3-rsa-3.4.2-150000.3.7.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): python2-rsa-3.4.2-150000.3.7.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): python2-rsa-3.4.2-150000.3.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-rsa-3.4.2-150000.3.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-rsa-3.4.2-150000.3.7.1 - SUSE Linux Enterprise Micro 5.3 (noarch): python3-rsa-3.4.2-150000.3.7.1 - SUSE Linux Enterprise Micro 5.2 (noarch): python3-rsa-3.4.2-150000.3.7.1 References: https://www.suse.com/security/cve/CVE-2020-25658.html https://bugzilla.suse.com/1178676

1 0

SUSE-SU-2022:3931-1: moderate: Security update for git
by opensuse-security＠opensuse.org 10 Nov '22

10 Nov '22

SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3931-1 Rating: moderate References: #1204455 #1204456 Cross-References: CVE-2022-39253 CVE-2022-39260 CVSS scores: CVE-2022-39253 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-39253 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2022-39260 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-39260 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for git fixes the following issues: - CVE-2022-39260: Fixed overflow in split_cmdline() (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3931=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3931=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3931=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3931=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3931=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3931=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.18.1 git-arch-2.35.3-150300.10.18.1 git-core-2.35.3-150300.10.18.1 git-core-debuginfo-2.35.3-150300.10.18.1 git-credential-gnome-keyring-2.35.3-150300.10.18.1 git-credential-gnome-keyring-debuginfo-2.35.3-150300.10.18.1 git-credential-libsecret-2.35.3-150300.10.18.1 git-credential-libsecret-debuginfo-2.35.3-150300.10.18.1 git-cvs-2.35.3-150300.10.18.1 git-daemon-2.35.3-150300.10.18.1 git-daemon-debuginfo-2.35.3-150300.10.18.1 git-debuginfo-2.35.3-150300.10.18.1 git-debugsource-2.35.3-150300.10.18.1 git-email-2.35.3-150300.10.18.1 git-gui-2.35.3-150300.10.18.1 git-p4-2.35.3-150300.10.18.1 git-svn-2.35.3-150300.10.18.1 git-web-2.35.3-150300.10.18.1 gitk-2.35.3-150300.10.18.1 perl-Git-2.35.3-150300.10.18.1 - openSUSE Leap 15.4 (noarch): git-doc-2.35.3-150300.10.18.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.18.1 git-arch-2.35.3-150300.10.18.1 git-core-2.35.3-150300.10.18.1 git-core-debuginfo-2.35.3-150300.10.18.1 git-credential-gnome-keyring-2.35.3-150300.10.18.1 git-credential-gnome-keyring-debuginfo-2.35.3-150300.10.18.1 git-credential-libsecret-2.35.3-150300.10.18.1 git-credential-libsecret-debuginfo-2.35.3-150300.10.18.1 git-cvs-2.35.3-150300.10.18.1 git-daemon-2.35.3-150300.10.18.1 git-daemon-debuginfo-2.35.3-150300.10.18.1 git-debuginfo-2.35.3-150300.10.18.1 git-debugsource-2.35.3-150300.10.18.1 git-email-2.35.3-150300.10.18.1 git-gui-2.35.3-150300.10.18.1 git-p4-2.35.3-150300.10.18.1 git-svn-2.35.3-150300.10.18.1 git-web-2.35.3-150300.10.18.1 gitk-2.35.3-150300.10.18.1 perl-Git-2.35.3-150300.10.18.1 - openSUSE Leap 15.3 (noarch): git-doc-2.35.3-150300.10.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.18.1 git-arch-2.35.3-150300.10.18.1 git-cvs-2.35.3-150300.10.18.1 git-daemon-2.35.3-150300.10.18.1 git-daemon-debuginfo-2.35.3-150300.10.18.1 git-debuginfo-2.35.3-150300.10.18.1 git-debugsource-2.35.3-150300.10.18.1 git-email-2.35.3-150300.10.18.1 git-gui-2.35.3-150300.10.18.1 git-svn-2.35.3-150300.10.18.1 git-web-2.35.3-150300.10.18.1 gitk-2.35.3-150300.10.18.1 perl-Git-2.35.3-150300.10.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): git-doc-2.35.3-150300.10.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.18.1 git-arch-2.35.3-150300.10.18.1 git-cvs-2.35.3-150300.10.18.1 git-daemon-2.35.3-150300.10.18.1 git-daemon-debuginfo-2.35.3-150300.10.18.1 git-debuginfo-2.35.3-150300.10.18.1 git-debugsource-2.35.3-150300.10.18.1 git-email-2.35.3-150300.10.18.1 git-gui-2.35.3-150300.10.18.1 git-svn-2.35.3-150300.10.18.1 git-web-2.35.3-150300.10.18.1 gitk-2.35.3-150300.10.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): git-doc-2.35.3-150300.10.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): git-core-2.35.3-150300.10.18.1 git-core-debuginfo-2.35.3-150300.10.18.1 git-debuginfo-2.35.3-150300.10.18.1 git-debugsource-2.35.3-150300.10.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): git-core-2.35.3-150300.10.18.1 git-core-debuginfo-2.35.3-150300.10.18.1 git-debuginfo-2.35.3-150300.10.18.1 git-debugsource-2.35.3-150300.10.18.1 perl-Git-2.35.3-150300.10.18.1 References: https://www.suse.com/security/cve/CVE-2022-39253.html https://www.suse.com/security/cve/CVE-2022-39260.html https://bugzilla.suse.com/1204455 https://bugzilla.suse.com/1204456

1 0

SUSE-SU-2022:3929-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 10 Nov '22

10 Nov '22

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3929-1 Rating: important References: #1032323 #1065729 #1196018 #1198702 #1200465 #1200788 #1201725 #1202686 #1202700 #1203066 #1203098 #1203387 #1203391 #1203496 #1204053 #1204166 #1204168 #1204354 #1204355 #1204382 #1204402 #1204415 #1204417 #1204431 #1204439 #1204470 #1204479 #1204574 #1204575 #1204619 #1204635 #1204637 #1204646 #1204647 #1204653 #1204728 #1204753 #1204754 PED-1931 SLE-13847 SLE-24559 SLE-9246 Cross-References: CVE-2021-4037 CVE-2022-2153 CVE-2022-28748 CVE-2022-2964 CVE-2022-2978 CVE-2022-3176 CVE-2022-3424 CVE-2022-3521 CVE-2022-3524 CVE-2022-3535 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3577 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3625 CVE-2022-3629 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-39189 CVE-2022-42703 CVE-2022-43750 CVSS scores: CVE-2021-4037 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4037 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-2153 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2153 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2978 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2978 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3176 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3176 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3521 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3521 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3535 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3535 (SUSE): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2022-3542 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3594 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3594 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3625 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3625 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3629 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3629 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3640 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3640 (SUSE): 7.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3646 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3646 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3649 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3649 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Realtime 15-SP3 SUSE Linux Enterprise Real Time 15-SP3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves 25 vulnerabilities, contains four features and has 13 fixes is now available. Description: The SUSE Linux Enterprise 15-SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-2964, CVE-2022-28748: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686 bsc#1196018). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702). - CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-2978: Fixed use-after-free in the NILFS file system that could lead to local privilege escalation or DoS (bnc#1202700). - CVE-2022-3176: Fixed use-after-free in io_uring when using POLLFREE (bnc#1203391). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device driver that could lead to local privilege escalation or DoS (bnc#1204470). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647). - CVE-2022-39189: Fixed a flaw in the x86 KVM subsystem that could allow unprivileged guest users to compromise the guest kernel via TLB flush operations on preempted vCPU (bnc#1203066). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - ACPI: extlog: Handle multiple records (git-fixes). - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - ALSA: Use del_timer_sync() before freeing timer (git-fixes). - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - ALSA: aoa: Fix I2S device accounting (git-fixes). - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - ALSA: au88x0: use explicitly signed char (git-fixes). - ALSA: dmaengine: increment buffer pointer atomically (git-fixes). - ALSA: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - ALSA: hda: Fix position reporting on Poulsbo (git-fixes). - ALSA: oss: Fix potential deadlock at unregistration (git-fixes). - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - ALSA: rme9652: use explicitly signed char (git-fixes). - ALSA: usb-audio: Fix NULL dererence at error path (git-fixes). - ALSA: usb-audio: Fix potential memory leaks (git-fixes). - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes). - ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - Bluetooth: L2CAP: Fix user-after-free (git-fixes). - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - HID: hidraw: fix memory leak in hidraw_release() (git-fixes). - HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - HID: multitouch: Add memory barriers (git-fixes). - HID: roccat: Fix use-after-free in roccat_read() (git-fixes). - HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes) - IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes) - IB/core: Only update PKEY and GID caches on respective events (git-fixes) - IB/hfi1: Adjust pkey entry in index 0 (git-fixes) - IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes) - IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes) - IB/mlx4: Add support for REJ due to timeout (git-fixes) - IB/mlx4: Use port iterator and validation APIs (git-fixes) - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes) - IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - IB/srpt: Remove redundant assignment to ret (git-fixes) - Input: i8042 - fix refount leak on sparc (git-fixes). - Input: xpad - add supported devices as contributed on github (git-fixes). - Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" (git-fixes). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - KVM: s390: VSIE: fix MVPG handling for prefixing and MSO (git-fixes). - KVM: s390: clear kicked_mask before sleeping again (git-fixes). - KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (git-fixes). - KVM: s390: pv: do not present the ecall interrupt twice (git-fixes). - KVM: s390: split kvm_s390_real_to_abs (git-fixes). - KVM: s390x: fix SCK locking (git-fixes). - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - PCI: Dynamically map ECAM regions (bsc#1204382). - PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - PM: domains: Fix handling of unavailable/disabled idle states (git-fixes). - PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - RDMA/bnxt_re: Add missing spin lock initialization (git-fixes) - RDMA/bnxt_re: Fix query SRQ failure (git-fixes) - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes) - RDMA/cma: Fix arguments order in net device validation (git-fixes) - RDMA/core: Sanitize WQ state received from the userspace (git-fixes) - RDMA/cxgb4: Remove MW support (git-fixes) - RDMA/efa: Free IRQ vectors on error flow (git-fixes) - RDMA/efa: Remove double QP type assignment (git-fixes) - RDMA/efa: Use ib_umem_num_dma_pages() (git-fixes) - RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/i40iw: Use ib_umem_num_dma_pages() (git-fixes) - RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes) - RDMA/mlx4: Return missed an error if device does not support steering (git-fixes) - RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes) - RDMA/mlx5: Block FDB rules when not in switchdev mode (git-fixes) - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes) - RDMA/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes) - RDMA/mlx5: Set user priority for DCT (git-fixes) - RDMA/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes) - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes) - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - RDMA/qedr: Fix reporting QP timeout attribute (git-fixes) - RDMA/qib: Remove superfluous fallthrough statements (git-fixes) - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - RDMA/rxe: Do not overwrite errno from ib_umem_get() (git-fixes) - RDMA/rxe: Fix "kernel NULL pointer dereference" error (git-fixes) - RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - RDMA/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes) - RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes) - RDMA/rxe: Fix failure during driver load (git-fixes) - RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes) - RDMA/rxe: Fix redundant call to ip_send_check (git-fixes) - RDMA/rxe: Fix redundant skb_put_zero (git-fixes) - RDMA/rxe: Fix rnr retry behavior (git-fixes) - RDMA/rxe: Fix the error caused by qp->sk (git-fixes) - RDMA/rxe: Fix wrong port_cap_flags (git-fixes) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - RDMA/rxe: Remove unused pkt->offset (git-fixes) - RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes) - RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes) - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes) - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - RDMA/siw: Pass a pointer to virt_to_page() (git-fixes) - RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - RDMA: Verify port when creating flow rule (git-fixes) - RDMA: remove useless condition in siw_create_cq() (git-fixes) - RDMa/mthca: Work around -Wenum-conversion warning (git-fixes) - Revert "usb: storage: Add quirk for Samsung Fit flash" (git-fixes). - Revert "usb: storage: Add quirk for Samsung Fit flash" (git-fixes). - USB: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - arm64: assembler: add cond_yield macro (git-fixes) - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: arm64/sha - fix function types (git-fixes) - crypto: arm64/sha1-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha2-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha3-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha512-ce - simplify NEON yield (git-fixes) - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - docs: update mediator information in CoC docs (git-fixes). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/udl: Restore display mode on resume (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - gpio: rockchip: request GPIO mux to pinctrl when setting direction (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - kABI: arm64/crypto/sha512 Preserve function signature (git-fixes). - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: sink stdout from cmd for silent build (git-fixes). - kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21 (jsc#SLE-24559). - kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - locking/csd_lock: Change csdlock_debug from early_param to __setup (git-fixes). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - mm, memcg: avoid stale protection values when cgroup is above protection (bsc#1204754). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim (bsc#1204754). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#PED-1931). - quota: widen timestamps for the fs_disk_quota structure (bsc#1203387). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/hypfs: avoid error message under KVM (bsc#1032323). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#PED-1931). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - struct pci_config_window kABI workaround (bsc#1204382). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - xfs: add missing assert in xfs_fsmap_owner_from_rmap (git-fixes). - xfs: enable big timestamps (bsc#1203387). - xfs: enable new inode btree counters feature (bsc#1203387). - xfs: explicitly define inode timestamp range (bsc#1203387). - xfs: fix memory corruption during remote attr value buffer invalidation (git-fixes). - xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes). - xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes). - xfs: move incore structures out of xfs_da_format.h (git-fixes). - xfs: quota: move to time64_t interfaces (bsc#1203387). - xfs: redefine xfs_ictimestamp_t (bsc#1203387). - xfs: redefine xfs_timestamp_t (bsc#1203387). - xfs: refactor remote attr value buffer invalidation (git-fixes). - xfs: remove obsolete AGF counter debugging (git-fixes). - xfs: rename `new' to `delta' in xfs_growfs_data_private() (git-fixes). - xfs: reserve data and rt quota at the same time (bsc#1203496). - xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes). - xfs: store inode btree block counts in AGI header (bsc#1203387). - xfs: streamline xfs_attr3_leaf_inactive (git-fixes). - xfs: use a struct timespec64 for the in-core crtime (bsc#1203387). - xfs: use the finobt block counts to speed up mount times (bsc#1203387). - xfs: widen ondisk inode timestamps to deal with y2038+ (bsc#1203387). - xfs: widen ondisk quota expiration timestamps to handle y2038+ (bsc#1203387). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3929=1 - SUSE Linux Enterprise Module for Realtime 15-SP3: zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2022-3929=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3929=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3929=1 Package List: - openSUSE Leap Micro 5.2 (x86_64): kernel-rt-5.3.18-150300.109.1 kernel-rt-debuginfo-5.3.18-150300.109.1 kernel-rt-debugsource-5.3.18-150300.109.1 - SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64): cluster-md-kmp-rt-5.3.18-150300.109.1 cluster-md-kmp-rt-debuginfo-5.3.18-150300.109.1 dlm-kmp-rt-5.3.18-150300.109.1 dlm-kmp-rt-debuginfo-5.3.18-150300.109.1 gfs2-kmp-rt-5.3.18-150300.109.1 gfs2-kmp-rt-debuginfo-5.3.18-150300.109.1 kernel-rt-5.3.18-150300.109.1 kernel-rt-debuginfo-5.3.18-150300.109.1 kernel-rt-debugsource-5.3.18-150300.109.1 kernel-rt-devel-5.3.18-150300.109.1 kernel-rt-devel-debuginfo-5.3.18-150300.109.1 kernel-rt_debug-debuginfo-5.3.18-150300.109.1 kernel-rt_debug-debugsource-5.3.18-150300.109.1 kernel-rt_debug-devel-5.3.18-150300.109.1 kernel-rt_debug-devel-debuginfo-5.3.18-150300.109.1 kernel-syms-rt-5.3.18-150300.109.1 ocfs2-kmp-rt-5.3.18-150300.109.1 ocfs2-kmp-rt-debuginfo-5.3.18-150300.109.1 - SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch): kernel-devel-rt-5.3.18-150300.109.1 kernel-source-rt-5.3.18-150300.109.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): kernel-rt-5.3.18-150300.109.1 kernel-rt-debuginfo-5.3.18-150300.109.1 kernel-rt-debugsource-5.3.18-150300.109.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): kernel-rt-5.3.18-150300.109.1 kernel-rt-debuginfo-5.3.18-150300.109.1 kernel-rt-debugsource-5.3.18-150300.109.1 References: https://www.suse.com/security/cve/CVE-2021-4037.html https://www.suse.com/security/cve/CVE-2022-2153.html https://www.suse.com/security/cve/CVE-2022-28748.html https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-2978.html https://www.suse.com/security/cve/CVE-2022-3176.html https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-3521.html https://www.suse.com/security/cve/CVE-2022-3524.html https://www.suse.com/security/cve/CVE-2022-3535.html https://www.suse.com/security/cve/CVE-2022-3542.html https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3565.html https://www.suse.com/security/cve/CVE-2022-3577.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3594.html https://www.suse.com/security/cve/CVE-2022-3621.html https://www.suse.com/security/cve/CVE-2022-3625.html https://www.suse.com/security/cve/CVE-2022-3629.html https://www.suse.com/security/cve/CVE-2022-3640.html https://www.suse.com/security/cve/CVE-2022-3646.html https://www.suse.com/security/cve/CVE-2022-3649.html https://www.suse.com/security/cve/CVE-2022-39189.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-43750.html https://bugzilla.suse.com/1032323 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1198702 https://bugzilla.suse.com/1200465 https://bugzilla.suse.com/1200788 https://bugzilla.suse.com/1201725 https://bugzilla.suse.com/1202686 https://bugzilla.suse.com/1202700 https://bugzilla.suse.com/1203066 https://bugzilla.suse.com/1203098 https://bugzilla.suse.com/1203387 https://bugzilla.suse.com/1203391 https://bugzilla.suse.com/1203496 https://bugzilla.suse.com/1204053 https://bugzilla.suse.com/1204166 https://bugzilla.suse.com/1204168 https://bugzilla.suse.com/1204354 https://bugzilla.suse.com/1204355 https://bugzilla.suse.com/1204382 https://bugzilla.suse.com/1204402 https://bugzilla.suse.com/1204415 https://bugzilla.suse.com/1204417 https://bugzilla.suse.com/1204431 https://bugzilla.suse.com/1204439 https://bugzilla.suse.com/1204470 https://bugzilla.suse.com/1204479 https://bugzilla.suse.com/1204574 https://bugzilla.suse.com/1204575 https://bugzilla.suse.com/1204619 https://bugzilla.suse.com/1204635 https://bugzilla.suse.com/1204637 https://bugzilla.suse.com/1204646 https://bugzilla.suse.com/1204647 https://bugzilla.suse.com/1204653 https://bugzilla.suse.com/1204728 https://bugzilla.suse.com/1204753 https://bugzilla.suse.com/1204754

1 0

SUSE-SU-2022:3922-1: important: Security update for protobuf
by opensuse-security＠opensuse.org 09 Nov '22

