November 2022 - openSUSE Security Announce

SUSE-SU-2022:3997-1: important: Security update for php7
by opensuse-security＠opensuse.org 15 Nov '22

15 Nov '22

SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3997-1 Rating: important References: #1203867 #1203870 #1204577 #1204979 SLE-23639 Cross-References: CVE-2021-21707 CVE-2021-21708 CVE-2022-31625 CVE-2022-31626 CVE-2022-31628 CVE-2022-31629 CVE-2022-31630 CVE-2022-37454 CVSS scores: CVE-2021-21707 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-21707 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-21708 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-21708 (SUSE): 7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H CVE-2022-31625 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-31625 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31626 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31626 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31628 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-31628 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-31629 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2022-31630 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-37454 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37454 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 8 vulnerabilities, contains one feature is now available. Description: This update for php7 fixes the following issues: - Version update to 7.4.33: - CVE-2022-31630: Fixed out-of-bounds read due to insufficient input validation in imageloadfont() (bsc#1204979). - CVE-2022-37454: Fixed buffer overflow in hash_update() on long parameter (bsc#1204577). - Version update to 7.4.32 (jsc#SLE-23639) - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing "quines" gzip files. (bsc#1203867) - CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3997=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3997=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-3997=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.33-150400.4.13.1 apache2-mod_php7-debuginfo-7.4.33-150400.4.13.1 apache2-mod_php7-debugsource-7.4.33-150400.4.13.1 php7-7.4.33-150400.4.13.1 php7-bcmath-7.4.33-150400.4.13.1 php7-bcmath-debuginfo-7.4.33-150400.4.13.1 php7-bz2-7.4.33-150400.4.13.1 php7-bz2-debuginfo-7.4.33-150400.4.13.1 php7-calendar-7.4.33-150400.4.13.1 php7-calendar-debuginfo-7.4.33-150400.4.13.1 php7-cli-7.4.33-150400.4.13.1 php7-cli-debuginfo-7.4.33-150400.4.13.1 php7-ctype-7.4.33-150400.4.13.1 php7-ctype-debuginfo-7.4.33-150400.4.13.1 php7-curl-7.4.33-150400.4.13.1 php7-curl-debuginfo-7.4.33-150400.4.13.1 php7-dba-7.4.33-150400.4.13.1 php7-dba-debuginfo-7.4.33-150400.4.13.1 php7-debuginfo-7.4.33-150400.4.13.1 php7-debugsource-7.4.33-150400.4.13.1 php7-devel-7.4.33-150400.4.13.1 php7-dom-7.4.33-150400.4.13.1 php7-dom-debuginfo-7.4.33-150400.4.13.1 php7-embed-7.4.33-150400.4.13.1 php7-embed-debuginfo-7.4.33-150400.4.13.1 php7-embed-debugsource-7.4.33-150400.4.13.1 php7-enchant-7.4.33-150400.4.13.1 php7-enchant-debuginfo-7.4.33-150400.4.13.1 php7-exif-7.4.33-150400.4.13.1 php7-exif-debuginfo-7.4.33-150400.4.13.1 php7-fastcgi-7.4.33-150400.4.13.1 php7-fastcgi-debuginfo-7.4.33-150400.4.13.1 php7-fastcgi-debugsource-7.4.33-150400.4.13.1 php7-fileinfo-7.4.33-150400.4.13.1 php7-fileinfo-debuginfo-7.4.33-150400.4.13.1 php7-fpm-7.4.33-150400.4.13.1 php7-fpm-debuginfo-7.4.33-150400.4.13.1 php7-fpm-debugsource-7.4.33-150400.4.13.1 php7-ftp-7.4.33-150400.4.13.1 php7-ftp-debuginfo-7.4.33-150400.4.13.1 php7-gd-7.4.33-150400.4.13.1 php7-gd-debuginfo-7.4.33-150400.4.13.1 php7-gettext-7.4.33-150400.4.13.1 php7-gettext-debuginfo-7.4.33-150400.4.13.1 