09 Nov '22

SUSE Security Update: Security update for protobuf ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3922-1 Rating: important References: #1194530 #1203681 #1204256 Cross-References: CVE-2021-22569 CVE-2022-1941 CVE-2022-3171 CVSS scores: CVE-2021-22569 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-22569 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-1941 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1941 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3171 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3171 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP2 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Installer 15-SP2 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3922=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3922=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3922=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3922=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3922=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3922=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3922=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3922=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3922=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3922=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3922=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-3922=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-3922=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-3922=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-3922=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3922=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3922=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3922=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3922=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3922=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3922=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3922=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3922=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3922=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2022-3922=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3922=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3922=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3922=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 protobuf-java-3.9.2-150200.4.19.2 python3-protobuf-3.9.2-150200.4.19.2 - openSUSE Leap 15.4 (noarch): protobuf-source-3.9.2-150200.4.19.2 - openSUSE Leap 15.4 (x86_64): libprotobuf-lite20-32bit-3.9.2-150200.4.19.2 libprotobuf-lite20-32bit-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-32bit-3.9.2-150200.4.19.2 libprotobuf20-32bit-debuginfo-3.9.2-150200.4.19.2 libprotoc20-32bit-3.9.2-150200.4.19.2 libprotoc20-32bit-debuginfo-3.9.2-150200.4.19.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 protobuf-java-3.9.2-150200.4.19.2 python2-protobuf-3.9.2-150200.4.19.2 python3-protobuf-3.9.2-150200.4.19.2 - openSUSE Leap 15.3 (x86_64): libprotobuf-lite20-32bit-3.9.2-150200.4.19.2 libprotobuf-lite20-32bit-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-32bit-3.9.2-150200.4.19.2 libprotobuf20-32bit-debuginfo-3.9.2-150200.4.19.2 libprotoc20-32bit-3.9.2-150200.4.19.2 libprotoc20-32bit-debuginfo-3.9.2-150200.4.19.2 - openSUSE Leap 15.3 (noarch): protobuf-source-3.9.2-150200.4.19.2 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 - SUSE Manager Proxy 4.1 (x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le s390x x86_64): protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-java-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (aarch64 ppc64le s390x x86_64): protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-java-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (aarch64 ppc64le s390x x86_64): protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-java-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 ppc64le s390x x86_64): protobuf-debugsource-3.9.2-150200.4.19.2 python3-protobuf-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): protobuf-debugsource-3.9.2-150200.4.19.2 python3-protobuf-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): python3-protobuf-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): protobuf-debugsource-3.9.2-150200.4.19.2 python2-protobuf-3.9.2-150200.4.19.2 python3-protobuf-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): protobuf-debugsource-3.9.2-150200.4.19.2 python2-protobuf-3.9.2-150200.4.19.2 python3-protobuf-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 References: https://www.suse.com/security/cve/CVE-2021-22569.html https://www.suse.com/security/cve/CVE-2022-1941.html https://www.suse.com/security/cve/CVE-2022-3171.html https://bugzilla.suse.com/1194530 https://bugzilla.suse.com/1203681 https://bugzilla.suse.com/1204256

1 0

openSUSE-SU-2022:10191-1: important: Security update for exim
by opensuse-security＠opensuse.org 09 Nov '22

09 Nov '22

openSUSE Security Update: Security update for exim ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10191-1 Rating: important References: #1204427 Cross-References: CVE-2022-3559 CVSS scores: CVE-2022-3559 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for exim fixes the following issues: - CVE-2022-3559: Fixed use after free in processing of the component Regex Handler (boo#1204427, Bug 2915) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-10191=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 ppc64le s390x x86_64): exim-4.94.2-bp153.5.1 eximon-4.94.2-bp153.5.1 eximstats-html-4.94.2-bp153.5.1 References: https://www.suse.com/security/cve/CVE-2022-3559.html https://bugzilla.suse.com/1204427

1 0

SUSE-SU-2022:3919-1: important: Security update for kubevirt
by opensuse-security＠opensuse.org 08 Nov '22

08 Nov '22

SUSE Security Update: Security update for kubevirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3919-1 Rating: important References: Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update rebuilds the kubevirt stack to include recent security updates in its basecontainers. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3919=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-3919=1 Package List: - openSUSE Leap 15.3 (x86_64): kubevirt-container-disk-0.49.0-150300.8.15.1 kubevirt-container-disk-debuginfo-0.49.0-150300.8.15.1 kubevirt-manifests-0.49.0-150300.8.15.1 kubevirt-tests-0.49.0-150300.8.15.1 kubevirt-tests-debuginfo-0.49.0-150300.8.15.1 kubevirt-virt-api-0.49.0-150300.8.15.1 kubevirt-virt-api-debuginfo-0.49.0-150300.8.15.1 kubevirt-virt-controller-0.49.0-150300.8.15.1 kubevirt-virt-controller-debuginfo-0.49.0-150300.8.15.1 kubevirt-virt-handler-0.49.0-150300.8.15.1 kubevirt-virt-handler-debuginfo-0.49.0-150300.8.15.1 kubevirt-virt-launcher-0.49.0-150300.8.15.1 kubevirt-virt-launcher-debuginfo-0.49.0-150300.8.15.1 kubevirt-virt-operator-0.49.0-150300.8.15.1 kubevirt-virt-operator-debuginfo-0.49.0-150300.8.15.1 kubevirt-virtctl-0.49.0-150300.8.15.1 kubevirt-virtctl-debuginfo-0.49.0-150300.8.15.1 obs-service-kubevirt_containers_meta-0.49.0-150300.8.15.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (x86_64): kubevirt-manifests-0.49.0-150300.8.15.1 kubevirt-virtctl-0.49.0-150300.8.15.1 kubevirt-virtctl-debuginfo-0.49.0-150300.8.15.1 References:

1 0

SUSE-SU-2022:3920-1: important: Security update for containerized data importer
by opensuse-security＠opensuse.org 08 Nov '22

08 Nov '22

SUSE Security Update: Security update for containerized data importer ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3920-1 Rating: important References: Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of containerized data importer images rebases the containers against the current base images to resolve security issues. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3920=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-3920=1 Package List: - openSUSE Leap 15.3 (x86_64): containerized-data-importer-api-1.43.2-150300.8.11.1 containerized-data-importer-api-debuginfo-1.43.2-150300.8.11.1 containerized-data-importer-cloner-1.43.2-150300.8.11.1 containerized-data-importer-cloner-debuginfo-1.43.2-150300.8.11.1 containerized-data-importer-controller-1.43.2-150300.8.11.1 containerized-data-importer-controller-debuginfo-1.43.2-150300.8.11.1 containerized-data-importer-importer-1.43.2-150300.8.11.1 containerized-data-importer-importer-debuginfo-1.43.2-150300.8.11.1 containerized-data-importer-manifests-1.43.2-150300.8.11.1 containerized-data-importer-operator-1.43.2-150300.8.11.1 containerized-data-importer-operator-debuginfo-1.43.2-150300.8.11.1 containerized-data-importer-uploadproxy-1.43.2-150300.8.11.1 containerized-data-importer-uploadproxy-debuginfo-1.43.2-150300.8.11.1 containerized-data-importer-uploadserver-1.43.2-150300.8.11.1 containerized-data-importer-uploadserver-debuginfo-1.43.2-150300.8.11.1 obs-service-cdi_containers_meta-1.43.2-150300.8.11.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (x86_64): containerized-data-importer-manifests-1.43.2-150300.8.11.1 References:

1 0

SUSE-SU-2022:3915-1: moderate: Security update for vsftpd
by opensuse-security＠opensuse.org 08 Nov '22

08 Nov '22

SUSE Security Update: Security update for vsftpd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3915-1 Rating: moderate References: #1196918 SLE-24275 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes and contains one feature can now be installed. Description: This update for vsftpd fixes the following issues: Bugfixes: - Removed unsupported systemd hardening options (bsc#1196918). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3915=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3915=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): vsftpd-3.0.5-150400.3.6.1 vsftpd-debuginfo-3.0.5-150400.3.6.1 vsftpd-debugsource-3.0.5-150400.3.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): vsftpd-3.0.5-150400.3.6.1 vsftpd-debuginfo-3.0.5-150400.3.6.1 vsftpd-debugsource-3.0.5-150400.3.6.1 References: https://bugzilla.suse.com/1196918

1 0

SUSE-SU-2022:3912-1: important: Security update for expat
by opensuse-security＠opensuse.org 08 Nov '22

08 Nov '22

SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3912-1 Rating: important References: #1204708 Cross-References: CVE-2022-43680 CVSS scores: CVE-2022-43680 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43680 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3912=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3912=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3912=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3912=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3912=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3912=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3912=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3912=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3912=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3912=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3912=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3912=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3912=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3912=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3912=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3912=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3912=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3912=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3912=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3912=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3912=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3912=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3912=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3912=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - openSUSE Leap 15.3 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat-devel-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Manager Server 4.1 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): expat-2.2.5-150000.3.25.1 expat-32bit-debuginfo-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Manager Proxy 4.1 (x86_64): expat-2.2.5-150000.3.25.1 expat-32bit-debuginfo-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): expat-2.2.5-150000.3.25.1 expat-32bit-debuginfo-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): expat-2.2.5-150000.3.25.1 expat-32bit-debuginfo-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Enterprise Storage 7 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Enterprise Storage 6 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE CaaS Platform 4.0 (x86_64): expat-2.2.5-150000.3.25.1 expat-32bit-debuginfo-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 References: https://www.suse.com/security/cve/CVE-2022-43680.html https://bugzilla.suse.com/1204708

1 0

SUSE-SU-2022:3913-1: moderate: Security update for vsftpd
by opensuse-security＠opensuse.org 08 Nov '22

08 Nov '22

SUSE Security Update: Security update for vsftpd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3913-1 Rating: moderate References: #1196918 SLE-24275 Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that contains security fixes and contains one feature can now be installed. Description: This update for vsftpd fixes the following issues: Bugfixes: - Removed unsupported systemd hardening options (bsc#1196918). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3913=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3913=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3913=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3913=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3913=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3913=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3913=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3913=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3913=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3913=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3913=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): vsftpd-3.0.5-150200.12.12.1 vsftpd-debuginfo-3.0.5-150200.12.12.1 vsftpd-debugsource-3.0.5-150200.12.12.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): vsftpd-3.0.5-150200.12.12.1 vsftpd-debuginfo-3.0.5-150200.12.12.1 vsftpd-debugsource-3.0.5-150200.12.12.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): vsftpd-3.0.5-150200.12.12.1 vsftpd-debuginfo-3.0.5-150200.12.12.1 vsftpd-debugsource-3.0.5-150200.12.12.1 - SUSE Manager Proxy 4.1 (x86_64): vsftpd-3.0.5-150200.12.12.1 vsftpd-debuginfo-3.0.5-150200.12.12.1 vsftpd-debugsource-3.0.5-150200.12.12.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): vsftpd-3.0.5-150200.12.12.1 vsftpd-debuginfo-3.0.5-150200.12.12.1 vsftpd-debugsource-3.0.5-150200.12.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): vsftpd-3.0.5-150200.12.12.1 vsftpd-debuginfo-3.0.5-150200.12.12.1 vsftpd-debugsource-3.0.5-150200.12.12.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): vsftpd-3.0.5-150200.12.12.1 vsftpd-debuginfo-3.0.5-150200.12.12.1 vsftpd-debugsource-3.0.5-150200.12.12.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): vsftpd-3.0.5-150200.12.12.1 vsftpd-debuginfo-3.0.5-150200.12.12.1 vsftpd-debugsource-3.0.5-150200.12.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): vsftpd-3.0.5-150200.12.12.1 vsftpd-debuginfo-3.0.5-150200.12.12.1 vsftpd-debugsource-3.0.5-150200.12.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): vsftpd-3.0.5-150200.12.12.1 vsftpd-debuginfo-3.0.5-150200.12.12.1 vsftpd-debugsource-3.0.5-150200.12.12.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): vsftpd-3.0.5-150200.12.12.1 vsftpd-debuginfo-3.0.5-150200.12.12.1 vsftpd-debugsource-3.0.5-150200.12.12.1 References: https://bugzilla.suse.com/1196918

1 0

SUSE-SU-2022:3907-1: moderate: Security update for gstreamer-plugins-base
by opensuse-security＠opensuse.org 08 Nov '22

08 Nov '22

SUSE Security Update: Security update for gstreamer-plugins-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3907-1 Rating: moderate References: #1185448 Cross-References: CVE-2021-3522 CVSS scores: CVE-2021-3522 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3522 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gstreamer-plugins-base fixes the following issues: - CVE-2021-3522: Fixed ID3v2 tag frame size check and potential invalid reads (bsc#1185448). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3907=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3907=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3907=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3907=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3907=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3907=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): gstreamer-plugins-base-1.16.3-150200.4.6.2 gstreamer-plugins-base-debuginfo-1.16.3-150200.4.6.2 gstreamer-plugins-base-debugsource-1.16.3-150200.4.6.2 libgstallocators-1_0-0-1.16.3-150200.4.6.2 libgstallocators-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstapp-1_0-0-1.16.3-150200.4.6.2 libgstapp-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstaudio-1_0-0-1.16.3-150200.4.6.2 libgstaudio-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstgl-1_0-0-1.16.3-150200.4.6.2 libgstgl-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstpbutils-1_0-0-1.16.3-150200.4.6.2 libgstpbutils-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstriff-1_0-0-1.16.3-150200.4.6.2 libgstriff-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgsttag-1_0-0-1.16.3-150200.4.6.2 libgsttag-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstvideo-1_0-0-1.16.3-150200.4.6.2 libgstvideo-1_0-0-debuginfo-1.16.3-150200.4.6.2 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-base-doc-1.16.3-150200.4.6.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-base-1.16.3-150200.4.6.2 gstreamer-plugins-base-debuginfo-1.16.3-150200.4.6.2 gstreamer-plugins-base-debugsource-1.16.3-150200.4.6.2 gstreamer-plugins-base-devel-1.16.3-150200.4.6.2 gstreamer-plugins-base-doc-1.16.3-150200.4.6.2 libgstallocators-1_0-0-1.16.3-150200.4.6.2 libgstallocators-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstapp-1_0-0-1.16.3-150200.4.6.2 libgstapp-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstaudio-1_0-0-1.16.3-150200.4.6.2 libgstaudio-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstfft-1_0-0-1.16.3-150200.4.6.2 libgstfft-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstgl-1_0-0-1.16.3-150200.4.6.2 libgstgl-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstpbutils-1_0-0-1.16.3-150200.4.6.2 libgstpbutils-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstriff-1_0-0-1.16.3-150200.4.6.2 libgstriff-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstrtp-1_0-0-1.16.3-150200.4.6.2 libgstrtp-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstrtsp-1_0-0-1.16.3-150200.4.6.2 libgstrtsp-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstsdp-1_0-0-1.16.3-150200.4.6.2 libgstsdp-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgsttag-1_0-0-1.16.3-150200.4.6.2 libgsttag-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstvideo-1_0-0-1.16.3-150200.4.6.2 libgstvideo-1_0-0-debuginfo-1.16.3-150200.4.6.2 typelib-1_0-GstAllocators-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstApp-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstAudio-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstGL-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstPbutils-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstRtp-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstRtsp-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstSdp-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstTag-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstVideo-1_0-1.16.3-150200.4.6.2 - openSUSE Leap 15.3 (noarch): gstreamer-plugins-base-lang-1.16.3-150200.4.6.2 - openSUSE Leap 15.3 (x86_64): gstreamer-plugins-base-32bit-1.16.3-150200.4.6.2 gstreamer-plugins-base-32bit-debuginfo-1.16.3-150200.4.6.2 gstreamer-plugins-base-devel-32bit-1.16.3-150200.4.6.2 libgstallocators-1_0-0-32bit-1.16.3-150200.4.6.2 libgstallocators-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgstapp-1_0-0-32bit-1.16.3-150200.4.6.2 libgstapp-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgstaudio-1_0-0-32bit-1.16.3-150200.4.6.2 libgstaudio-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgstfft-1_0-0-32bit-1.16.3-150200.4.6.2 libgstfft-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgstgl-1_0-0-32bit-1.16.3-150200.4.6.2 libgstgl-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgstpbutils-1_0-0-32bit-1.16.3-150200.4.6.2 libgstpbutils-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgstriff-1_0-0-32bit-1.16.3-150200.4.6.2 libgstriff-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgstrtp-1_0-0-32bit-1.16.3-150200.4.6.2 libgstrtp-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgstrtsp-1_0-0-32bit-1.16.3-150200.4.6.2 libgstrtsp-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgstsdp-1_0-0-32bit-1.16.3-150200.4.6.2 libgstsdp-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgsttag-1_0-0-32bit-1.16.3-150200.4.6.2 libgsttag-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgstvideo-1_0-0-32bit-1.16.3-150200.4.6.2 libgstvideo-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): gstreamer-plugins-base-32bit-debuginfo-1.16.3-150200.4.6.2 gstreamer-plugins-base-debugsource-1.16.3-150200.4.6.2 libgstaudio-1_0-0-32bit-1.16.3-150200.4.6.2 libgstaudio-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgsttag-1_0-0-32bit-1.16.3-150200.4.6.2 libgsttag-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgstvideo-1_0-0-32bit-1.16.3-150200.4.6.2 libgstvideo-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-base-1.16.3-150200.4.6.2 gstreamer-plugins-base-debuginfo-1.16.3-150200.4.6.2 gstreamer-plugins-base-debugsource-1.16.3-150200.4.6.2 gstreamer-plugins-base-devel-1.16.3-150200.4.6.2 libgstallocators-1_0-0-1.16.3-150200.4.6.2 libgstallocators-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstapp-1_0-0-1.16.3-150200.4.6.2 libgstapp-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstaudio-1_0-0-1.16.3-150200.4.6.2 libgstaudio-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstfft-1_0-0-1.16.3-150200.4.6.2 libgstfft-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstgl-1_0-0-1.16.3-150200.4.6.2 libgstgl-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstpbutils-1_0-0-1.16.3-150200.4.6.2 libgstpbutils-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstriff-1_0-0-1.16.3-150200.4.6.2 libgstriff-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstrtp-1_0-0-1.16.3-150200.4.6.2 libgstrtp-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstrtsp-1_0-0-1.16.3-150200.4.6.2 libgstrtsp-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstsdp-1_0-0-1.16.3-150200.4.6.2 libgstsdp-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgsttag-1_0-0-1.16.3-150200.4.6.2 libgsttag-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstvideo-1_0-0-1.16.3-150200.4.6.2 libgstvideo-1_0-0-debuginfo-1.16.3-150200.4.6.2 typelib-1_0-GstAllocators-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstApp-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstAudio-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstGL-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstPbutils-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstRtp-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstRtsp-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstSdp-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstTag-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstVideo-1_0-1.16.3-150200.4.6.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): gstreamer-plugins-base-lang-1.16.3-150200.4.6.2 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): gstreamer-plugins-base-1.16.3-150200.4.6.2 gstreamer-plugins-base-debuginfo-1.16.3-150200.4.6.2 gstreamer-plugins-base-debugsource-1.16.3-150200.4.6.2 libgstallocators-1_0-0-1.16.3-150200.4.6.2 libgstallocators-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstapp-1_0-0-1.16.3-150200.4.6.2 libgstapp-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstaudio-1_0-0-1.16.3-150200.4.6.2 libgstaudio-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstgl-1_0-0-1.16.3-150200.4.6.2 libgstgl-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstpbutils-1_0-0-1.16.3-150200.4.6.2 libgstpbutils-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstriff-1_0-0-1.16.3-150200.4.6.2 libgstriff-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgsttag-1_0-0-1.16.3-150200.4.6.2 libgsttag-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstvideo-1_0-0-1.16.3-150200.4.6.2 libgstvideo-1_0-0-debuginfo-1.16.3-150200.4.6.2 References: https://www.suse.com/security/cve/CVE-2021-3522.html https://bugzilla.suse.com/1185448

1 0

SUSE-SU-2022:3908-1: moderate: Security update for gstreamer-plugins-good
by opensuse-security＠opensuse.org 08 Nov '22

08 Nov '22

SUSE Security Update: Security update for gstreamer-plugins-good ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3908-1 Rating: moderate References: #1201688 #1201693 #1201702 #1201704 #1201706 #1201707 #1201708 Cross-References: CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923 CVE-2022-1924 CVE-2022-1925 CVE-2022-2122 CVSS scores: CVE-2022-1920 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1920 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-1921 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1921 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-1922 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1922 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2022-1923 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1923 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2022-1924 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1924 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2022-1925 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1925 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2022-2122 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2122 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for gstreamer-plugins-good fixes the following issues: - CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688). - CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693). - CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702). - CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704). - CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706). - CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707). - CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3908=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3908=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-good-1.20.1-150400.3.3.1 gstreamer-plugins-good-debuginfo-1.20.1-150400.3.3.1 gstreamer-plugins-good-debugsource-1.20.1-150400.3.3.1 gstreamer-plugins-good-extra-1.20.1-150400.3.3.1 gstreamer-plugins-good-extra-debuginfo-1.20.1-150400.3.3.1 gstreamer-plugins-good-gtk-1.20.1-150400.3.3.1 gstreamer-plugins-good-gtk-debuginfo-1.20.1-150400.3.3.1 gstreamer-plugins-good-jack-1.20.1-150400.3.3.1 gstreamer-plugins-good-jack-debuginfo-1.20.1-150400.3.3.1 gstreamer-plugins-good-qtqml-1.20.1-150400.3.3.1 gstreamer-plugins-good-qtqml-debuginfo-1.20.1-150400.3.3.1 - openSUSE Leap 15.4 (noarch): gstreamer-plugins-good-lang-1.20.1-150400.3.3.1 - openSUSE Leap 15.4 (x86_64): gstreamer-plugins-good-32bit-1.20.1-150400.3.3.1 gstreamer-plugins-good-32bit-debuginfo-1.20.1-150400.3.3.1 gstreamer-plugins-good-extra-32bit-1.20.1-150400.3.3.1 gstreamer-plugins-good-extra-32bit-debuginfo-1.20.1-150400.3.3.1 gstreamer-plugins-good-jack-32bit-1.20.1-150400.3.3.1 gstreamer-plugins-good-jack-32bit-debuginfo-1.20.1-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-good-1.20.1-150400.3.3.1 gstreamer-plugins-good-debuginfo-1.20.1-150400.3.3.1 gstreamer-plugins-good-debugsource-1.20.1-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): gstreamer-plugins-good-lang-1.20.1-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-1920.html https://www.suse.com/security/cve/CVE-2022-1921.html https://www.suse.com/security/cve/CVE-2022-1922.html https://www.suse.com/security/cve/CVE-2022-1923.html https://www.suse.com/security/cve/CVE-2022-1924.html https://www.suse.com/security/cve/CVE-2022-1925.html https://www.suse.com/security/cve/CVE-2022-2122.html https://bugzilla.suse.com/1201688 https://bugzilla.suse.com/1201693 https://bugzilla.suse.com/1201702 https://bugzilla.suse.com/1201704 https://bugzilla.suse.com/1201706 https://bugzilla.suse.com/1201707 https://bugzilla.suse.com/1201708

1 0

SUSE-SU-2022:3899-1: important: Security update for sendmail
by opensuse-security＠opensuse.org 08 Nov '22

08 Nov '22

SUSE Security Update: Security update for sendmail ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3899-1 Rating: important References: #1202937 #1204696 Cross-References: CVE-2022-31256 CVSS scores: CVE-2022-31256 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31256 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for sendmail fixes the following issues: - CVE-2022-31256: Fixed mail to root privilege escalation via sm-client.pre script (bsc#1204696, bsc#1202937). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3899=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3899=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3899=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3899=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3899=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3899=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3899=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3899=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3899=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3899=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3899=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3899=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3899=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3899=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3899=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3899=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3899=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3899=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3899=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3899=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3899=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3899=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3899=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3899=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3899=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 rmail-8.15.2-150000.8.9.1 rmail-debuginfo-8.15.2-150000.8.9.1 sendmail-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 sendmail-devel-8.15.2-150000.8.9.1 - openSUSE Leap 15.4 (noarch): libmilter-doc-8.15.2-150000.8.9.1 sendmail-starttls-8.15.2-150000.8.9.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 rmail-8.15.2-150000.8.9.1 rmail-debuginfo-8.15.2-150000.8.9.1 sendmail-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 sendmail-devel-8.15.2-150000.8.9.1 - openSUSE Leap 15.3 (noarch): libmilter-doc-8.15.2-150000.8.9.1 sendmail-starttls-8.15.2-150000.8.9.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Manager Proxy 4.1 (x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): rmail-8.15.2-150000.8.9.1 rmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): rmail-8.15.2-150000.8.9.1 rmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE CaaS Platform 4.0 (x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 References: https://www.suse.com/security/cve/CVE-2022-31256.html https://bugzilla.suse.com/1202937 https://bugzilla.suse.com/1204696

1 0

SUSE-SU-2022:3897-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 08 Nov '22

08 Nov '22

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3897-1 Rating: important References: #1032323 #1065729 #1152489 #1196018 #1198702 #1200465 #1200788 #1201725 #1202638 #1202686 #1202700 #1203066 #1203098 #1203290 #1203387 #1203391 #1203496 #1203514 #1203770 #1203802 #1204051 #1204053 #1204059 #1204060 #1204125 #1204166 #1204168 #1204354 #1204355 #1204382 #1204402 #1204415 #1204417 #1204431 #1204439 #1204470 #1204479 #1204574 #1204575 #1204619 #1204635 #1204637 #1204646 #1204647 #1204653 #1204728 #1204753 #1204754 PED-1931 Cross-References: CVE-2021-4037 CVE-2022-2153 CVE-2022-28748 CVE-2022-2964 CVE-2022-2978 CVE-2022-3169 CVE-2022-3176 CVE-2022-3424 CVE-2022-3521 CVE-2022-3524 CVE-2022-3535 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3577 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3623 CVE-2022-3625 CVE-2022-3629 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-39189 CVE-2022-40768 CVE-2022-41674 CVE-2022-42703 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-43750 CVSS scores: CVE-2021-4037 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4037 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-2153 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2153 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2978 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2978 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3176 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3176 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3521 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3521 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3535 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3535 (SUSE): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2022-3542 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3594 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3594 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3623 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3623 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3625 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3625 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3629 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3629 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3640 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3640 (SUSE): 7.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3646 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3646 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3649 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3649 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41674 (NVD) : 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-41674 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42721 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42721 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42722 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42722 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43750 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 33 vulnerabilities, contains one feature and has 15 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702). - CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788). - CVE-2022-2964, CVE-2022-28748: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686 bsc#1196018). - CVE-2022-2978: Fixed use-after-free in the NILFS file system that could lead to local privilege escalation or DoS (bnc#1202700). - CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent (bnc#1203290). - CVE-2022-3176: Fixed use-after-free in io_uring when using POLLFREE (bnc#1203391). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device driver that could lead to local privilege escalation or DoS (bnc#1204470). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3623: Fixed race condition in follow_page_pte() (mm/gup.c) (bsc#1204575). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647). - CVE-2022-39189: Fixed a flaw in the x86 KVM subsystem that could allow unprivileged guest users to compromise the guest kernel via TLB flush operations on preempted vCPU (bnc#1203066). - CVE-2022-40768: Fixed information disclosure in stex_queuecommand_lck (bnc#1203514). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - acpi: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - acpi: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - acpi: extlog: Handle multiple records (git-fixes). - acpi: processor idle: Practically limit "Dummy wait" workaround to old Intel systems (bnc#1203802). - acpi: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - alsa: Use del_timer_sync( before freeing timer (git-fixes). - alsa: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - alsa: aoa: Fix I2S device accounting (git-fixes). - alsa: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - alsa: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - alsa: au88x0: use explicitly signed char (git-fixes). - alsa: dmaengine: increment buffer pointer atomically (git-fixes). - alsa: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - alsa: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - alsa: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - alsa: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - alsa: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - alsa: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - alsa: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - alsa: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - alsa: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - alsa: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - alsa: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - alsa: hda/sigmatel: Keep power up while beep is enabled (git-fixes). - alsa: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - alsa: hda: Fix position reporting on Poulsbo (git-fixes). - alsa: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - alsa: oss: Fix potential deadlock at unregistration (git-fixes). - alsa: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - alsa: rme9652: use explicitly signed char (git-fixes). - alsa: usb-audio: Fix NULL dererence at error path (git-fixes). - alsa: usb-audio: Fix potential memory leaks (git-fixes). - arm64: assembler: add cond_yield macro (git-fixes) - asoc: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - asoc: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - asoc: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - asoc: nau8824: Fix semaphore unbalance at error paths (git-fixes). - asoc: rsnd: Add check for rsnd_mod_power_on (git-fixes). - asoc: tas2770: Reinit regcache on reset (git-fixes). - asoc: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - asoc: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - asoc: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - asoc: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - asoc: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - bluetooth: L2CAP: Fix user-after-free (git-fixes). - bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: arm64/sha - fix function types (git-fixes) - crypto: arm64/sha1-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha2-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha3-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha512-ce - simplify NEON yield (git-fixes) - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - docs: update mediator information in CoC docs (git-fixes). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/udl: Restore display mode on resume (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - gpio: rockchip: request GPIO mux to pinctrl when setting direction (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hid: hidraw: fix memory leak in hidraw_release() (git-fixes). - hid: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - hid: multitouch: Add memory barriers (git-fixes). - hid: roccat: Fix use-after-free in roccat_read() (git-fixes). - hsi: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - hsi: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - ib/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes) - ib/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes) - ib/core: Only update PKEY and GID caches on respective events (git-fixes) - ib/hfi1: Adjust pkey entry in index 0 (git-fixes) - ib/hfi1: Fix abba locking issue with sc_disable() (git-fixes) - ib/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes) - ib/mlx4: Add support for REJ due to timeout (git-fixes) - ib/mlx4: Use port iterator and validation APIs (git-fixes) - ib/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes) - ib/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - ib/srpt: Remove redundant assignment to ret (git-fixes) - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - input: i8042 - fix refount leak on sparc (git-fixes). - input: xpad - add supported devices as contributed on github (git-fixes). - input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - kABI: arm64/crypto/sha512 Preserve function signature (git-fixes). - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: sink stdout from cmd for silent build (git-fixes). - kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21 (jsc#SLE-24559). - kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753). - kvm: nVMX: Unconditionally purge queued/injected events on nested "exit" (git-fixes). - kvm: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - kvm: s390: VSIE: fix MVPG handling for prefixing and MSO (git-fixes). - kvm: s390: clear kicked_mask before sleeping again (git-fixes). - kvm: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (git-fixes). - kvm: s390: pv: do not present the ecall interrupt twice (git-fixes). - kvm: s390: split kvm_s390_real_to_abs (git-fixes). - kvm: s390x: fix SCK locking (git-fixes) - kvm: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - locking/csd_lock: Change csdlock_debug from early_param to __setup (git-fixes). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - media: aspeed-video: ignore interrupts that are not enabled (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - mm, memcg: avoid stale protection values when cgroup is above protection (bsc#1204754). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim (bsc#1204754). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - padata: introduce internal padata_get/put_pd() helpers (bsc#1202638). - padata: make padata_free_shell() to respect pd's ->refcnt (bsc#1202638). - parisc/sticon: fix reverse colors (bsc#1152489) Backporting notes: * context changes - parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489) - pci: Dynamically map ECAM regions (bsc#1204382). - pci: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - pci: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - pm: domains: Fix handling of unavailable/disabled idle states (git-fixes). - pm: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#PED-1931). - quota: widen timestamps for the fs_disk_quota structure (bsc#1203387). - rdma/bnxt_re: Add missing spin lock initialization (git-fixes) - rdma/bnxt_re: Fix query SRQ failure (git-fixes) - rdma/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - rdma/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes) - rdma/cma: Fix arguments order in net device validation (git-fixes) - rdma/core: Sanitize WQ state received from the userspace (git-fixes) - rdma/cxgb4: Remove MW support (git-fixes) - rdma/efa: Free IRQ vectors on error flow (git-fixes) - rdma/efa: Remove double QP type assignment (git-fixes) - rdma/efa: Use ib_umem_num_dma_pages() (git-fixes) - rdma/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - rdma/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - rdma/i40iw: Use ib_umem_num_dma_pages() (git-fixes) - rdma/iwcm: Release resources if iw_cm module initialization fails (git-fixes) - rdma/mlx4: Return missed an error if device does not support steering (git-fixes) - rdma/mlx5: Add missing check for return value in get namespace flow (git-fixes) - rdma/mlx5: Block FDB rules when not in switchdev mode (git-fixes) - rdma/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes) - rdma/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes) - rdma/mlx5: Set user priority for DCT (git-fixes) - rdma/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes) - rdma/mthca: Work around -Wenum-conversion warning (git-fixes) - rdma/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes) - rdma/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - rdma/qedr: Fix reporting QP timeout attribute (git-fixes) - rdma/qib: Remove superfluous fallthrough statements (git-fixes) - rdma/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - rdma/rxe: Do not overwrite errno from ib_umem_get() (git-fixes) - rdma/rxe: Fix "kernel NULL pointer dereference" error (git-fixes) - rdma/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - rdma/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes) - rdma/rxe: Fix extra copy in prepare_ack_packet (git-fixes) - rdma/rxe: Fix failure during driver load (git-fixes) - rdma/rxe: Fix over copying in get_srq_wqe (git-fixes) - rdma/rxe: Fix redundant call to ip_send_check (git-fixes) - rdma/rxe: Fix redundant skb_put_zero (git-fixes) - rdma/rxe: Fix rnr retry behavior (git-fixes) - rdma/rxe: Fix the error caused by qp->sk (git-fixes) - rdma/rxe: Fix wrong port_cap_flags (git-fixes) - rdma/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - rdma/rxe: Remove unused pkt->offset (git-fixes) - rdma/rxe: Return CQE error if invalid lkey was supplied (git-fixes) - rdma/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes) - rdma/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - rdma/siw: Fix a condition race issue in MPA request processing (git-fixes) - rdma/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - rdma/siw: Pass a pointer to virt_to_page() (git-fixes) - rdma/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - rdma: Verify port when creating flow rule (git-fixes) - rdma: remove useless condition in siw_create_cq() (git-fixes) - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - revert "drivers/video/backlight/platform_lcd.c: add support for (bsc#1152489) - revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time" (git-fixes). - revert "usb: add quirks for Lenovo OneLink+ Dock" (git-fixes). - revert "usb: storage: Add quirk for Samsung Fit flash" (git-fixes). - revert "usb: storage: Add quirk for Samsung Fit flash" (git-fixes). - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/hypfs: avoid error message under KVM (bsc#1032323). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#PED-1931). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - struct pci_config_window kABI workaround (bsc#1204382). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - usb: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - usb: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - usb: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - usb: serial: option: add Quectel RM520N (git-fixes). - usb: serial: option: add Quectel RM520N (git-fixes). - usb: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - usb: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - usb: typec: ucsi: Remove incorrect warning (git-fixes). - usb: xhci-mtk: add a function to (un)load bandwidth info (git-fixes). - usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes). - usb: xhci-mtk: add some schedule error number (git-fixes). - usb: xhci-mtk: fix issue of out-of-bounds array access (git-fixes). - usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes). - usb: xhci-mtk: use @sch_tt to check whether need do TT schedule (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - xfs: add missing assert in xfs_fsmap_owner_from_rmap (git-fixes). - xfs: enable big timestamps (bsc#1203387). - xfs: enable new inode btree counters feature (bsc#1203387). - xfs: explicitly define inode timestamp range (bsc#1203387). - xfs: fix memory corruption during remote attr value buffer invalidation (git-fixes). - xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes). - xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes). - xfs: move incore structures out of xfs_da_format.h (git-fixes). - xfs: quota: move to time64_t interfaces (bsc#1203387). - xfs: redefine xfs_ictimestamp_t (bsc#1203387). Refresh patches.suse/xfs-repair-malformed-inode-items-during-log-recovery.patch. - xfs: redefine xfs_timestamp_t (bsc#1203387). - xfs: refactor remote attr value buffer invalidation (git-fixes). - xfs: remove obsolete AGF counter debugging (git-fixes). - xfs: rename `new' to `delta' in xfs_growfs_data_private() (git-fixes). - xfs: reserve data and rt quota at the same time (bsc#1203496). - xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes). - xfs: store inode btree block counts in AGI header (bsc#1203387). - xfs: streamline xfs_attr3_leaf_inactive (git-fixes). - xfs: use a struct timespec64 for the in-core crtime (bsc#1203387). - xfs: use the finobt block counts to speed up mount times (bsc#1203387). - xfs: widen ondisk inode timestamps to deal with y2038+ (bsc#1203387). - xfs: widen ondisk quota expiration timestamps to handle y2038+ (bsc#1203387). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3897=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-3897=1 Package List: - openSUSE Leap 15.3 (x86_64): cluster-md-kmp-azure-5.3.18-150300.38.83.1 cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.83.1 dlm-kmp-azure-5.3.18-150300.38.83.1 dlm-kmp-azure-debuginfo-5.3.18-150300.38.83.1 gfs2-kmp-azure-5.3.18-150300.38.83.1 gfs2-kmp-azure-debuginfo-5.3.18-150300.38.83.1 kernel-azure-5.3.18-150300.38.83.1 kernel-azure-debuginfo-5.3.18-150300.38.83.1 kernel-azure-debugsource-5.3.18-150300.38.83.1 kernel-azure-devel-5.3.18-150300.38.83.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.83.1 kernel-azure-extra-5.3.18-150300.38.83.1 kernel-azure-extra-debuginfo-5.3.18-150300.38.83.1 kernel-azure-livepatch-devel-5.3.18-150300.38.83.1 kernel-azure-optional-5.3.18-150300.38.83.1 kernel-azure-optional-debuginfo-5.3.18-150300.38.83.1 kernel-syms-azure-5.3.18-150300.38.83.1 kselftests-kmp-azure-5.3.18-150300.38.83.1 kselftests-kmp-azure-debuginfo-5.3.18-150300.38.83.1 ocfs2-kmp-azure-5.3.18-150300.38.83.1 ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.83.1 reiserfs-kmp-azure-5.3.18-150300.38.83.1 reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.83.1 - openSUSE Leap 15.3 (noarch): kernel-devel-azure-5.3.18-150300.38.83.1 kernel-source-azure-5.3.18-150300.38.83.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): kernel-devel-azure-5.3.18-150300.38.83.1 kernel-source-azure-5.3.18-150300.38.83.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64): kernel-azure-5.3.18-150300.38.83.1 kernel-azure-debuginfo-5.3.18-150300.38.83.1 kernel-azure-debugsource-5.3.18-150300.38.83.1 kernel-azure-devel-5.3.18-150300.38.83.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.83.1 kernel-syms-azure-5.3.18-150300.38.83.1 References: https://www.suse.com/security/cve/CVE-2021-4037.html https://www.suse.com/security/cve/CVE-2022-2153.html https://www.suse.com/security/cve/CVE-2022-28748.html https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-2978.html https://www.suse.com/security/cve/CVE-2022-3169.html https://www.suse.com/security/cve/CVE-2022-3176.html https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-3521.html https://www.suse.com/security/cve/CVE-2022-3524.html https://www.suse.com/security/cve/CVE-2022-3535.html https://www.suse.com/security/cve/CVE-2022-3542.html https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3565.html https://www.suse.com/security/cve/CVE-2022-3577.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3594.html https://www.suse.com/security/cve/CVE-2022-3621.html https://www.suse.com/security/cve/CVE-2022-3623.html https://www.suse.com/security/cve/CVE-2022-3625.html https://www.suse.com/security/cve/CVE-2022-3629.html https://www.suse.com/security/cve/CVE-2022-3640.html https://www.suse.com/security/cve/CVE-2022-3646.html https://www.suse.com/security/cve/CVE-2022-3649.html https://www.suse.com/security/cve/CVE-2022-39189.html https://www.suse.com/security/cve/CVE-2022-40768.html https://www.suse.com/security/cve/CVE-2022-41674.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-42719.html https://www.suse.com/security/cve/CVE-2022-42720.html https://www.suse.com/security/cve/CVE-2022-42721.html https://www.suse.com/security/cve/CVE-2022-42722.html https://www.suse.com/security/cve/CVE-2022-43750.html https://bugzilla.suse.com/1032323 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1198702 https://bugzilla.suse.com/1200465 https://bugzilla.suse.com/1200788 https://bugzilla.suse.com/1201725 https://bugzilla.suse.com/1202638 https://bugzilla.suse.com/1202686 https://bugzilla.suse.com/1202700 https://bugzilla.suse.com/1203066 https://bugzilla.suse.com/1203098 https://bugzilla.suse.com/1203290 https://bugzilla.suse.com/1203387 https://bugzilla.suse.com/1203391 https://bugzilla.suse.com/1203496 https://bugzilla.suse.com/1203514 https://bugzilla.suse.com/1203770 https://bugzilla.suse.com/1203802 https://bugzilla.suse.com/1204051 https://bugzilla.suse.com/1204053 https://bugzilla.suse.com/1204059 https://bugzilla.suse.com/1204060 https://bugzilla.suse.com/1204125 https://bugzilla.suse.com/1204166 https://bugzilla.suse.com/1204168 https://bugzilla.suse.com/1204354 https://bugzilla.suse.com/1204355 https://bugzilla.suse.com/1204382 https://bugzilla.suse.com/1204402 https://bugzilla.suse.com/1204415 https://bugzilla.suse.com/1204417 https://bugzilla.suse.com/1204431 https://bugzilla.suse.com/1204439 https://bugzilla.suse.com/1204470 https://bugzilla.suse.com/1204479 https://bugzilla.suse.com/1204574 https://bugzilla.suse.com/1204575 https://bugzilla.suse.com/1204619 https://bugzilla.suse.com/1204635 https://bugzilla.suse.com/1204637 https://bugzilla.suse.com/1204646 https://bugzilla.suse.com/1204647 https://bugzilla.suse.com/1204653 https://bugzilla.suse.com/1204728 https://bugzilla.suse.com/1204753 https://bugzilla.suse.com/1204754