php7-gmp-7.4.33-150400.4.13.1 php7-gmp-debuginfo-7.4.33-150400.4.13.1 php7-iconv-7.4.33-150400.4.13.1 php7-iconv-debuginfo-7.4.33-150400.4.13.1 php7-intl-7.4.33-150400.4.13.1 php7-intl-debuginfo-7.4.33-150400.4.13.1 php7-json-7.4.33-150400.4.13.1 php7-json-debuginfo-7.4.33-150400.4.13.1 php7-ldap-7.4.33-150400.4.13.1 php7-ldap-debuginfo-7.4.33-150400.4.13.1 php7-mbstring-7.4.33-150400.4.13.1 php7-mbstring-debuginfo-7.4.33-150400.4.13.1 php7-mysql-7.4.33-150400.4.13.1 php7-mysql-debuginfo-7.4.33-150400.4.13.1 php7-odbc-7.4.33-150400.4.13.1 php7-odbc-debuginfo-7.4.33-150400.4.13.1 php7-opcache-7.4.33-150400.4.13.1 php7-opcache-debuginfo-7.4.33-150400.4.13.1 php7-openssl-7.4.33-150400.4.13.1 php7-openssl-debuginfo-7.4.33-150400.4.13.1 php7-pcntl-7.4.33-150400.4.13.1 php7-pcntl-debuginfo-7.4.33-150400.4.13.1 php7-pdo-7.4.33-150400.4.13.1 php7-pdo-debuginfo-7.4.33-150400.4.13.1 php7-pgsql-7.4.33-150400.4.13.1 php7-pgsql-debuginfo-7.4.33-150400.4.13.1 php7-phar-7.4.33-150400.4.13.1 php7-phar-debuginfo-7.4.33-150400.4.13.1 php7-posix-7.4.33-150400.4.13.1 php7-posix-debuginfo-7.4.33-150400.4.13.1 php7-readline-7.4.33-150400.4.13.1 php7-readline-debuginfo-7.4.33-150400.4.13.1 php7-shmop-7.4.33-150400.4.13.1 php7-shmop-debuginfo-7.4.33-150400.4.13.1 php7-snmp-7.4.33-150400.4.13.1 php7-snmp-debuginfo-7.4.33-150400.4.13.1 php7-soap-7.4.33-150400.4.13.1 php7-soap-debuginfo-7.4.33-150400.4.13.1 php7-sockets-7.4.33-150400.4.13.1 php7-sockets-debuginfo-7.4.33-150400.4.13.1 php7-sodium-7.4.33-150400.4.13.1 php7-sodium-debuginfo-7.4.33-150400.4.13.1 php7-sqlite-7.4.33-150400.4.13.1 php7-sqlite-debuginfo-7.4.33-150400.4.13.1 php7-sysvmsg-7.4.33-150400.4.13.1 php7-sysvmsg-debuginfo-7.4.33-150400.4.13.1 php7-sysvsem-7.4.33-150400.4.13.1 php7-sysvsem-debuginfo-7.4.33-150400.4.13.1 php7-sysvshm-7.4.33-150400.4.13.1 php7-sysvshm-debuginfo-7.4.33-150400.4.13.1 php7-test-7.4.33-150400.4.13.2 php7-tidy-7.4.33-150400.4.13.1 php7-tidy-debuginfo-7.4.33-150400.4.13.1 php7-tokenizer-7.4.33-150400.4.13.1 php7-tokenizer-debuginfo-7.4.33-150400.4.13.1 php7-xmlreader-7.4.33-150400.4.13.1 php7-xmlreader-debuginfo-7.4.33-150400.4.13.1 php7-xmlrpc-7.4.33-150400.4.13.1 php7-xmlrpc-debuginfo-7.4.33-150400.4.13.1 php7-xmlwriter-7.4.33-150400.4.13.1 php7-xmlwriter-debuginfo-7.4.33-150400.4.13.1 php7-xsl-7.4.33-150400.4.13.1 php7-xsl-debuginfo-7.4.33-150400.4.13.1 php7-zip-7.4.33-150400.4.13.1 php7-zip-debuginfo-7.4.33-150400.4.13.1 php7-zlib-7.4.33-150400.4.13.1 php7-zlib-debuginfo-7.4.33-150400.4.13.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): php7-embed-7.4.33-150400.4.13.1 php7-embed-debuginfo-7.4.33-150400.4.13.1 php7-embed-debugsource-7.4.33-150400.4.13.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.33-150400.4.13.1 apache2-mod_php7-debuginfo-7.4.33-150400.4.13.1 apache2-mod_php7-debugsource-7.4.33-150400.4.13.1 php7-7.4.33-150400.4.13.1 php7-bcmath-7.4.33-150400.4.13.1 php7-bcmath-debuginfo-7.4.33-150400.4.13.1 php7-bz2-7.4.33-150400.4.13.1 php7-bz2-debuginfo-7.4.33-150400.4.13.1 php7-calendar-7.4.33-150400.4.13.1 php7-calendar-debuginfo-7.4.33-150400.4.13.1 php7-cli-7.4.33-150400.4.13.1 php7-cli-debuginfo-7.4.33-150400.4.13.1 php7-ctype-7.4.33-150400.4.13.1 php7-ctype-debuginfo-7.4.33-150400.4.13.1 php7-curl-7.4.33-150400.4.13.1 php7-curl-debuginfo-7.4.33-150400.4.13.1 php7-dba-7.4.33-150400.4.13.1 php7-dba-debuginfo-7.4.33-150400.4.13.1 php7-debuginfo-7.4.33-150400.4.13.1 php7-debugsource-7.4.33-150400.4.13.1 php7-devel-7.4.33-150400.4.13.1 php7-dom-7.4.33-150400.4.13.1 php7-dom-debuginfo-7.4.33-150400.4.13.1 php7-enchant-7.4.33-150400.4.13.1 php7-enchant-debuginfo-7.4.33-150400.4.13.1 