1 0

SUSE-SU-2022:3889-1: important: Security update for exiv2
by opensuse-security＠opensuse.org 07 Nov '22

07 Nov '22

SUSE Security Update: Security update for exiv2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3889-1 Rating: important References: #1068871 #1142675 #1142679 #1185002 #1185218 #1185447 #1185913 #1186053 #1186192 #1188645 #1188733 #1189332 #1189333 #1189334 #1189335 #1189338 PED-1393 Cross-References: CVE-2017-1000128 CVE-2019-13108 CVE-2019-13111 CVE-2020-19716 CVE-2021-29457 CVE-2021-29463 CVE-2021-29470 CVE-2021-29623 CVE-2021-31291 CVE-2021-32617 CVE-2021-34334 CVE-2021-37620 CVE-2021-37621 CVE-2021-37622 CVE-2021-37623 CVSS scores: CVE-2017-1000128 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-1000128 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-13108 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-13108 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-13111 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-13111 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-19716 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-19716 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-29457 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29457 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29463 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-29463 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-29470 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-29470 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-29623 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-29623 (SUSE): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVE-2021-31291 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-32617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-32617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-34334 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-34334 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37620 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37620 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-37621 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37621 (SUSE): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2021-37622 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37622 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37623 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37623 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 15 vulnerabilities, contains one feature and has one errata is now available. Description: This update for exiv2 fixes the following issues: Updated to version 0.27.5 (jsc#PED-1393): - CVE-2017-1000128: Fixed stack out of bounds read in JPEG2000 parser (bsc#1068871). - CVE-2019-13108: Fixed integer overflow PngImage:readMetadata (bsc#1142675). - CVE-2020-19716: Fixed buffer overflow vulnerability in the Databuf function in types.cpp (bsc#1188645). - CVE-2021-29457: Fixed heap buffer overflow when write metadata into a crafted image file (bsc#1185002). - CVE-2021-29470: Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header (bsc#1185447). - CVE-2021-29623: Fixed read of uninitialized memory (bsc#1186053). - CVE-2021-31291: Fixed heap-based buffer overflow in jp2image.cpp (bsc#1188733). - CVE-2021-32617: Fixed denial of service due to inefficient algorithm (bsc#1186192). - CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read() (bsc#1189332). - CVE-2021-37621: Fixed DoS due to infinite loop in Image:printIFDStructure (bsc#1189333). - CVE-2021-37622: Fixed DoS due to infinite loop in JpegBase:printStructure (bsc#1189334) - CVE-2021-34334: Fixed DoS due to integer overflow in loop counter(bsc#1189338) - CVE-2021-37623: Fixed DoS due to infinite loop in JpegBase:printStructure (bsc#1189335) - CVE-2021-29463: Fixed out-of-bounds read in webpimage.cpp (bsc#1185913). - CVE-2021-34334: Fixed DoS due to integer overflow in loop counter (bsc#1189338) - CVE-2019-13111: Fixed integer overflow in WebPImage:decodeChunks that lead to denial of service (bsc#1142679) - CVE-2021-29463: Fixed an out-of-bounds read was found in webpimage.cpp (bsc#1185913) Bugfixes: - Fixed build using GCC 11 (bsc#1185218). A new libexiv2-2_27 shared library is shipped, the libexiv2-2_26 is provided only for compatibility now. Please recompile your applications using the exiv2 library. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3889=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3889=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): exiv2-0.27.5-150400.15.4.1 exiv2-debuginfo-0.27.5-150400.15.4.1 exiv2-debugsource-0.27.5-150400.15.4.1 libexiv2-26-0.26-150400.9.16.1 libexiv2-26-debuginfo-0.26-150400.9.16.1 libexiv2-27-0.27.5-150400.15.4.1 libexiv2-27-debuginfo-0.27.5-150400.15.4.1 libexiv2-devel-0.27.5-150400.15.4.1 libexiv2-xmp-static-0.27.5-150400.15.4.1 - openSUSE Leap 15.4 (noarch): exiv2-lang-0.27.5-150400.15.4.1 - openSUSE Leap 15.4 (x86_64): libexiv2-26-32bit-0.26-150400.9.16.1 libexiv2-26-32bit-debuginfo-0.26-150400.9.16.1 libexiv2-27-32bit-0.27.5-150400.15.4.1 libexiv2-27-32bit-debuginfo-0.27.5-150400.15.4.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): exiv2-debuginfo-0.27.5-150400.15.4.1 exiv2-debugsource-0.27.5-150400.15.4.1 libexiv2-26-0.26-150400.9.16.1 libexiv2-26-debuginfo-0.26-150400.9.16.1 libexiv2-27-0.27.5-150400.15.4.1 libexiv2-27-debuginfo-0.27.5-150400.15.4.1 libexiv2-devel-0.27.5-150400.15.4.1 libexiv2-xmp-static-0.27.5-150400.15.4.1 References: https://www.suse.com/security/cve/CVE-2017-1000128.html https://www.suse.com/security/cve/CVE-2019-13108.html https://www.suse.com/security/cve/CVE-2019-13111.html https://www.suse.com/security/cve/CVE-2020-19716.html https://www.suse.com/security/cve/CVE-2021-29457.html https://www.suse.com/security/cve/CVE-2021-29463.html https://www.suse.com/security/cve/CVE-2021-29470.html https://www.suse.com/security/cve/CVE-2021-29623.html https://www.suse.com/security/cve/CVE-2021-31291.html https://www.suse.com/security/cve/CVE-2021-32617.html https://www.suse.com/security/cve/CVE-2021-34334.html https://www.suse.com/security/cve/CVE-2021-37620.html https://www.suse.com/security/cve/CVE-2021-37621.html https://www.suse.com/security/cve/CVE-2021-37622.html https://www.suse.com/security/cve/CVE-2021-37623.html https://bugzilla.suse.com/1068871 https://bugzilla.suse.com/1142675 https://bugzilla.suse.com/1142679 https://bugzilla.suse.com/1185002 https://bugzilla.suse.com/1185218 https://bugzilla.suse.com/1185447 https://bugzilla.suse.com/1185913 https://bugzilla.suse.com/1186053 https://bugzilla.suse.com/1186192 https://bugzilla.suse.com/1188645 https://bugzilla.suse.com/1188733 https://bugzilla.suse.com/1189332 https://bugzilla.suse.com/1189333 https://bugzilla.suse.com/1189334 https://bugzilla.suse.com/1189335 https://bugzilla.suse.com/1189338

1 0

SUSE-SU-2022:3892-1: moderate: Security update for exiv2
by opensuse-security＠opensuse.org 07 Nov '22

07 Nov '22

SUSE Security Update: Security update for exiv2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3892-1 Rating: moderate References: #1142679 #1185913 #1189338 Cross-References: CVE-2019-13111 CVE-2021-29463 CVE-2021-34334 CVSS scores: CVE-2019-13111 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-13111 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-29463 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-29463 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-34334 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-34334 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for exiv2 fixes the following issues: - CVE-2019-13111: Fixed nteger overflow in WebPImage:decodeChunks (bsc#1142679). - CVE-2021-29463: Fixed out-of-bounds read (bsc#1185913). - CVE-2021-34334: Fixed a DoS due to integer overflow in loop counter bug (bsc#1189338). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3892=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3892=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): exiv2-0.26-150000.6.21.1 exiv2-debuginfo-0.26-150000.6.21.1 exiv2-debugsource-0.26-150000.6.21.1 libexiv2-26-0.26-150000.6.21.1 libexiv2-26-debuginfo-0.26-150000.6.21.1 libexiv2-devel-0.26-150000.6.21.1 libexiv2-doc-0.26-150000.6.21.1 - openSUSE Leap 15.3 (x86_64): libexiv2-26-32bit-0.26-150000.6.21.1 libexiv2-26-32bit-debuginfo-0.26-150000.6.21.1 - openSUSE Leap 15.3 (noarch): exiv2-lang-0.26-150000.6.21.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): exiv2-debuginfo-0.26-150000.6.21.1 exiv2-debugsource-0.26-150000.6.21.1 libexiv2-26-0.26-150000.6.21.1 libexiv2-26-debuginfo-0.26-150000.6.21.1 libexiv2-devel-0.26-150000.6.21.1 References: https://www.suse.com/security/cve/CVE-2019-13111.html https://www.suse.com/security/cve/CVE-2021-29463.html https://www.suse.com/security/cve/CVE-2021-34334.html https://bugzilla.suse.com/1142679 https://bugzilla.suse.com/1185913 https://bugzilla.suse.com/1189338

1 0

SUSE-SU-2022:3884-1: important: Security update for expat
by opensuse-security＠opensuse.org 07 Nov '22

07 Nov '22

SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3884-1 Rating: important References: #1204708 Cross-References: CVE-2022-43680 CVSS scores: CVE-2022-43680 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43680 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3884=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3884=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3884=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): expat-2.4.4-150400.3.12.1 expat-debuginfo-2.4.4-150400.3.12.1 expat-debugsource-2.4.4-150400.3.12.1 libexpat-devel-2.4.4-150400.3.12.1 libexpat1-2.4.4-150400.3.12.1 libexpat1-debuginfo-2.4.4-150400.3.12.1 - openSUSE Leap 15.4 (x86_64): expat-32bit-debuginfo-2.4.4-150400.3.12.1 libexpat-devel-32bit-2.4.4-150400.3.12.1 libexpat1-32bit-2.4.4-150400.3.12.1 libexpat1-32bit-debuginfo-2.4.4-150400.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): expat-2.4.4-150400.3.12.1 expat-debuginfo-2.4.4-150400.3.12.1 expat-debugsource-2.4.4-150400.3.12.1 libexpat-devel-2.4.4-150400.3.12.1 libexpat1-2.4.4-150400.3.12.1 libexpat1-debuginfo-2.4.4-150400.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): expat-32bit-debuginfo-2.4.4-150400.3.12.1 libexpat1-32bit-2.4.4-150400.3.12.1 libexpat1-32bit-debuginfo-2.4.4-150400.3.12.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): expat-debuginfo-2.4.4-150400.3.12.1 expat-debugsource-2.4.4-150400.3.12.1 libexpat1-2.4.4-150400.3.12.1 libexpat1-debuginfo-2.4.4-150400.3.12.1 References: https://www.suse.com/security/cve/CVE-2022-43680.html https://bugzilla.suse.com/1204708

1 0

SUSE-SU-2022:3871-1: important: Security update for libxml2
by opensuse-security＠opensuse.org 04 Nov '22

04 Nov '22

SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3871-1 Rating: important References: #1201978 #1204366 #1204367 Cross-References: CVE-2016-3709 CVE-2022-40303 CVE-2022-40304 CVSS scores: CVE-2016-3709 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2016-3709 (SUSE): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N CVE-2022-40303 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40304 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3871=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3871=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3871=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3871=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3871=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3871=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3871=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3871=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3871=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3871=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3871=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3871=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3871=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3871=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-3871=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3871=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3871=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3871=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3871=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3871=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3871=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3871=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3871=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3871=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3871=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3871=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - openSUSE Leap 15.3 (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 libxml2-devel-32bit-2.9.7-150000.3.51.1 - openSUSE Leap 15.3 (noarch): libxml2-doc-2.9.7-150000.3.51.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Manager Server 4.1 (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Manager Proxy 4.1 (x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Enterprise Storage 7 (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Enterprise Storage 6 (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE CaaS Platform 4.0 (x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 References: https://www.suse.com/security/cve/CVE-2016-3709.html https://www.suse.com/security/cve/CVE-2022-40303.html https://www.suse.com/security/cve/CVE-2022-40304.html https://bugzilla.suse.com/1201978 https://bugzilla.suse.com/1204366 https://bugzilla.suse.com/1204367

1 0

SUSE-SU-2022:3875-1: important: Security update for xmlbeans
by opensuse-security＠opensuse.org 04 Nov '22

04 Nov '22

SUSE Security Update: Security update for xmlbeans ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3875-1 Rating: important References: #1180915 Cross-References: CVE-2021-23926 CVSS scores: CVE-2021-23926 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2021-23926 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xmlbeans fixes the following issues: - CVE-2021-23926: Fixed XML parsers not protecting from malicious XML input (bsc#1180915). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3875=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3875=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3875=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3875=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3875=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3875=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3875=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3875=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3875=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3875=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3875=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3875=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3875=1 Package List: - openSUSE Leap 15.4 (noarch): xmlbeans-2.6.0-150000.5.3.1 xmlbeans-scripts-2.6.0-150000.5.3.1 - openSUSE Leap 15.3 (noarch): xmlbeans-2.6.0-150000.5.3.1 xmlbeans-scripts-2.6.0-150000.5.3.1 - SUSE Manager Server 4.1 (noarch): xmlbeans-2.6.0-150000.5.3.1 - SUSE Manager Retail Branch Server 4.1 (noarch): xmlbeans-2.6.0-150000.5.3.1 - SUSE Manager Proxy 4.1 (noarch): xmlbeans-2.6.0-150000.5.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): xmlbeans-2.6.0-150000.5.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): xmlbeans-2.6.0-150000.5.3.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): xmlbeans-2.6.0-150000.5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): xmlbeans-2.6.0-150000.5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): xmlbeans-2.6.0-150000.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): xmlbeans-2.6.0-150000.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): xmlbeans-2.6.0-150000.5.3.1 - SUSE Enterprise Storage 7 (noarch): xmlbeans-2.6.0-150000.5.3.1 References: https://www.suse.com/security/cve/CVE-2021-23926.html https://bugzilla.suse.com/1180915

1 0

SUSE-SU-2022:3868-1: moderate: Security update for rubygem-loofah
by opensuse-security＠opensuse.org 04 Nov '22

04 Nov '22

SUSE Security Update: Security update for rubygem-loofah ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3868-1 Rating: moderate References: #1154751 Cross-References: CVE-2019-15587 CVSS scores: CVE-2019-15587 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2019-15587 (SUSE): 6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-loofah fixes the following issues: - CVE-2019-15587: Fixed issue in sanitization of crafted SVG elements (bsc#1154751). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3868=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3868=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-3868=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-3868=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-3868=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-3868=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-3868=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-loofah-2.2.2-150000.4.6.1 ruby2.5-rubygem-loofah-doc-2.2.2-150000.4.6.1 ruby2.5-rubygem-loofah-testsuite-2.2.2-150000.4.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-loofah-2.2.2-150000.4.6.1 ruby2.5-rubygem-loofah-doc-2.2.2-150000.4.6.1 ruby2.5-rubygem-loofah-testsuite-2.2.2-150000.4.6.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-loofah-2.2.2-150000.4.6.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-loofah-2.2.2-150000.4.6.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-loofah-2.2.2-150000.4.6.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-loofah-2.2.2-150000.4.6.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-loofah-2.2.2-150000.4.6.1 References: https://www.suse.com/security/cve/CVE-2019-15587.html https://bugzilla.suse.com/1154751

1 0

SUSE-SU-2022:3867-1: moderate: Security update for python-Flask-Security-Too
by opensuse-security＠opensuse.org 03 Nov '22

03 Nov '22

SUSE Security Update: Security update for python-Flask-Security-Too ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3867-1 Rating: moderate References: #1202105 Cross-References: CVE-2021-23385 CVSS scores: CVE-2021-23385 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-23385 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Flask-Security-Too fixes the following issues: - CVE-2021-23385: Fixed open redirect (bsc#1202105). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3867=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3867=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3867=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3867=1 Package List: - openSUSE Leap 15.4 (noarch): python3-Flask-Security-Too-3.4.2-150200.3.6.1 - openSUSE Leap 15.3 (noarch): python3-Flask-Security-Too-3.4.2-150200.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-Flask-Security-Too-3.4.2-150200.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-Flask-Security-Too-3.4.2-150200.3.6.1 References: https://www.suse.com/security/cve/CVE-2021-23385.html https://bugzilla.suse.com/1202105

1 0

SUSE-SU-2022:3866-1: important: Security update for ntfs-3g_ntfsprogs
by opensuse-security＠opensuse.org 03 Nov '22

03 Nov '22

SUSE Security Update: Security update for ntfs-3g_ntfsprogs ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3866-1 Rating: important References: #1204734 Cross-References: CVE-2022-40284 CVSS scores: CVE-2022-40284 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ntfs-3g_ntfsprogs fixes the following issues: - CVE-2022-40284: Fixed incorrect validation of some of the NTFS metadata that could cause buffer overflow (bsc#1204734). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3866=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3866=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3866=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3866=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libntfs-3g-devel-2022.5.17-150000.3.16.1 libntfs-3g87-2022.5.17-150000.3.16.1 libntfs-3g87-debuginfo-2022.5.17-150000.3.16.1 ntfs-3g-2022.5.17-150000.3.16.1 ntfs-3g-debuginfo-2022.5.17-150000.3.16.1 ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.16.1 ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.16.1 ntfsprogs-2022.5.17-150000.3.16.1 ntfsprogs-debuginfo-2022.5.17-150000.3.16.1 ntfsprogs-extra-2022.5.17-150000.3.16.1 ntfsprogs-extra-debuginfo-2022.5.17-150000.3.16.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libntfs-3g-devel-2022.5.17-150000.3.16.1 libntfs-3g87-2022.5.17-150000.3.16.1 libntfs-3g87-debuginfo-2022.5.17-150000.3.16.1 ntfs-3g-2022.5.17-150000.3.16.1 ntfs-3g-debuginfo-2022.5.17-150000.3.16.1 ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.16.1 ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.16.1 ntfsprogs-2022.5.17-150000.3.16.1 ntfsprogs-debuginfo-2022.5.17-150000.3.16.1 ntfsprogs-extra-2022.5.17-150000.3.16.1 ntfsprogs-extra-debuginfo-2022.5.17-150000.3.16.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): libntfs-3g-devel-2022.5.17-150000.3.16.1 libntfs-3g87-2022.5.17-150000.3.16.1 libntfs-3g87-debuginfo-2022.5.17-150000.3.16.1 ntfs-3g-2022.5.17-150000.3.16.1 ntfs-3g-debuginfo-2022.5.17-150000.3.16.1 ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.16.1 ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.16.1 ntfsprogs-2022.5.17-150000.3.16.1 ntfsprogs-debuginfo-2022.5.17-150000.3.16.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): libntfs-3g-devel-2022.5.17-150000.3.16.1 libntfs-3g87-2022.5.17-150000.3.16.1 libntfs-3g87-debuginfo-2022.5.17-150000.3.16.1 ntfs-3g-2022.5.17-150000.3.16.1 ntfs-3g-debuginfo-2022.5.17-150000.3.16.1 ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.16.1 ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.16.1 ntfsprogs-2022.5.17-150000.3.16.1 ntfsprogs-debuginfo-2022.5.17-150000.3.16.1 References: https://www.suse.com/security/cve/CVE-2022-40284.html https://bugzilla.suse.com/1204734

1 0

SUSE-SU-2022:3862-1: important: Security update for xorg-x11-server
by opensuse-security＠opensuse.org 03 Nov '22

03 Nov '22

SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3862-1 Rating: important References: #1204412 #1204416 Cross-References: CVE-2022-3550 CVE-2022-3551 CVSS scores: CVE-2022-3550 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3550 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3551 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3551 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412). - CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3862=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3862=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3862=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150400.38.8.1 xorg-x11-server-debuginfo-1.20.3-150400.38.8.1 xorg-x11-server-debugsource-1.20.3-150400.38.8.1 xorg-x11-server-extra-1.20.3-150400.38.8.1 xorg-x11-server-extra-debuginfo-1.20.3-150400.38.8.1 xorg-x11-server-sdk-1.20.3-150400.38.8.1 xorg-x11-server-source-1.20.3-150400.38.8.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-150400.38.8.1 xorg-x11-server-debugsource-1.20.3-150400.38.8.1 xorg-x11-server-sdk-1.20.3-150400.38.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150400.38.8.1 xorg-x11-server-debuginfo-1.20.3-150400.38.8.1 xorg-x11-server-debugsource-1.20.3-150400.38.8.1 xorg-x11-server-extra-1.20.3-150400.38.8.1 xorg-x11-server-extra-debuginfo-1.20.3-150400.38.8.1 References: https://www.suse.com/security/cve/CVE-2022-3550.html https://www.suse.com/security/cve/CVE-2022-3551.html https://bugzilla.suse.com/1204412 https://bugzilla.suse.com/1204416

1 0

openSUSE-SU-2022:10185-1: important: Security update for EternalTerminal
by opensuse-security＠opensuse.org 02 Nov '22

02 Nov '22

openSUSE Security Update: Security update for EternalTerminal ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10185-1 Rating: important References: #1202432 #1202433 #1202434 #1202435 Cross-References: CVE-2022-24949 CVE-2022-24950 CVE-2022-24951 CVE-2022-24952 CVSS scores: CVE-2022-24949 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24950 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24951 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24952 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for EternalTerminal fixes the following issues: Update to 6.2.1: * CVE-2022-24949: Fixed race condition allows local attacker to hijack IPC socket (boo#1202435) * CVE-2022-24950: Fixed privilege escalation to root (boo#1202434) * CVE-2022-24951: Fixed DoS triggered remotely by invalid sequence numbers (boo#1202433) * CVE-2022-24952: Fixed race condition allows authenticated attacker to hijack other users' SSH authorization socket (boo#1202432) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10185=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 x86_64): EternalTerminal-6.2.1-bp154.2.3.1 References: https://www.suse.com/security/cve/CVE-2022-24949.html https://www.suse.com/security/cve/CVE-2022-24950.html https://www.suse.com/security/cve/CVE-2022-24951.html https://www.suse.com/security/cve/CVE-2022-24952.html https://bugzilla.suse.com/1202432 https://bugzilla.suse.com/1202433 https://bugzilla.suse.com/1202434 https://bugzilla.suse.com/1202435

1 0

openSUSE-SU-2022:10186-1: important: Security update for privoxy
by opensuse-security＠opensuse.org 02 Nov '22

02 Nov '22

openSUSE Security Update: Security update for privoxy ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10186-1 Rating: important References: #1193584 Cross-References: CVE-2021-44540 CVE-2021-44541 CVE-2021-44542 CVE-2021-44543 CVSS scores: CVE-2021-44540 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-44541 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-44542 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-44543 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for privoxy fixes the following issues: privoxy was updated to 3.0.33 (boo#1193584): * CVE-2021-44543: Encode the template name to prevent XSS (cross-side scripting) when Privoxy is configured to servce the user-manual itself * CVE-2021-44540: Free memory of compiled pattern spec before bailing * CVE-2021-44541: Free header memory when failing to get the request destination. * CVE-2021-44542: Prevent memory leaks when handling errors * Disable fast-redirects for a number of domains * Update default block lists * Many bug fixes and minor enhancements Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10186=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): privoxy-3.0.33-bp154.3.3.1 - openSUSE Backports SLE-15-SP4 (noarch): privoxy-doc-3.0.33-bp154.3.3.1 References: https://www.suse.com/security/cve/CVE-2021-44540.html https://www.suse.com/security/cve/CVE-2021-44541.html https://www.suse.com/security/cve/CVE-2021-44542.html https://www.suse.com/security/cve/CVE-2021-44543.html https://bugzilla.suse.com/1193584

1 0

openSUSE-SU-2022:10187-1: important: Security update for EternalTerminal
by opensuse-security＠opensuse.org 02 Nov '22

02 Nov '22

openSUSE Security Update: Security update for EternalTerminal ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10187-1 Rating: important References: #1202432 #1202433 #1202434 #1202435 Cross-References: CVE-2022-24949 CVE-2022-24950 CVE-2022-24951 CVE-2022-24952 CVSS scores: CVE-2022-24949 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24950 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24951 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24952 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for EternalTerminal fixes the following issues: Update to 6.2.1: * CVE-2022-24949: Fixed race condition allows local attacker to hijack IPC socket (boo#1202435) * CVE-2022-24950: Fixed privilege escalation to root (boo#1202434) * CVE-2022-24951: Fixed DoS triggered remotely by invalid sequence numbers (boo#1202433) * CVE-2022-24952: Fixed race condition allows authenticated attacker to hijack other users' SSH authorization socket (boo#1202432) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-10187=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 x86_64): EternalTerminal-6.2.1-bp153.2.3.1 References: https://www.suse.com/security/cve/CVE-2022-24949.html https://www.suse.com/security/cve/CVE-2022-24950.html https://www.suse.com/security/cve/CVE-2022-24951.html https://www.suse.com/security/cve/CVE-2022-24952.html https://bugzilla.suse.com/1202432 https://bugzilla.suse.com/1202433 https://bugzilla.suse.com/1202434 https://bugzilla.suse.com/1202435

1 0

SUSE-SU-2022:3857-1: important: Security update for xorg-x11-server
by opensuse-security＠opensuse.org 02 Nov '22

02 Nov '22

SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3857-1 Rating: important References: #1204412 #1204416 Cross-References: CVE-2022-3550 CVE-2022-3551 CVSS scores: CVE-2022-3550 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3550 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3551 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3551 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412). - CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3857=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3857=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3857=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3857=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3857=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3857=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3857=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3857=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3857=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3857=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3857=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3857=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3857=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3857=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3857=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-wayland-1.20.3-150200.22.5.58.1 xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.58.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.58.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-sdk-1.20.3-150200.22.5.58.1 xorg-x11-server-source-1.20.3-150200.22.5.58.1 xorg-x11-server-wayland-1.20.3-150200.22.5.58.1 xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.58.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.58.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-sdk-1.20.3-150200.22.5.58.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): xorg-x11-server-1.20.3-150200.22.5.58.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-sdk-1.20.3-150200.22.5.58.1 - SUSE Manager Proxy 4.1 (x86_64): xorg-x11-server-1.20.3-150200.22.5.58.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-sdk-1.20.3-150200.22.5.58.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-wayland-1.20.3-150200.22.5.58.1 xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.58.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-wayland-1.20.3-150200.22.5.58.1 xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.58.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): xorg-x11-server-1.20.3-150200.22.5.58.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-sdk-1.20.3-150200.22.5.58.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.58.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-sdk-1.20.3-150200.22.5.58.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): xorg-x11-server-1.20.3-150200.22.5.58.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-sdk-1.20.3-150200.22.5.58.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-sdk-1.20.3-150200.22.5.58.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.58.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.58.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): xorg-x11-server-1.20.3-150200.22.5.58.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-sdk-1.20.3-150200.22.5.58.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): xorg-x11-server-1.20.3-150200.22.5.58.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-sdk-1.20.3-150200.22.5.58.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): xorg-x11-server-1.20.3-150200.22.5.58.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-sdk-1.20.3-150200.22.5.58.1 References: https://www.suse.com/security/cve/CVE-2022-3550.html https://www.suse.com/security/cve/CVE-2022-3551.html https://bugzilla.suse.com/1204412 https://bugzilla.suse.com/1204416

1 0

SUSE-SU-2022:3844-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 02 Nov '22