php7-exif-7.4.33-150400.4.13.1 php7-exif-debuginfo-7.4.33-150400.4.13.1 php7-fastcgi-7.4.33-150400.4.13.1 php7-fastcgi-debuginfo-7.4.33-150400.4.13.1 php7-fastcgi-debugsource-7.4.33-150400.4.13.1 php7-fileinfo-7.4.33-150400.4.13.1 php7-fileinfo-debuginfo-7.4.33-150400.4.13.1 php7-fpm-7.4.33-150400.4.13.1 php7-fpm-debuginfo-7.4.33-150400.4.13.1 php7-fpm-debugsource-7.4.33-150400.4.13.1 php7-ftp-7.4.33-150400.4.13.1 php7-ftp-debuginfo-7.4.33-150400.4.13.1 php7-gd-7.4.33-150400.4.13.1 php7-gd-debuginfo-7.4.33-150400.4.13.1 php7-gettext-7.4.33-150400.4.13.1 php7-gettext-debuginfo-7.4.33-150400.4.13.1 php7-gmp-7.4.33-150400.4.13.1 php7-gmp-debuginfo-7.4.33-150400.4.13.1 php7-iconv-7.4.33-150400.4.13.1 php7-iconv-debuginfo-7.4.33-150400.4.13.1 php7-intl-7.4.33-150400.4.13.1 php7-intl-debuginfo-7.4.33-150400.4.13.1 php7-json-7.4.33-150400.4.13.1 php7-json-debuginfo-7.4.33-150400.4.13.1 php7-ldap-7.4.33-150400.4.13.1 php7-ldap-debuginfo-7.4.33-150400.4.13.1 php7-mbstring-7.4.33-150400.4.13.1 php7-mbstring-debuginfo-7.4.33-150400.4.13.1 php7-mysql-7.4.33-150400.4.13.1 php7-mysql-debuginfo-7.4.33-150400.4.13.1 php7-odbc-7.4.33-150400.4.13.1 php7-odbc-debuginfo-7.4.33-150400.4.13.1 php7-opcache-7.4.33-150400.4.13.1 php7-opcache-debuginfo-7.4.33-150400.4.13.1 php7-openssl-7.4.33-150400.4.13.1 php7-openssl-debuginfo-7.4.33-150400.4.13.1 php7-pcntl-7.4.33-150400.4.13.1 php7-pcntl-debuginfo-7.4.33-150400.4.13.1 php7-pdo-7.4.33-150400.4.13.1 php7-pdo-debuginfo-7.4.33-150400.4.13.1 php7-pgsql-7.4.33-150400.4.13.1 php7-pgsql-debuginfo-7.4.33-150400.4.13.1 php7-phar-7.4.33-150400.4.13.1 php7-phar-debuginfo-7.4.33-150400.4.13.1 php7-posix-7.4.33-150400.4.13.1 php7-posix-debuginfo-7.4.33-150400.4.13.1 php7-readline-7.4.33-150400.4.13.1 php7-readline-debuginfo-7.4.33-150400.4.13.1 php7-shmop-7.4.33-150400.4.13.1 php7-shmop-debuginfo-7.4.33-150400.4.13.1 php7-snmp-7.4.33-150400.4.13.1 php7-snmp-debuginfo-7.4.33-150400.4.13.1 php7-soap-7.4.33-150400.4.13.1 php7-soap-debuginfo-7.4.33-150400.4.13.1 php7-sockets-7.4.33-150400.4.13.1 php7-sockets-debuginfo-7.4.33-150400.4.13.1 php7-sodium-7.4.33-150400.4.13.1 php7-sodium-debuginfo-7.4.33-150400.4.13.1 php7-sqlite-7.4.33-150400.4.13.1 php7-sqlite-debuginfo-7.4.33-150400.4.13.1 php7-sysvmsg-7.4.33-150400.4.13.1 php7-sysvmsg-debuginfo-7.4.33-150400.4.13.1 php7-sysvsem-7.4.33-150400.4.13.1 php7-sysvsem-debuginfo-7.4.33-150400.4.13.1 php7-sysvshm-7.4.33-150400.4.13.1 php7-sysvshm-debuginfo-7.4.33-150400.4.13.1 php7-tidy-7.4.33-150400.4.13.1 php7-tidy-debuginfo-7.4.33-150400.4.13.1 php7-tokenizer-7.4.33-150400.4.13.1 php7-tokenizer-debuginfo-7.4.33-150400.4.13.1 php7-xmlreader-7.4.33-150400.4.13.1 php7-xmlreader-debuginfo-7.4.33-150400.4.13.1 php7-xmlrpc-7.4.33-150400.4.13.1 php7-xmlrpc-debuginfo-7.4.33-150400.4.13.1 php7-xmlwriter-7.4.33-150400.4.13.1 php7-xmlwriter-debuginfo-7.4.33-150400.4.13.1 php7-xsl-7.4.33-150400.4.13.1 php7-xsl-debuginfo-7.4.33-150400.4.13.1 php7-zip-7.4.33-150400.4.13.1 php7-zip-debuginfo-7.4.33-150400.4.13.1 php7-zlib-7.4.33-150400.4.13.1 php7-zlib-debuginfo-7.4.33-150400.4.13.1 References: https://www.suse.com/security/cve/CVE-2021-21707.html https://www.suse.com/security/cve/CVE-2021-21708.html https://www.suse.com/security/cve/CVE-2022-31625.html https://www.suse.com/security/cve/CVE-2022-31626.html https://www.suse.com/security/cve/CVE-2022-31628.html https://www.suse.com/security/cve/CVE-2022-31629.html https://www.suse.com/security/cve/CVE-2022-31630.html https://www.suse.com/security/cve/CVE-2022-37454.html https://bugzilla.suse.com/1203867 https://bugzilla.suse.com/1203870 https://bugzilla.suse.com/1204577 https://bugzilla.suse.com/1204979