02 Nov '22

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3844-1 Rating: important References: #1185032 #1190497 #1194023 #1194869 #1195917 #1196444 #1196869 #1197659 #1198189 #1200288 #1200622 #1201309 #1201310 #1201987 #1202095 #1202960 #1203039 #1203066 #1203101 #1203197 #1203263 #1203338 #1203360 #1203361 #1203389 #1203410 #1203505 #1203552 #1203664 #1203693 #1203699 #1203767 #1203769 #1203770 #1203794 #1203798 #1203893 #1203902 #1203906 #1203908 #1203935 #1203939 #1203987 #1203992 #1204051 #1204059 #1204060 #1204125 PED-387 PED-529 PED-652 PED-664 PED-682 PED-688 PED-720 PED-729 PED-755 PED-763 SLE-19924 SLE-24814 Cross-References: CVE-2022-1263 CVE-2022-2586 CVE-2022-3202 CVE-2022-32296 CVE-2022-3239 CVE-2022-3303 CVE-2022-39189 CVE-2022-41218 CVE-2022-41674 CVE-2022-41848 CVE-2022-41849 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVSS scores: CVE-2022-1263 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1263 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2586 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3202 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-3202 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-32296 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-32296 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41674 (NVD) : 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-41674 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41849 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41849 (SUSE): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42721 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42721 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42722 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42722 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 15 vulnerabilities, contains 12 features and has 33 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-1263: Fixed a NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allowed an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service (bnc#1198189). - CVE-2022-32296: Fixed a bug which allowed TCP servers to identify clients by observing what source ports are used (bnc#1200288). - CVE-2022-3202: Fixed a NULL pointer dereference flaw in Journaled File System. This could allow a local attacker to crash the system or leak kernel internal information (bnc#1203389). - CVE-2022-39189: Fixed a bug in the x86 KVM subsystem which allows unprivileged guest users to compromise the guest kernel because TLB flush operations are mishandled (bnc#1203066). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) The following non-security bugs were fixed: - ACPI / scan: Create platform device for CS35L41 (bsc#1203699). - ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel systems (bsc#1203767). - ACPI: resource: skip IRQ override on AMD Zen platforms (git-fixes). - ACPI: scan: Add CLSA0101 Laptop Support (bsc#1203699). - ACPI: utils: Add api to read _SUB from ACPI (bsc#1203699). - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: core: Fix double-free at snd_card_new() (git-fixes). - ALSA: cs35l41: Check hw_config before using it (bsc#1203699). - ALSA: cs35l41: Enable Internal Boost in shared lib (bsc#1203699). - ALSA: cs35l41: Move cs35l41_gpio_config to shared lib (bsc#1203699). - ALSA: cs35l41: Unify hardware configuration (bsc#1203699). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - ALSA: hda: cs35l41: Add Amp Name based on channel and index (bsc#1203699). - ALSA: hda: cs35l41: Add Boost type flag (bsc#1203699). - ALSA: hda: cs35l41: Add calls to newly added test key function (bsc#1203699). - ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence (bsc#1203699). - ALSA: hda: cs35l41: Add initial DSP support and firmware loading (bsc#1203699). - ALSA: hda: cs35l41: Add missing default cases (bsc#1203699). - ALSA: hda: cs35l41: Add module parameter to control firmware load (bsc#1203699). - ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems (bsc#1203699). - ALSA: hda: cs35l41: Add Support for Interrupts (bsc#1203699). - ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations (bsc#1203699). - ALSA: hda: cs35l41: Always configure the DAI (bsc#1203699). - ALSA: hda: cs35l41: Avoid overwriting register patch (bsc#1203699). - ALSA: hda: cs35l41: Clarify support for CSC3551 without _DSD Properties (bsc#1203699). - ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41 (bsc#1203699). - ALSA: hda: cs35l41: Do not dereference fwnode handle (bsc#1203699). - ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() (bsc#1203699). - ALSA: hda: cs35l41: Enable GPIO2 Interrupt for CLSA0100 laptops (bsc#1203699). - ALSA: hda: cs35l41: Fix comments wrt serial-multi-instantiate reference (bsc#1203699). - ALSA: hda: cs35l41: fix double free on error in probe() (bsc#1203699). - ALSA: hda: cs35l41: Fix error in spi cs35l41 hda driver name (bsc#1203699). - ALSA: hda: cs35l41: Fix I2S params comments (bsc#1203699). - ALSA: hda: cs35l41: Handle all external boost setups the same way (bsc#1203699). - ALSA: hda: cs35l41: Improve dev_err_probe() messaging (bsc#1203699). - ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void (bsc#1203699). - ALSA: hda: cs35l41: Make use of the helper function dev_err_probe() (bsc#1203699). - ALSA: hda: cs35l41: Move boost config to initialization code (bsc#1203699). - ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace (bsc#1203699). - ALSA: hda: cs35l41: Move external boost handling to lib for ASoC use (bsc#1203699). - ALSA: hda: cs35l41: Mute the device before shutdown (bsc#1203699). - ALSA: hda: cs35l41: Put the device into safe mode for external boost (bsc#1203699). - ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables (bsc#1203699). - ALSA: hda: cs35l41: Remove cs35l41_hda_reg_sequence struct (bsc#1203699). - ALSA: hda: cs35l41: Remove Set Channel Map api from binding (bsc#1203699). - ALSA: hda: cs35l41: Reorganize log for playback actions (bsc#1203699). - ALSA: hda: cs35l41: Save codec object inside component struct (bsc#1203699). - ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver (bsc#1203699). - ALSA: hda: cs35l41: Set Speaker Position for CLSA0100 Laptop (bsc#1203699). - ALSA: hda: cs35l41: Support CLSA0101 (bsc#1203699). - ALSA: hda: cs35l41: Support Firmware switching and reloading (bsc#1203699). - ALSA: hda: cs35l41: Support Hibernation during Suspend (bsc#1203699). - ALSA: hda: cs35l41: Support multiple load paths for firmware (bsc#1203699). - ALSA: hda: cs35l41: Support reading subsystem id from ACPI (bsc#1203699). - ALSA: hda: cs35l41: Support Speaker ID for laptops (bsc#1203699). - ALSA: hda: cs35l41: Tidyup code (bsc#1203699). - ALSA: hda: cs35l41: Use the CS35L41 HDA internal define (bsc#1203699). - ALSA: hda: Fix dependencies of CS35L41 on SPI/I2C buses (bsc#1203699). - ALSA: hda: Fix dependency on ASoC cs35l41 codec (bsc#1203699). - ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation (git-fixes). - ALSA: hda: Fix Nvidia dp infoframe (git-fixes). - ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add fw id strings (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls (bsc#1203699). - ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (jsc#PED-720). - ALSA: hda/cs8409: Add new Dolphin HW variants (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Warlock (bsc#1203699). - ALSA: hda/cs8409: change cs8409_fixups v.pins initializers to static (bsc#1203699). - ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants (bsc#1203699). - ALSA: hda/cs8409: Fix Warlock to use mono mic configuration (bsc#1203699). - ALSA: hda/cs8409: Re-order quirk table into ascending order (bsc#1203699). - ALSA: hda/cs8409: Support manual mode detection for CS42L42 (bsc#1203699). - ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Odin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Warlock MLK Variants (bsc#1203699). - ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver (bsc#1203699). - ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED (git-fixes). - ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops (bsc#1203699). - ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9 (bsc#1203699). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model (bsc#1203699). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga7 14IAL7 (bsc#1203699). - ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41 (bsc#1203699). - ALSA: hda/realtek: Add support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop (bsc#1203699). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845/865 G9 (bsc#1203699). - ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops (bsc#1203699). - ALSA: hda/realtek: Fix LED on Zbook Studio G9 (bsc#1203699). - ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec (bsc#1203699). - ALSA: hda/realtek: More robust component matching for CS35L41 (bsc#1203699). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: hda/tegra: Add Tegra234 hda driver support (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: hda/tegra: set depop delay for tegra (git-fixes). - ALSA: hda/tegra: Update scratch reg. communication (git-fixes). - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - ARM: dts: am33xx: Fix MMCHS0 dma properties (git-fixes). - ARM: dts: imx: align SPI NOR node name with dtschema (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (git-fixes). - arm64: dts: qcom: sm8350: fix UFS PHY serdes size (git-fixes). - arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (git-fixes). - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes). - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes). - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes). - arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes) Enable this errata fix configuration option to arm64/default. - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: lib: Import latest version of Arm Optimized Routines' strcmp (git-fixes) - arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes) - arm64: topology: fix possible overflow in amu_fie_setup() (git-fixes). - ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1203699). - ASoC: cs35l41: Add bindings for CS35L41 (bsc#1203699). - ASoC: cs35l41: Add common cs35l41 enter hibernate function (bsc#1203699). - ASoC: cs35l41: Add cs35l51/53 IDs (bsc#1203699). - ASoC: cs35l41: Add endianness flag in snd_soc_component_driver (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add support for CLSA3541 ACPI device ID (bsc#1203699). - ASoC: cs35l41: Add support for hibernate memory retention mode (bsc#1203699). - ASoC: cs35l41: Binding fixes (bsc#1203699). - ASoC: cs35l41: Change monitor widgets to siggens (bsc#1203699). - ASoC: cs35l41: Combine adjacent register writes (bsc#1203699). - ASoC: cs35l41: Convert tables to shared source code (bsc#1203699). - ASoC: cs35l41: Correct DSP power down (bsc#1203699). - ASoC: cs35l41: Correct handling of some registers in the cache (bsc#1203699). - ASoC: cs35l41: Correct some control names (bsc#1203699). - ASoC: cs35l41: Create shared function for boost configuration (bsc#1203699). - ASoC: cs35l41: Create shared function for errata patches (bsc#1203699). - ASoC: cs35l41: Create shared function for setting channels (bsc#1203699). - ASoC: cs35l41: CS35L41 Boosted Smart Amplifier (bsc#1203699). - ASoC: cs35l41: Do not overwrite returned error code (bsc#1203699). - ASoC: cs35l41: Do not print error when waking from hibernation (bsc#1203699). - ASoC: cs35l41: Document CS35l41 External Boost (bsc#1203699). - ASoC: cs35l41: DSP Support (bsc#1203699). - ASoC: cs35l41: Fix a bunch of trivial code formating/style issues (bsc#1203699). - ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN (bsc#1203699). - ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t (bsc#1203699). - ASoC: cs35l41: Fix DSP mbox start command and global enable order (bsc#1203699). - ASoC: cs35l41: Fix GPIO2 configuration (bsc#1203699). - ASoC: cs35l41: Fix link problem (bsc#1203699). - ASoC: cs35l41: Fix max number of TX channels (bsc#1203699). - ASoC: cs35l41: Fix undefined reference to core functions (bsc#1203699). - ASoC: cs35l41: Fix use of an uninitialised variable (bsc#1203699). - ASoC: cs35l41: Fixup the error messages (bsc#1203699). - ASoC: cs35l41: Make cs35l41_remove() return void (bsc#1203699). - ASoC: cs35l41: Move cs_dsp config struct into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 fs errata into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_otp_unpack to shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_set_cspl_mbox_cmd to shared code (bsc#1203699). - ASoC: cs35l41: Move power initializations to reg_sequence (bsc#1203699). - ASoC: cs35l41: Read System Name from ACPI _SUB to identify firmware (bsc#1203699). - ASoC: cs35l41: Remove incorrect comment (bsc#1203699). - ASoC: cs35l41: Remove unnecessary param (bsc#1203699). - ASoC: cs35l41: Set the max SPI speed for the whole device (bsc#1203699). - ASoC: cs35l41: Support external boost (bsc#1203699). - ASoC: cs35l41: Update handling of test key registers (bsc#1203699). - ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot (bsc#1203699). - ASoC: cs42l42: Add control for audio slow-start switch (bsc#1203699). - ASoC: cs42l42: Add warnings about DETECT_MODE and PLL_START (bsc#1203699). - ASoC: cs42l42: Allow time for HP/ADC to power-up after enable (bsc#1203699). - ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts (bsc#1203699). - ASoC: cs42l42: Change jack_detect_mutex to a lock of all IRQ handling (bsc#1203699). - ASoC: cs42l42: Do not claim to support 192k (bsc#1203699). - ASoC: cs42l42: Do not reconfigure the PLL while it is running (bsc#1203699). - ASoC: cs42l42: Fix WARN in remove() if running without an interrupt (bsc#1203699). - ASoC: cs42l42: free_irq() before powering-down on probe() fail (bsc#1203699). - ASoC: cs42l42: Handle system suspend (bsc#1203699). - ASoC: cs42l42: Implement Manual Type detection as fallback (bsc#1203699). - ASoC: cs42l42: Mark OSC_SWITCH_STATUS register volatile (bsc#1203699). - ASoC: cs42l42: Minor fix all errors reported by checkpatch.pl script (bsc#1203699). - ASoC: cs42l42: Move CS42L42 register descriptions to general include (bsc#1203699). - ASoC: cs42l42: Only report button state if there was a button interrupt (git-fixes). - ASoC: cs42l42: Prevent NULL pointer deref in interrupt handler (bsc#1203699). - ASoC: cs42l42: Remove redundant pll_divout member (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to DETECT_MODE (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to RS_PLUG/RS_UNPLUG masks (bsc#1203699). - ASoC: cs42l42: Remove unused runtime_suspend/runtime_resume callbacks (bsc#1203699). - ASoC: cs42l42: Report full jack status when plug is detected (bsc#1203699). - ASoC: cs42l42: Report initial jack state (bsc#1203699). - ASoC: cs42l42: Reset and power-down on remove() and failed probe() (bsc#1203699). - ASoC: cs42l42: Set correct SRC MCLK (bsc#1203699). - ASoC: cs42l42: Simplify reporting of jack unplug (bsc#1203699). - ASoC: cs42l42: Use PLL for SCLK > 12.288MHz (bsc#1203699). - ASoC: cs42l42: Use two thresholds and increased wait time for manual type detection (bsc#1203699). - ASoC: dt-bindings: cs42l42: Convert binding to yaml (bsc#1203699). - ASoC: imx-card: Fix refcount issue with of_node_put (git-fixes). - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (git-fixes). - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - ASoC: qcom: sm8250: add missing module owner (git-fixes). - ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - ASoC: wm_adsp: Add support for "toggle" preloaders (bsc#1203699). - ASoC: wm_adsp: Add trace caps to speaker protection FW (bsc#1203699). - ASoC: wm_adsp: Cancel ongoing work when removing controls (bsc#1203699). - ASoC: wm_adsp: Compressed stream DSP memory structs should be __packed (bsc#1203699). - ASoC: wm_adsp: Correct control read size when parsing compressed buffer (bsc#1203699). - ASoC: wm_adsp: Expand firmware loading search options (bsc#1203699). - ASoC: wm_adsp: Fix event for preloader (bsc#1203699). - ASoC: wm_adsp: Introduce cs_dsp logging macros (bsc#1203699). - ASoC: wm_adsp: Make compressed buffers optional (bsc#1203699). - ASoC: wm_adsp: Minor clean and redundant code removal (bsc#1203699). - ASoC: wm_adsp: Move check for control existence (bsc#1203699). - ASoC: wm_adsp: Move check of dsp->running to better place (bsc#1203699). - ASoC: wm_adsp: move firmware loading to client (bsc#1203699). - ASoC: wm_adsp: Move sys_config_size to wm_adsp (bsc#1203699). - ASoC: wm_adsp: Pass firmware names as parameters when starting DSP core (bsc#1203699). - ASoC: wm_adsp: remove a repeated including (bsc#1203699). - ASoC: wm_adsp: Remove pointless string comparison (bsc#1203699). - ASoC: wm_adsp: Remove the wmfw_add_ctl helper function (bsc#1203699). - ASoC: wm_adsp: Remove use of snd_ctl_elem_type_t (bsc#1203699). - ASoC: wm_adsp: Rename generic DSP support (bsc#1203699). - ASoC: wm_adsp: Separate generic cs_dsp_coeff_ctl handling (bsc#1203699). - ASoC: wm_adsp: Separate some ASoC and generic functions (bsc#1203699). - ASoC: wm_adsp: Separate wm_adsp specifics in cs_dsp_client_ops (bsc#1203699). - ASoC: wm_adsp: Split DSP power operations into helper functions (bsc#1203699). - ASoC: wm_adsp: Split out struct cs_dsp from struct wm_adsp (bsc#1203699). - ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers (bsc#1203699). - ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret' (bsc#1203699). - batman-adv: Fix hang up with small MTU hard-interface (git-fixes). - Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend (git-fixes). - Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - bnx2x: fix built-in kernel driver load failure (git-fixes). - bnx2x: fix driver load from initrd (git-fixes). - btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() (bsc#1203360). - btrfs: fix space cache corruption and potential double allocations (bsc#1203361). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - can: rx-offload: can_rx_offload_init_queue(): fix typo (git-fixes). - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (bsc#1196869). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - cgroup: Fix race condition at rebind_subsystems() (bsc#1203902). - cgroup: Fix threadgroup_rwsem cpus_read_lock() deadlock (bsc#1196869). - clk: bcm: rpi: Prevent out-of-bounds access (git-fixes). - clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: ingenic-tcu: Properly enable registers before accessing timers (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit. - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - cs-dsp and serial-multi-instantiate enablement (bsc#1203699) - dmaengine: idxd: add helper for per interrupt handle drain (jsc#PED-682). - dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755). - dmaengine: idxd: change MSIX allocation based on per wq activation (jsc#PED-664). - dmaengine: idxd: create locked version of idxd_quiesce() call (jsc#PED-682). - dmaengine: idxd: embed irq_entry in idxd_wq struct (jsc#PED-664). - dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664). - dmaengine: idxd: fix retry value to be constant for duration of function call (git-fixes). - dmaengine: idxd: handle interrupt handle revoked event (jsc#PED-682). - dmaengine: idxd: handle invalid interrupt handle descriptors (jsc#PED-682). - dmaengine: idxd: int handle management refactoring (jsc#PED-682). - dmaengine: idxd: match type for retries var in idxd_enqcmds() (git-fixes). - dmaengine: idxd: move interrupt handle assignment (jsc#PED-682). - dmaengine: idxd: rework descriptor free path on failure (jsc#PED-682). - dmaengine: idxd: set defaults for wq configs (jsc#PED-688). - dmaengine: idxd: update IAA definitions for user header (jsc#PED-763). - dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() (git-fixes). - docs: i2c: i2c-topology: fix incorrect heading (git-fixes). - dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes). - drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV (git-fixes). - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateFlipSchedule() (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateWatermarksAndDRAMSpeedChangeSupport() (git-fixes). - drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards (git-fixes). - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: make sure to init common IP before gmc (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (git-fixes). - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (git-fixes). - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (git-fixes). - drm/amdgpu: Separate vf2pf work item init from virt data exchange (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/bridge: display-connector: implement bus fmts callbacks (git-fixes). - drm/bridge: lt8912b: add vsync hsync (git-fixes). - drm/bridge: lt8912b: fix corrupted image output (git-fixes). - drm/bridge: lt8912b: set hdmi or dvi mode (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/gma500: Fix BUG: sleeping function called from invalid context errors (git-fixes). - drm/i915: Implement WaEdpLinkRateDataReload (git-fixes). - drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/i915/gt: Restrict forced preemption to the active context (git-fixes). - drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks (git-fixes). - drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/panel: simple: Fix innolux_g121i1_l01 bus_format (git-fixes). - drm/panfrost: devfreq: set opp to the recommended one to configure regulator (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/tegra: vic: Fix build warning when CONFIG_PM=n (git-fixes). - dt-bindings: hwmon: (mr75203) fix "intel,vm-map" property to be optional (git-fixes). - EDAC/dmc520: Do not print an error for each unconfigured interrupt line (bsc#1190497). - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - efi: libstub: Disable struct randomization (git-fixes). - eth: alx: take rtnl_lock on resume (git-fixes). - eth: sun: cassini: remove dead code (git-fixes). - fbcon: Add option to enable legacy hardware acceleration (bsc#1152472) Backporting changes: * context fixes in other patch * update config - fbcon: Fix accelerated fbdev scrolling while logo is still shown (bsc#1152472) - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - firmware: arm_scmi: Fix the asynchronous reset requests (git-fixes). - firmware: arm_scmi: Harden accesses to the reset domains (git-fixes). - firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic DSPs (bsc#1203699). - firmware: cs_dsp: Add lockdep asserts to interface functions (bsc#1203699). - firmware: cs_dsp: Add memory chunk helpers (bsc#1203699). - firmware: cs_dsp: Add offset to cs_dsp read/write (bsc#1203699). - firmware: cs_dsp: Add pre_run callback (bsc#1203699). - firmware: cs_dsp: Add pre_stop callback (bsc#1203699). - firmware: cs_dsp: Add support for rev 2 coefficient files (bsc#1203699). - firmware: cs_dsp: Add version checks on coefficient loading (bsc#1203699). - firmware: cs_dsp: Allow creation of event controls (bsc#1203699). - firmware: cs_dsp: Clarify some kernel doc comments (bsc#1203699). - firmware: cs_dsp: Clear core reset for cache (bsc#1203699). - firmware: cs_dsp: Fix overrun of unterminated control name string (bsc#1203699). - firmware: cs_dsp: Move lockdep asserts to avoid potential null pointer (bsc#1203699). - firmware: cs_dsp: Perform NULL check in cs_dsp_coeff_write/read_ctrl (bsc#1203699). - firmware: cs_dsp: Print messages from bin files (bsc#1203699). - firmware: cs_dsp: tidy includes in cs_dsp.c and cs_dsp.h (bsc#1203699). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - fuse: Remove the control interface for virtio-fs (bsc#1203798). - gpio: mockup: fix NULL pointer dereference when removing debugfs (git-fixes). - gpio: mockup: remove gpio debugfs when remove device (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - gpio: mvebu: Fix check for pwm support on non-A8K platforms (git-fixes). - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (git-fixes). - hwmon: (mr75203) enable polling for all VM channels (git-fixes). - hwmon: (mr75203) fix multi-channel voltage reading (git-fixes). - hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map" not defined (git-fixes). - hwmon: (mr75203) fix voltage equation for negative source input (git-fixes). - hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors (git-fixes). - hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller (git-fixes). - hwmon: (tps23861) fix byte order in resistance register (git-fixes). - i2c: acpi: Add an i2c_acpi_client_count() helper function (bsc#1203699). - i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible (git-fixes). - i2c: mlxbf: Fix frequency calculation (git-fixes). - i2c: mlxbf: incorrect base address passed during io write (git-fixes). - i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (git-fixes). - i2c: mlxbf: support lock mechanism (git-fixes). - ice: Allow operation with reduced device MSI-X (bsc#1201987). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (git-fixes). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (git-fixes). - ice: fix crash when writing timestamp on RX rings (git-fixes). - ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (git-fixes). - ice: fix possible under reporting of ethtool Tx and Rx statistics (git-fixes). - ice: Fix race during aux device (un)plugging (git-fixes). - ice: Match on all profiles in slow-path (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - igb: skip phy status check where unavailable (git-fixes). - Input: goodix - add compatible string for GT1158 (git-fixes). - Input: goodix - add support for GT1158 (git-fixes). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: iqs62x-keys - drop unused device node references (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - kABI workaround for spi changes (bsc#1203699). - kABI: Add back removed struct paca member (bsc#1203664 ltc#199236). - kABI: fix adding another field to scsi_device (bsc#1203039). - kABI: Fix kABI after SNP-Guest backport (jsc#SLE-19924, jsc#SLE-24814). - kbuild: disable header exports for UML in a straightforward way (git-fixes). - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - KVM: SVM: Create a separate mapping for the GHCB save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Create a separate mapping for the SEV-ES save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Define sev_features and VMPL field in the VMSA (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: fix tsc scaling cache logic (bsc#1203263). - KVM: SVM: Update the SEV-ES save area mapping (jsc#SLE-19924, jsc#SLE-24814). - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (git-fixes). - KVM: X86: Fix when shadow_root_level=5 and guest root_level 4 (git-fixes). - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi() (git-fixes). - KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall (git-fixes). - KVM: x86: Move lookup of indexed CPUID leafs to helper (jsc#SLE-19924, jsc#SLE-24814). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - lockd: detect and reject lock arguments that overflow (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - media: aspeed: Fix an error handling path in aspeed_video_probe() (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: exynos4-is: Change clk_disable to clk_disable_unprepare (git-fixes). - media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe (git-fixes). - media: flexcop-usb: fix endpoint type check (git-fixes). - media: imx-jpeg: Add pm-sleep support for imx-jpeg (git-fixes). - media: imx-jpeg: Correct some definition according specification (git-fixes). - media: imx-jpeg: Disable slot interrupt when frame done (git-fixes). - media: imx-jpeg: Fix potential array out of bounds in queue_setup (git-fixes). - media: imx-jpeg: Leave a blank space before the configuration data (git-fixes). - media: imx-jpeg: Refactor function mxc_jpeg_parse (git-fixes). - media: mceusb: Use new usb_control_msg_*() routines (git-fixes). - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment. - media: rkvdec: Disable H.264 error detection (git-fixes). - media: st-delta: Fix PM disable depth imbalance in delta_probe (git-fixes). - media: vsp1: Fix offset calculation for plane cropping. - misc: cs35l41: Remove unused pdn variable (bsc#1203699). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mlxsw: i2c: Fix initialization error flow (git-fixes). - mm: Fix PASID use-after-free issue (bsc#1203908). - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (git-fixes). - mmc: hsq: Fix data stomping during mmc recovery (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv (git-fixes). - net: axienet: fix RX ring refill allocation failure handling (git-fixes). - net: axienet: reset core on initialization prior to MDIO access (git-fixes). - net: bcmgenet: hide status block before TX timestamping (git-fixes). - net: bcmgenet: Revert "Use stronger register read/writes to assure ordering" (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator (git-fixes). - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (git-fixes). - net: dsa: felix: fix tagging protocol changes with multiple CPU ports (git-fixes). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: introduce helpers for iterating through ports using dp (git-fixes). - net: dsa: lantiq_gswip: Do not set GSWIP_MII_CFG_RMII_CLK (git-fixes). - net: dsa: lantiq_gswip: fix use after free in gswip_remove() (git-fixes). - net: dsa: microchip: fix bridging with more than two member ports (git-fixes). - net: dsa: mt7530: 1G can also support 1000BASE-X link mode (git-fixes). - net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (git-fixes). - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (git-fixes). - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (git-fixes). - net: dsa: restrict SMSC_LAN9303_I2C kconfig (git-fixes). - net: emaclite: Add error handling for of_address_to_resource() (git-fixes). - net: enetc: Use pci_release_region() to release some resources (git-fixes). - net: ethernet: mediatek: ppe: fix wrong size passed to memset() (git-fixes). - net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address() (git-fixes). - net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link (git-fixes). - net: ethernet: stmmac: fix write to sgmii_adapter_base (git-fixes). - net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (git-fixes). - net: ftgmac100: access hardware register after clock ready (git-fixes). - net: hns3: add netdev reset check for hns3_set_tunable() (git-fixes). - net: hns3: fix the concurrency between functions reading debugfs (git-fixes). - net: ipa: get rid of a duplicate initialization (git-fixes). - net: ipa: kill ipa_cmd_pipeline_clear() (git-fixes). - net: ipa: record proper RX transaction count (git-fixes). - net: macb: Fix PTP one step sync support (git-fixes). - net: macb: Increment rx bd head after allocating skb and buffer (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (git-fixes). - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (git-fixes). - net: mscc: ocelot: fix all IP traffic getting trapped to CPU with PTP over IP (git-fixes). - net: mscc: ocelot: fix broken IP multicast flooding (git-fixes). - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (git-fixes). - net: mscc: ocelot: fix missing unlock on error in ocelot_hwstamp_set() (git-fixes). - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (git-fixes). - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (git-fixes). - net: phy: aquantia: wait for the suspend/resume operations to finish (git-fixes). - net: phy: at803x: move page selection fix to config_init (git-fixes). - net: phy: Do not WARN for PHY_UP state in mdio_bus_phy_resume() (git-fixes). - net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes). - net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes). - net: stmmac: dwmac-qcom-ethqos: add platform level clocks management (git-fixes). - net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock on resume (git-fixes). - net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (git-fixes). - net: stmmac: enhance XDP ZC driver level switching performance (git-fixes). - net: stmmac: fix out-of-bounds access in a selftest (git-fixes). - net: stmmac: Fix unset max_speed difference between DT and non-DT platforms (git-fixes). - net: stmmac: only enable DMA interrupts when ready (git-fixes). - net: stmmac: perserve TX and RX coalesce value during XDP setup (git-fixes). - net: stmmac: remove unused get_addr() callback (git-fixes). - net: stmmac: Use readl_poll_timeout_atomic() in atomic state (git-fixes). - net: systemport: Fix an error handling path in bcm_sysport_probe() (git-fixes). - net: thunderbolt: Enable DMA paths only after rings are enabled (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - net: wwan: iosm: Call mutex_init before locking it (git-fixes). - net: wwan: iosm: remove pointless null check (git-fixes). - net/mlx5: CT: Fix header-rewrite re-use for tupels (git-fixes). - net/mlx5: Drain fw_reset when removing device (git-fixes). - net/mlx5e: Block rx-gro-hw feature in switchdev mode (git-fixes). - net/mlx5e: Properly block HW GRO when XDP is enabled (git-fixes). - net/mlx5e: Properly block LRO when XDP is enabled (git-fixes). - net/mlx5e: Remove HW-GRO from reported features (git-fixes). - net/mlx5e: TC NIC mode, fix tc chains miss table (git-fixes). - net/qla3xxx: Fix a test in ql_reset_work() (git-fixes). - net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() (git-fixes). - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFS: fix problems with __nfs42_ssc_open (git-fixes). - NFS: Fix races in the legacy idmapper upcall (git-fixes). - NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (git-fixes). - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFS: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (git-fixes). - NFS: Update mode bits after ALLOCATE and DEALLOCATE (git-fixes). - NFSD: Clean up the show_nf_flags() macro (git-fixes). - NFSD: eliminate the NFSD_FILE_BREAK_* flags (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - NFSD: Report RDMA connection errors to the server (git-fixes). - NFSD: restore EINVAL error translation in nfsd_commit() (git-fixes). - of/device: Fix up of_dma_configure_id() stub (git-fixes). - of/fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - parisc/sticon: fix reverse colors (bsc#1152489) - parisc/stifb: Fix fb_is_primary_device() only available with (bsc#1152489) - parisc/stifb: Implement fb_is_primary_device() (bsc#1152489) - parisc/stifb: Keep track of hardware path of graphics card (bsc#1152489) - PCI: Correct misspelled words (git-fixes). - PCI: Disable MSI for Tegra234 Root Ports (git-fixes). - PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes). - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (jsc#PED-387). - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (git-fixes). - pinctrl: qcom: sc8180x: Fix wrong pin numbers (git-fixes). - pinctrl: sunxi: Fix name for A100 R_PIO (git-fixes). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 2 (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (bsc#1203699). - platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (bsc#1203699). - platform/x86: serial-multi-instantiate: Add SPI support (bsc#1203699). - platform/x86: serial-multi-instantiate: Reorganize I2C functions (bsc#1203699). - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (bsc#1194869). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - regulator: core: Clean up on enable failure (git-fixes). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (bsc#1203197 LTC#199895). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - scsi: core: Add BLIST_NO_ASK_VPD_SIZE for some VDASD (bsc#1203039). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Define static symbols (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Enhance driver tracing with separate tunable and more (bsc#1203935). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Fix spelling mistake "definiton" "definition" (bsc#1203935). - scsi: qla2xxx: Log message "skipping scsi_scan_host()" as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading stale packets" (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" (git-fixes). - scsi: smartpqi: Add module param to disable managed ints (bsc#1203893). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - selftests: Fix the if conditions of in test_extra_filter() (git-fixes). - selftests: forwarding: add shebang for sch_red.sh (git-fixes). - selftests: forwarding: Fix failing tests with old libnet (git-fixes). - serial: atmel: remove redundant assignment in rs485_config (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: fsl_lpuart: Reset prior to registration (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - spi: Add API to count spi acpi resources (bsc#1203699). - spi: Create helper API to lookup ACPI info for spi device (bsc#1203699). - spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (git-fixes). - spi: meson-spicc: do not rely on busy flag in pow2 clk ops (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: propagate error code to the caller of acpi_spi_device_alloc() (bsc#1203699). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: Return deferred probe error when controller isn't yet available (bsc#1203699). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - spi: Support selection of the index of the ACPI Spi Resource before alloc (bsc#1203699). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - struct ehci_hcd: hide new element going into a hole (git-fixes). - struct xhci_hcd: restore member now dynamically allocated (git-fixes). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: fix expiry of auth creds (git-fixes). - SUNRPC: Fix xdr_encode_bool() (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - thunderbolt: Add support for Intel Maple Ridge single port controller (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - tty: serial: atmel: Preserve previous USART mode if RS485 disabled (git-fixes). - USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: add quirks for Lenovo OneLink+ Dock (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: Drop commas after SoC match table sentinels (git-fixes). - USB: dwc3: core: leave default DMA if the controller does not support 64-bit DMA (git-fixes). - USB: dwc3: disable USB core PHY management (git-fixes). - USB: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - USB: dwc3: gadget: Do not modify GEVNTCOUNT in pullup() (git-fixes). - USB: dwc3: gadget: Refactor pullup() (git-fixes). - USB: dwc3: pci: Add support for Intel Raptor Lake (git-fixes). - USB: Fix ehci infinite suspend-resume loop issue in zhaoxin (git-fixes). - USB: Fix memory leak in usbnet_disconnect() (git-fixes). - USB: host: xhci: fix a comment typo in xhci_mem_init() (git-fixes). - USB: host: xhci: use ffs() in xhci_mem_init() (git-fixes). - USB: hub: avoid warm port reset during USB3 disconnect (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: storage: Add ASUS 0x0b05:0x1932 to IGNORE_UAS (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - USB: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (git-fixes). - USB: typec: tipd: Add an additional overflow check (git-fixes). - USB: typec: tipd: Do not read/write more bytes than required (git-fixes). - USB: typec: ucsi: Remove incorrect warning (git-fixes). - USB: xhci-mtk: relax TT periodic bandwidth allocation (git-fixes). - vfio/type1: Unpin zero pages (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video: fbdev: i740fb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - virt: Add SEV-SNP guest driver (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to derive key (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to get extended report (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix bool function returning negative value (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix return value check in alloc_shared_pages() (jsc#SLE-19924, jsc#SLE-24814). - vrf: fix packet sniffing for traffic originating from ip tunnels (git-fixes). - vt: Clear selection before changing the font (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath11k: fix number of VHT beamformee spatial streams (git-fixes). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: mac80211_hwsim: check length for virtio packets (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: fix regression with non-QoS drivers (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mt76: fix reading current per-tid starting sequence number for aggregation (git-fixes). - wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7915: do not check state before configuring implicit beamform (git-fixes). - wifi: mt76: sdio: fix transmitting packet hangs (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - wifi: rtlwifi: 8192de: correct checking of IQK reload (git-fixes). - wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (git-fixes). - x86/boot: Add a pointer to Confidential Computing blob in bootparams (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Add Confidential Computing type to setup_data (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Introduce helpers for MSR reads/writes (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Put globals that are accessed early into the .data section (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Use MSR read/write helpers instead of inline assembly (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add helper for validating pages in the decompression stage (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Export and rename add_identity_map() (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add identity mapping for Confidential Computing blob (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Detect/setup SEV/SME features earlier during boot (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI config table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI detection to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI kexec handling into common code (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI system table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI vendor table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/head/64: Re-enable stack protection (jsc#SLE-19924, jsc#SLE-24814). - x86/ibt,ftrace: Make function-graph play nice (bsc#1203969). - x86/kernel: Mark the .bss..decrypted section as shared in the RMP table (jsc#SLE-19924, jsc#SLE-24814). - x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/mm: Extend cc_attr to include AMD SEV-SNP (jsc#SLE-19924, jsc#SLE-24814). - x86/mm: Validate memory when changing the C-bit (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a helper for the PVALIDATE instruction (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a sev= cmdline option (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add helper for validating pages in early enc attribute changes (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add missing __init annotations to SEV init routines (jsc#SLE-19924 jsc#SLE-24814). - x86/sev: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check SEV-SNP features support (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check the VMPL level (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Detect/setup SEV/SME features earlier in boot (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Get the AP jump table address from secrets page (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Move MSR-based VMGEXITs for CPUID to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Provide support for SNP guest request NAEs (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register SEV-SNP guest request platform device (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use firmware-validated CPUID for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use SEV-SNP AP creation to start secondary CPUs (jsc#SLE-19924, jsc#SLE-24814). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen-blkback: Advertise feature-persistent as user requested (git-fixes). - xen-blkback: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkback: fix persistent grants negotiation (git-fixes). - xen-blkfront: Advertise feature-persistent as user requested (git-fixes). - xen-blkfront: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkfront: Cache feature_persistent value before advertisement (git-fixes). - xen-blkfront: Handle NULL gendisk (git-fixes). - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (git-fixes). - xen/usb: do not use arbitrary_virt_to_machine() (git-fixes). - xhci: Allocate separate command structures for each LPM command (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3844=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3844=1 - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-3844=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-3844=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3844=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3844=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3844=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-3844=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.14.21-150400.24.28.1 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.28.1 dlm-kmp-default-5.14.21-150400.24.28.1 dlm-kmp-default-debuginfo-5.14.21-150400.24.28.1 gfs2-kmp-default-5.14.21-150400.24.28.1 gfs2-kmp-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-5.14.21-150400.24.28.1 kernel-default-base-5.14.21-150400.24.28.1.150400.24.9.5 kernel-default-base-rebuild-5.14.21-150400.24.28.1.150400.24.9.5 kernel-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-debugsource-5.14.21-150400.24.28.1 kernel-default-devel-5.14.21-150400.24.28.1 kernel-default-devel-debuginfo-5.14.21-150400.24.28.1 kernel-default-extra-5.14.21-150400.24.28.1 kernel-default-extra-debuginfo-5.14.21-150400.24.28.1 kernel-default-livepatch-5.14.21-150400.24.28.1 kernel-default-livepatch-devel-5.14.21-150400.24.28.1 kernel-default-optional-5.14.21-150400.24.28.1 kernel-default-optional-debuginfo-5.14.21-150400.24.28.1 kernel-obs-build-5.14.21-150400.24.28.1 kernel-obs-build-debugsource-5.14.21-150400.24.28.1 kernel-obs-qa-5.14.21-150400.24.28.1 kernel-syms-5.14.21-150400.24.28.1 kselftests-kmp-default-5.14.21-150400.24.28.1 kselftests-kmp-default-debuginfo-5.14.21-150400.24.28.1 ocfs2-kmp-default-5.14.21-150400.24.28.1 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.28.1 reiserfs-kmp-default-5.14.21-150400.24.28.1 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.28.1 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): kernel-kvmsmall-5.14.21-150400.24.28.1 kernel-kvmsmall-debuginfo-5.14.21-150400.24.28.1 kernel-kvmsmall-debugsource-5.14.21-150400.24.28.1 kernel-kvmsmall-devel-5.14.21-150400.24.28.1 kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.28.1 kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.28.1 - openSUSE Leap 15.4 (ppc64le x86_64): kernel-debug-5.14.21-150400.24.28.1 kernel-debug-debuginfo-5.14.21-150400.24.28.1 kernel-debug-debugsource-5.14.21-150400.24.28.1 kernel-debug-devel-5.14.21-150400.24.28.1 kernel-debug-devel-debuginfo-5.14.21-150400.24.28.1 kernel-debug-livepatch-devel-5.14.21-150400.24.28.1 - openSUSE Leap 15.4 (aarch64): cluster-md-kmp-64kb-5.14.21-150400.24.28.1 cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.28.1 dlm-kmp-64kb-5.14.21-150400.24.28.1 dlm-kmp-64kb-debuginfo-5.14.21-150400.24.28.1 dtb-allwinner-5.14.21-150400.24.28.1 dtb-altera-5.14.21-150400.24.28.1 dtb-amazon-5.14.21-150400.24.28.1 dtb-amd-5.14.21-150400.24.28.1 dtb-amlogic-5.14.21-150400.24.28.1 dtb-apm-5.14.21-150400.24.28.1 dtb-apple-5.14.21-150400.24.28.1 dtb-arm-5.14.21-150400.24.28.1 dtb-broadcom-5.14.21-150400.24.28.1 dtb-cavium-5.14.21-150400.24.28.1 dtb-exynos-5.14.21-150400.24.28.1 dtb-freescale-5.14.21-150400.24.28.1 dtb-hisilicon-5.14.21-150400.24.28.1 dtb-lg-5.14.21-150400.24.28.1 dtb-marvell-5.14.21-150400.24.28.1 dtb-mediatek-5.14.21-150400.24.28.1 dtb-nvidia-5.14.21-150400.24.28.1 dtb-qcom-5.14.21-150400.24.28.1 dtb-renesas-5.14.21-150400.24.28.1 dtb-rockchip-5.14.21-150400.24.28.1 dtb-socionext-5.14.21-150400.24.28.1 dtb-sprd-5.14.21-150400.24.28.1 dtb-xilinx-5.14.21-150400.24.28.1 gfs2-kmp-64kb-5.14.21-150400.24.28.1 gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.28.1 kernel-64kb-5.14.21-150400.24.28.1 kernel-64kb-debuginfo-5.14.21-150400.24.28.1 kernel-64kb-debugsource-5.14.21-150400.24.28.1 kernel-64kb-devel-5.14.21-150400.24.28.1 kernel-64kb-devel-debuginfo-5.14.21-150400.24.28.1 kernel-64kb-extra-5.14.21-150400.24.28.1 kernel-64kb-extra-debuginfo-5.14.21-150400.24.28.1 kernel-64kb-livepatch-devel-5.14.21-150400.24.28.1 kernel-64kb-optional-5.14.21-150400.24.28.1 kernel-64kb-optional-debuginfo-5.14.21-150400.24.28.1 kselftests-kmp-64kb-5.14.21-150400.24.28.1 kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.28.1 ocfs2-kmp-64kb-5.14.21-150400.24.28.1 ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.28.1 reiserfs-kmp-64kb-5.14.21-150400.24.28.1 reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.28.1 - openSUSE Leap 15.4 (noarch): kernel-devel-5.14.21-150400.24.28.1 kernel-docs-5.14.21-150400.24.28.1 kernel-docs-html-5.14.21-150400.24.28.1 kernel-macros-5.14.21-150400.24.28.1 kernel-source-5.14.21-150400.24.28.1 kernel-source-vanilla-5.14.21-150400.24.28.1 - openSUSE Leap 15.4 (s390x): kernel-zfcpdump-5.14.21-150400.24.28.1 kernel-zfcpdump-debuginfo-5.14.21-150400.24.28.1 kernel-zfcpdump-debugsource-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): kernel-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-debugsource-5.14.21-150400.24.28.1 kernel-default-extra-5.14.21-150400.24.28.1 kernel-default-extra-debuginfo-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-debugsource-5.14.21-150400.24.28.1 kernel-default-livepatch-5.14.21-150400.24.28.1 kernel-default-livepatch-devel-5.14.21-150400.24.28.1 kernel-livepatch-5_14_21-150400_24_28-default-1-150400.9.3.5 kernel-livepatch-5_14_21-150400_24_28-default-debuginfo-1-150400.9.3.5 kernel-livepatch-SLE15-SP4_Update_4-debugsource-1-150400.9.3.5 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-debugsource-5.14.21-150400.24.28.1 reiserfs-kmp-default-5.14.21-150400.24.28.1 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.14.21-150400.24.28.1 kernel-obs-build-debugsource-5.14.21-150400.24.28.1 kernel-syms-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): kernel-docs-5.14.21-150400.24.28.1 kernel-source-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-5.14.21-150400.24.28.1 kernel-default-base-5.14.21-150400.24.28.1.150400.24.9.5 kernel-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-debugsource-5.14.21-150400.24.28.1 kernel-default-devel-5.14.21-150400.24.28.1 kernel-default-devel-debuginfo-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64): kernel-64kb-5.14.21-150400.24.28.1 kernel-64kb-debuginfo-5.14.21-150400.24.28.1 kernel-64kb-debugsource-5.14.21-150400.24.28.1 kernel-64kb-devel-5.14.21-150400.24.28.1 kernel-64kb-devel-debuginfo-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): kernel-devel-5.14.21-150400.24.28.1 kernel-macros-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (s390x): kernel-zfcpdump-5.14.21-150400.24.28.1 kernel-zfcpdump-debuginfo-5.14.21-150400.24.28.1 kernel-zfcpdump-debugsource-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): kernel-default-5.14.21-150400.24.28.1 kernel-default-base-5.14.21-150400.24.28.1.150400.24.9.5 kernel-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-debugsource-5.14.21-150400.24.28.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.14.21-150400.24.28.1 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.28.1 dlm-kmp-default-5.14.21-150400.24.28.1 dlm-kmp-default-debuginfo-5.14.21-150400.24.28.1 gfs2-kmp-default-5.14.21-150400.24.28.1 gfs2-kmp-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-debugsource-5.14.21-150400.24.28.1 ocfs2-kmp-default-5.14.21-150400.24.28.1 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.28.1 References: https://www.suse.com/security/cve/CVE-2022-1263.html https://www.suse.com/security/cve/CVE-2022-2586.html https://www.suse.com/security/cve/CVE-2022-3202.html https://www.suse.com/security/cve/CVE-2022-32296.html https://www.suse.com/security/cve/CVE-2022-3239.html https://www.suse.com/security/cve/CVE-2022-3303.html https://www.suse.com/security/cve/CVE-2022-39189.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-41674.html https://www.suse.com/security/cve/CVE-2022-41848.html https://www.suse.com/security/cve/CVE-2022-41849.html https://www.suse.com/security/cve/CVE-2022-42719.html https://www.suse.com/security/cve/CVE-2022-42720.html https://www.suse.com/security/cve/CVE-2022-42721.html https://www.suse.com/security/cve/CVE-2022-42722.html https://bugzilla.suse.com/1185032 https://bugzilla.suse.com/1190497 https://bugzilla.suse.com/1194023 https://bugzilla.suse.com/1194869 https://bugzilla.suse.com/1195917 https://bugzilla.suse.com/1196444 https://bugzilla.suse.com/1196869 https://bugzilla.suse.com/1197659 https://bugzilla.suse.com/1198189 https://bugzilla.suse.com/1200288 https://bugzilla.suse.com/1200622 https://bugzilla.suse.com/1201309 https://bugzilla.suse.com/1201310 https://bugzilla.suse.com/1201987 https://bugzilla.suse.com/1202095 https://bugzilla.suse.com/1202960 https://bugzilla.suse.com/1203039 https://bugzilla.suse.com/1203066 https://bugzilla.suse.com/1203101 https://bugzilla.suse.com/1203197 https://bugzilla.suse.com/1203263 https://bugzilla.suse.com/1203338 https://bugzilla.suse.com/1203360 https://bugzilla.suse.com/1203361 https://bugzilla.suse.com/1203389 https://bugzilla.suse.com/1203410 https://bugzilla.suse.com/1203505 https://bugzilla.suse.com/1203552 https://bugzilla.suse.com/1203664 https://bugzilla.suse.com/1203693 https://bugzilla.suse.com/1203699 https://bugzilla.suse.com/1203767 https://bugzilla.suse.com/1203769 https://bugzilla.suse.com/1203770 https://bugzilla.suse.com/1203794 https://bugzilla.suse.com/1203798 https://bugzilla.suse.com/1203893 https://bugzilla.suse.com/1203902 https://bugzilla.suse.com/1203906 https://bugzilla.suse.com/1203908 https://bugzilla.suse.com/1203935 https://bugzilla.suse.com/1203939 https://bugzilla.suse.com/1203987 https://bugzilla.suse.com/1203992 https://bugzilla.suse.com/1204051 https://bugzilla.suse.com/1204059 https://bugzilla.suse.com/1204060 https://bugzilla.suse.com/1204125