1 0

SUSE-SU-2022:3995-1: important: Security update for jackson-databind
by opensuse-security＠opensuse.org 15 Nov '22

15 Nov '22

SUSE Security Update: Security update for jackson-databind ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3995-1 Rating: important References: #1204369 #1204370 Cross-References: CVE-2022-42003 CVE-2022-42004 CVSS scores: CVE-2022-42003 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-42003 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-42004 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-42004 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for jackson-databind fixes the following issues: Update to version 2.13.4.2: - CVE-2022-42003: Fixed missing check in primitive value deserializers to avoid deep wrapper array nesting wrt 'UNWRAP_SINGLE_VALUE_ARRAYS' (bsc#1204370). - CVE-2022-42004: Fixed missing check in 'BeanDeserializer._deserializeFromArray()' to prevent use of deeply nested arrays (bsc#1204369). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3995=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3995=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3995=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3995=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3995=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3995=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3995=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3995=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3995=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3995=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3995=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3995=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3995=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3995=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3995=1 Package List: - openSUSE Leap 15.4 (noarch): jackson-databind-2.13.4.2-150200.3.12.1 jackson-databind-javadoc-2.13.4.2-150200.3.12.1 - openSUSE Leap 15.3 (noarch): jackson-databind-2.13.4.2-150200.3.12.1 jackson-databind-javadoc-2.13.4.2-150200.3.12.1 - SUSE Manager Server 4.1 (noarch): jackson-databind-2.13.4.2-150200.3.12.1 - SUSE Manager Retail Branch Server 4.1 (noarch): jackson-databind-2.13.4.2-150200.3.12.1 - SUSE Manager Proxy 4.1 (noarch): jackson-databind-2.13.4.2-150200.3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): jackson-databind-2.13.4.2-150200.3.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): jackson-databind-2.13.4.2-150200.3.12.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): jackson-databind-2.13.4.2-150200.3.12.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): jackson-databind-2.13.4.2-150200.3.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): jackson-databind-2.13.4.2-150200.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): jackson-databind-2.13.4.2-150200.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): jackson-databind-2.13.4.2-150200.3.12.1 jackson-databind-javadoc-2.13.4.2-150200.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): jackson-databind-2.13.4.2-150200.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): jackson-databind-2.13.4.2-150200.3.12.1 - SUSE Enterprise Storage 7 (noarch): jackson-databind-2.13.4.2-150200.3.12.1 References: https://www.suse.com/security/cve/CVE-2022-42003.html https://www.suse.com/security/cve/CVE-2022-42004.html https://bugzilla.suse.com/1204369 https://bugzilla.suse.com/1204370