1 0

SUSE-SU-2022:3843-1: critical: Security update for openssl-3
by opensuse-security＠opensuse.org 01 Nov '22

01 Nov '22

SUSE Security Update: Security update for openssl-3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3843-1 Rating: critical References: #1204226 #1204714 Cross-References: CVE-2022-3358 CVE-2022-3602 CVE-2022-3786 CVSS scores: CVE-2022-3358 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-3358 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-3602 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3786 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for openssl-3 fixes the following issues: - CVE-2022-3358: Fixed vulnerability where a custom cipher passed to EVP_CipherInit() could lead into NULL encryption being unexpectedly used (bsc#1204226). - CVE-2022-3602: Fixed a buffer overflow in the X.509 email address. (bsc#1204714) - CVE-2022-3786: Fixed another buffer overflow related to X.509 email address. (bsc#1204714) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3843=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3843=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libopenssl-3-devel-3.0.1-150400.4.11.1 libopenssl3-3.0.1-150400.4.11.1 libopenssl3-debuginfo-3.0.1-150400.4.11.1 openssl-3-3.0.1-150400.4.11.1 openssl-3-debuginfo-3.0.1-150400.4.11.1 openssl-3-debugsource-3.0.1-150400.4.11.1 - openSUSE Leap 15.4 (x86_64): libopenssl-3-devel-32bit-3.0.1-150400.4.11.1 libopenssl3-32bit-3.0.1-150400.4.11.1 libopenssl3-32bit-debuginfo-3.0.1-150400.4.11.1 - openSUSE Leap 15.4 (noarch): openssl-3-doc-3.0.1-150400.4.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-3-devel-3.0.1-150400.4.11.1 libopenssl3-3.0.1-150400.4.11.1 libopenssl3-debuginfo-3.0.1-150400.4.11.1 openssl-3-3.0.1-150400.4.11.1 openssl-3-debuginfo-3.0.1-150400.4.11.1 openssl-3-debugsource-3.0.1-150400.4.11.1 References: https://www.suse.com/security/cve/CVE-2022-3358.html https://www.suse.com/security/cve/CVE-2022-3602.html https://www.suse.com/security/cve/CVE-2022-3786.html https://bugzilla.suse.com/1204226 https://bugzilla.suse.com/1204714

1 0

SUSE-SU-2022:3829-1: important: Security update for hdf5
by opensuse-security＠opensuse.org 01 Nov '22

01 Nov '22

SUSE Security Update: Security update for hdf5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3829-1 Rating: important References: #1093663 #1101475 #1101906 #1107069 #1111598 #1125882 #1167400 #1194366 #1194375 #1195212 #1195215 Cross-References: CVE-2018-11205 CVE-2018-13867 CVE-2018-14031 CVE-2018-16438 CVE-2018-17439 CVE-2019-8396 CVE-2020-10812 CVE-2021-45830 CVE-2021-45833 CVE-2021-46242 CVE-2021-46244 CVSS scores: CVE-2018-11205 (NVD) : 8.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2018-11205 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2018-13867 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-13867 (SUSE): 5.3 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L CVE-2018-14031 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14031 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-16438 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-16438 (SUSE): 2.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CVE-2018-17439 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17439 (SUSE): 6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2019-8396 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-8396 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-10812 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10812 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-45830 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45830 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-45833 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45833 (SUSE): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-46242 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-46242 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-46244 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-46244 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for HPC 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for hdf5 fixes the following issues: - CVE-2021-46244: Fixed division by zero leading to DoS (bsc#1195215). - CVE-2018-13867: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1101906). - CVE-2018-16438: Fixed out of bounds read in H5L_extern_query at H5Lexternal.c (bsc#1107069). - CVE-2020-10812: Fixed NULL pointer dereference (bsc#1167400). - CVE-2021-45830: Fixed heap buffer overflow vulnerability in H5F_addr_decode_len in /hdf5/src/H5Fint.c (bsc#1194375). - CVE-2019-8396: Fixed buffer overflow in function H5O__layout_encode in H5Olayout.c (bsc#1125882). - CVE-2018-11205: Fixed out of bounds read was discovered in H5VM_memcpyvv in H5VM.c (bsc#1093663). - CVE-2021-46242: Fixed heap-use-after free via the component H5AC_unpin_entry (bsc#1195212). - CVE-2021-45833: Fixed stack buffer overflow vulnerability (bsc#1194366). - CVE-2018-14031: Fixed heap-based buffer over-read in the function H5T_copy in H5T.c (bsc#1101475). - CVE-2018-17439: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1111598). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3829=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3829=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3829=1 - SUSE Linux Enterprise Module for HPC 15-SP3: zypper in -t patch SUSE-SLE-Module-HPC-15-SP3-2022-3829=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-hpc-examples-1.10.8-150300.4.6.1 libhdf5-gnu-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 - openSUSE Leap 15.4 (noarch): hdf5-gnu-hpc-1.10.8-150300.4.6.1 hdf5-gnu-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-mpich-hpc-1.10.8-150300.4.6.1 hdf5-gnu-mpich-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 hdf5-gnu-openmpi3-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 hdf5-gnu-openmpi4-hpc-devel-1.10.8-150300.4.6.1 hdf5-hpc-examples-1.10.8-150300.4.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-hpc-examples-1.10.8-150300.4.6.1 libhdf5-gnu-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 - openSUSE Leap 15.3 (noarch): hdf5-gnu-hpc-1.10.8-150300.4.6.1 hdf5-gnu-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-mpich-hpc-1.10.8-150300.4.6.1 hdf5-gnu-mpich-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 hdf5-gnu-openmpi3-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 hdf5-gnu-openmpi4-hpc-devel-1.10.8-150300.4.6.1 hdf5-hpc-examples-1.10.8-150300.4.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (ppc64le s390x): hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-hpc-examples-1.10.8-150300.4.6.1 libhdf5-gnu-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): hdf5-gnu-hpc-1.10.8-150300.4.6.1 hdf5-gnu-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-mpich-hpc-1.10.8-150300.4.6.1 hdf5-gnu-mpich-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 hdf5-gnu-openmpi3-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 hdf5-gnu-openmpi4-hpc-devel-1.10.8-150300.4.6.1 hdf5-hpc-examples-1.10.8-150300.4.6.1 - SUSE Linux Enterprise Module for HPC 15-SP3 (aarch64 x86_64): hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-hpc-examples-1.10.8-150300.4.6.1 libhdf5-gnu-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 - SUSE Linux Enterprise Module for HPC 15-SP3 (noarch): hdf5-gnu-hpc-1.10.8-150300.4.6.1 hdf5-gnu-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-mpich-hpc-1.10.8-150300.4.6.1 hdf5-gnu-mpich-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 hdf5-gnu-openmpi3-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 hdf5-gnu-openmpi4-hpc-devel-1.10.8-150300.4.6.1 hdf5-hpc-examples-1.10.8-150300.4.6.1 References: https://www.suse.com/security/cve/CVE-2018-11205.html https://www.suse.com/security/cve/CVE-2018-13867.html https://www.suse.com/security/cve/CVE-2018-14031.html https://www.suse.com/security/cve/CVE-2018-16438.html https://www.suse.com/security/cve/CVE-2018-17439.html https://www.suse.com/security/cve/CVE-2019-8396.html https://www.suse.com/security/cve/CVE-2020-10812.html https://www.suse.com/security/cve/CVE-2021-45830.html https://www.suse.com/security/cve/CVE-2021-45833.html https://www.suse.com/security/cve/CVE-2021-46242.html https://www.suse.com/security/cve/CVE-2021-46244.html https://bugzilla.suse.com/1093663 https://bugzilla.suse.com/1101475 https://bugzilla.suse.com/1101906 https://bugzilla.suse.com/1107069 https://bugzilla.suse.com/1111598 https://bugzilla.suse.com/1125882 https://bugzilla.suse.com/1167400 https://bugzilla.suse.com/1194366 https://bugzilla.suse.com/1194375 https://bugzilla.suse.com/1195212 https://bugzilla.suse.com/1195215

1 0

SUSE-SU-2022:3836-1: moderate: Security update for python-lxml
by opensuse-security＠opensuse.org 01 Nov '22

01 Nov '22

SUSE Security Update: Security update for python-lxml ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3836-1 Rating: moderate References: #1179534 #1184177 Cross-References: CVE-2020-27783 CVE-2021-28957 CVSS scores: CVE-2020-27783 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2020-27783 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-28957 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-28957 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-lxml fixes the following issues: - CVE-2021-28957: Fixed XSS due to missing input sanitization for HTML5 attributes (bsc#1184177). - CVE-2020-27783: Fixed XSS due to the use of improper parser (bsc#1179534). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3836=1 Package List: - openSUSE Leap 15.3 (noarch): python2-lxml-doc-4.0.0-150000.4.3.1 python3-lxml-doc-4.0.0-150000.4.3.1 References: https://www.suse.com/security/cve/CVE-2020-27783.html https://www.suse.com/security/cve/CVE-2021-28957.html https://bugzilla.suse.com/1179534 https://bugzilla.suse.com/1184177

1 0

SUSE-SU-2022:3830-1: moderate: Security update for php7
by opensuse-security＠opensuse.org 01 Nov '22

01 Nov '22

SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3830-1 Rating: moderate References: #1203867 #1203870 Cross-References: CVE-2022-31628 CVE-2022-31629 CVSS scores: CVE-2022-31628 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-31628 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-31629 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php7 fixes the following issues: - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing "quines" gzip files. (bsc#1203867) - CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3830=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): php7-wddx-7.2.5-150000.4.98.2 php7-wddx-debuginfo-7.2.5-150000.4.98.2 References: https://www.suse.com/security/cve/CVE-2022-31628.html https://www.suse.com/security/cve/CVE-2022-31629.html https://bugzilla.suse.com/1203867 https://bugzilla.suse.com/1203870

1 0

SUSE-SU-2022:3827-1: important: Security update for hdf5
by opensuse-security＠opensuse.org 01 Nov '22

01 Nov '22

SUSE Security Update: Security update for hdf5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3827-1 Rating: important References: #1093663 #1101475 #1101906 #1107069 #1111598 #1125882 #1167400 #1194366 #1194375 #1195212 #1195215 Cross-References: CVE-2018-11205 CVE-2018-13867 CVE-2018-14031 CVE-2018-16438 CVE-2018-17439 CVE-2019-8396 CVE-2020-10812 CVE-2021-45830 CVE-2021-45833 CVE-2021-46242 CVE-2021-46244 CVSS scores: CVE-2018-11205 (NVD) : 8.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2018-11205 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2018-13867 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-13867 (SUSE): 5.3 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L CVE-2018-14031 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14031 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-16438 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-16438 (SUSE): 2.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CVE-2018-17439 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17439 (SUSE): 6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2019-8396 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-8396 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-10812 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10812 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-45830 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45830 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-45833 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45833 (SUSE): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-46242 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-46242 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-46244 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-46244 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for hdf5 fixes the following issues: - CVE-2021-46244: Fixed division by zero leading to DoS (bsc#1195215). - CVE-2018-13867: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1101906). - CVE-2018-16438: Fixed out of bounds read in H5L_extern_query at H5Lexternal.c (bsc#1107069). - CVE-2020-10812: Fixed NULL pointer dereference (bsc#1167400). - CVE-2021-45830: Fixed heap buffer overflow vulnerability in H5F_addr_decode_len in /hdf5/src/H5Fint.c (bsc#1194375). - CVE-2019-8396: Fixed buffer overflow in function H5O__layout_encode in H5Olayout.c (bsc#1125882). - CVE-2018-11205: Fixed out of bounds read was discovered in H5VM_memcpyvv in H5VM.c (bsc#1093663). - CVE-2021-46242: Fixed heap-use-after free via the component H5AC_unpin_entry (bsc#1195212). - CVE-2021-45833: Fixed stack buffer overflow vulnerability (bsc#1194366). - CVE-2018-14031: Fixed heap-based buffer over-read in the function H5T_copy in H5T.c (bsc#1101475). - CVE-2018-17439: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1111598). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3827=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3827=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3827=1 Package List: - openSUSE Leap 15.4 (ppc64le): hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-module-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-debugsource-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-devel-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-devel-static-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-module-1.10.8-150100.7.7.1 hdf5_1_10_8-hpc-examples-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-module-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-debugsource-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-devel-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-devel-static-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-module-1.10.8-150100.7.7.1 hdf5_1_10_8-hpc-examples-1.10.8-150100.7.7.1 libhdf5-gnu-hpc-1.10.8-150100.7.7.1 libhdf5-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_cpp-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_cpp-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_cpp-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_fortran-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_fortran-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_hl-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_hl-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_cpp-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_fortran-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_fortran-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): hdf5-gnu-hpc-devel-1.10.8-150100.7.7.1 hdf5-gnu-mpich-hpc-devel-1.10.8-150100.7.7.1 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150100.7.7.1 hdf5-gnu-openmpi2-hpc-devel-1.10.8-150100.7.7.1 hdf5-hpc-examples-1.10.8-150100.7.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-module-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-debugsource-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-devel-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-devel-static-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-module-1.10.8-150100.7.7.1 hdf5_1_10_8-hpc-examples-1.10.8-150100.7.7.1 libhdf5-gnu-hpc-1.10.8-150100.7.7.1 libhdf5-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_cpp-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_cpp-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_cpp-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_fortran-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_fortran-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_hl-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_hl-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_cpp-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_fortran-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_fortran-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): hdf5-gnu-hpc-devel-1.10.8-150100.7.7.1 hdf5-gnu-mpich-hpc-devel-1.10.8-150100.7.7.1 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150100.7.7.1 hdf5-gnu-openmpi2-hpc-devel-1.10.8-150100.7.7.1 hdf5-hpc-examples-1.10.8-150100.7.7.1 References: https://www.suse.com/security/cve/CVE-2018-11205.html https://www.suse.com/security/cve/CVE-2018-13867.html https://www.suse.com/security/cve/CVE-2018-14031.html https://www.suse.com/security/cve/CVE-2018-16438.html https://www.suse.com/security/cve/CVE-2018-17439.html https://www.suse.com/security/cve/CVE-2019-8396.html https://www.suse.com/security/cve/CVE-2020-10812.html https://www.suse.com/security/cve/CVE-2021-45830.html https://www.suse.com/security/cve/CVE-2021-45833.html https://www.suse.com/security/cve/CVE-2021-46242.html https://www.suse.com/security/cve/CVE-2021-46244.html https://bugzilla.suse.com/1093663 https://bugzilla.suse.com/1101475 https://bugzilla.suse.com/1101906 https://bugzilla.suse.com/1107069 https://bugzilla.suse.com/1111598 https://bugzilla.suse.com/1125882 https://bugzilla.suse.com/1167400 https://bugzilla.suse.com/1194366 https://bugzilla.suse.com/1194375 https://bugzilla.suse.com/1195212 https://bugzilla.suse.com/1195215

1 0

SUSE-SU-2022:3837-1: moderate: Security update for gnome-desktop
by opensuse-security＠opensuse.org 01 Nov '22

01 Nov '22

SUSE Security Update: Security update for gnome-desktop ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3837-1 Rating: moderate References: #1133043 Cross-References: CVE-2019-11460 CVSS scores: CVE-2019-11460 (NVD) : 9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2019-11460 (SUSE): 4.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gnome-desktop fixes the following issues: - CVE-2019-11460: Fixed sandbox issue that allowed bypassing from a compromised thumbnailer (bsc#1133043). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3837=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3837=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libgnome-desktop-3-12-3.26.2-150000.4.3.1 libgnome-desktop-3-12-debuginfo-3.26.2-150000.4.3.1 - openSUSE Leap 15.4 (x86_64): libgnome-desktop-3-12-32bit-3.26.2-150000.4.3.1 libgnome-desktop-3-12-32bit-debuginfo-3.26.2-150000.4.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libgnome-desktop-3-12-3.26.2-150000.4.3.1 libgnome-desktop-3-12-debuginfo-3.26.2-150000.4.3.1 - openSUSE Leap 15.3 (x86_64): libgnome-desktop-3-12-32bit-3.26.2-150000.4.3.1 libgnome-desktop-3-12-32bit-debuginfo-3.26.2-150000.4.3.1 References: https://www.suse.com/security/cve/CVE-2019-11460.html https://bugzilla.suse.com/1133043

1 0

SUSE-SU-2022:3834-1: moderate: Security update for python-Flask-Security
by opensuse-security＠opensuse.org 01 Nov '22

01 Nov '22

SUSE Security Update: Security update for python-Flask-Security ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3834-1 Rating: moderate References: #1202105 Cross-References: CVE-2021-23385 CVSS scores: CVE-2021-23385 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-23385 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Flask-Security fixes the following issues: - CVE-2021-23385: Fixed open redirect (bsc#1202105). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3834=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3834=1 Package List: - openSUSE Leap 15.4 (noarch): python3-Flask-Security-3.0.0-150100.4.3.1 - openSUSE Leap 15.3 (noarch): python2-Flask-Security-3.0.0-150100.4.3.1 python3-Flask-Security-3.0.0-150100.4.3.1 References: https://www.suse.com/security/cve/CVE-2021-23385.html https://bugzilla.suse.com/1202105

1 0

SUSE-SU-2022:3833-1: moderate: Security update for podofo
by opensuse-security＠opensuse.org 01 Nov '22

01 Nov '22

SUSE Security Update: Security update for podofo ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3833-1 Rating: moderate References: #1099719 Cross-References: CVE-2018-12983 CVSS scores: CVE-2018-12983 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-12983 (SUSE): 6.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for podofo fixes the following issues: - CVE-2018-12983: Fixed a stack overrun (bsc#1099719). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3833=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3833=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpodofo-devel-0.9.6-150300.3.6.1 libpodofo0_9_6-0.9.6-150300.3.6.1 libpodofo0_9_6-debuginfo-0.9.6-150300.3.6.1 podofo-0.9.6-150300.3.6.1 podofo-debuginfo-0.9.6-150300.3.6.1 podofo-debugsource-0.9.6-150300.3.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libpodofo-devel-0.9.6-150300.3.6.1 libpodofo0_9_6-0.9.6-150300.3.6.1 libpodofo0_9_6-debuginfo-0.9.6-150300.3.6.1 podofo-0.9.6-150300.3.6.1 podofo-debuginfo-0.9.6-150300.3.6.1 podofo-debugsource-0.9.6-150300.3.6.1 References: https://www.suse.com/security/cve/CVE-2018-12983.html https://bugzilla.suse.com/1099719

1 0

SUSE-SU-2022:3823-1: important: Security update for hsqldb
by opensuse-security＠opensuse.org 01 Nov '22

01 Nov '22

SUSE Security Update: Security update for hsqldb ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3823-1 Rating: important References: #1204521 Cross-References: CVE-2022-41853 CVSS scores: CVE-2022-41853 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41853 (SUSE): 8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for hsqldb fixes the following issues: - CVE-2022-41853: Fixed insufficient input sanitization (bsc#1204521). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3823=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3823=1 Package List: - openSUSE Leap 15.4 (noarch): hsqldb-2.3.3-150000.7.3.1 hsqldb-demo-2.3.3-150000.7.3.1 hsqldb-javadoc-2.3.3-150000.7.3.1 hsqldb-manual-2.3.3-150000.7.3.1 - openSUSE Leap 15.3 (noarch): hsqldb-2.3.3-150000.7.3.1 hsqldb-demo-2.3.3-150000.7.3.1 hsqldb-javadoc-2.3.3-150000.7.3.1 hsqldb-manual-2.3.3-150000.7.3.1 References: https://www.suse.com/security/cve/CVE-2022-41853.html https://bugzilla.suse.com/1204521

1 0

SUSE-SU-2022:3835-1: moderate: Security update for nodejs10
by opensuse-security＠opensuse.org 01 Nov '22

01 Nov '22

SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3835-1 Rating: moderate References: #1201325 #1203832 Cross-References: CVE-2022-32213 CVE-2022-35256 CVSS scores: CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nodejs10 fixes the following issues: - CVE-2022-35256: Fixed incorrect parsing of header fields (bsc#1203832). - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3835=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3835=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.50.1 nodejs10-debuginfo-10.24.1-150000.1.50.1 nodejs10-debugsource-10.24.1-150000.1.50.1 nodejs10-devel-10.24.1-150000.1.50.1 npm10-10.24.1-150000.1.50.1 - openSUSE Leap 15.4 (noarch): nodejs10-docs-10.24.1-150000.1.50.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.50.1 nodejs10-debuginfo-10.24.1-150000.1.50.1 nodejs10-debugsource-10.24.1-150000.1.50.1 nodejs10-devel-10.24.1-150000.1.50.1 npm10-10.24.1-150000.1.50.1 - openSUSE Leap 15.3 (noarch): nodejs10-docs-10.24.1-150000.1.50.1 References: https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-35256.html https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1203832

1 0