1 0

SUSE-SU-2022:4005-1: important: Security update for php8
by opensuse-security＠opensuse.org 15 Nov '22

15 Nov '22

SUSE Security Update: Security update for php8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4005-1 Rating: important References: #1204577 #1204979 Cross-References: CVE-2022-31630 CVE-2022-37454 CVSS scores: CVE-2022-31630 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-37454 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37454 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Web Scripting 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php8 fixes the following issues: - CVE-2022-37454: Fixed buffer overflow in hash_update() on long parameter (bug#81738) (bsc#1204577). - CVE-2022-31630: Fixed OOB read due to insufficient input validation in imageloadfont() (bug#81739) (bsc#1204979). - version update to 8.0.25 (27 Oct 2022) * Session: Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn't have a validateId() method). * Streams: Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4005=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2022-4005=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apache2-mod_php8-8.0.25-150400.4.17.1 apache2-mod_php8-debuginfo-8.0.25-150400.4.17.1 apache2-mod_php8-debugsource-8.0.25-150400.4.17.1 php8-8.0.25-150400.4.17.1 php8-bcmath-8.0.25-150400.4.17.1 php8-bcmath-debuginfo-8.0.25-150400.4.17.1 php8-bz2-8.0.25-150400.4.17.1 php8-bz2-debuginfo-8.0.25-150400.4.17.1 php8-calendar-8.0.25-150400.4.17.1 php8-calendar-debuginfo-8.0.25-150400.4.17.1 php8-cli-8.0.25-150400.4.17.1 php8-cli-debuginfo-8.0.25-150400.4.17.1 php8-ctype-8.0.25-150400.4.17.1 php8-ctype-debuginfo-8.0.25-150400.4.17.1 php8-curl-8.0.25-150400.4.17.1 php8-curl-debuginfo-8.0.25-150400.4.17.1 php8-dba-8.0.25-150400.4.17.1 php8-dba-debuginfo-8.0.25-150400.4.17.1 php8-debuginfo-8.0.25-150400.4.17.1 php8-debugsource-8.0.25-150400.4.17.1 php8-devel-8.0.25-150400.4.17.1 php8-dom-8.0.25-150400.4.17.1 php8-dom-debuginfo-8.0.25-150400.4.17.1 php8-embed-8.0.25-150400.4.17.1 php8-embed-debuginfo-8.0.25-150400.4.17.1 php8-embed-debugsource-8.0.25-150400.4.17.1 php8-enchant-8.0.25-150400.4.17.1 php8-enchant-debuginfo-8.0.25-150400.4.17.1 php8-exif-8.0.25-150400.4.17.1 php8-exif-debuginfo-8.0.25-150400.4.17.1 php8-fastcgi-8.0.25-150400.4.17.1 php8-fastcgi-debuginfo-8.0.25-150400.4.17.1 php8-fastcgi-debugsource-8.0.25-150400.4.17.1 php8-fileinfo-8.0.25-150400.4.17.1 php8-fileinfo-debuginfo-8.0.25-150400.4.17.1 php8-fpm-8.0.25-150400.4.17.1 php8-fpm-debuginfo-8.0.25-150400.4.17.1 php8-fpm-debugsource-8.0.25-150400.4.17.1 php8-ftp-8.0.25-150400.4.17.1 php8-ftp-debuginfo-8.0.25-150400.4.17.1 php8-gd-8.0.25-150400.4.17.1 php8-gd-debuginfo-8.0.25-150400.4.17.1 php8-gettext-8.0.25-150400.4.17.1 php8-gettext-debuginfo-8.0.25-150400.4.17.1 php8-gmp-8.0.25-150400.4.17.1 php8-gmp-debuginfo-8.0.25-150400.4.17.1 php8-iconv-8.0.25-150400.4.17.1 php8-iconv-debuginfo-8.0.25-150400.4.17.1 php8-intl-8.0.25-150400.4.17.1 php8-intl-debuginfo-8.0.25-150400.4.17.1 php8-ldap-8.0.25-150400.4.17.1 php8-ldap-debuginfo-8.0.25-150400.4.17.1 php8-mbstring-8.0.25-150400.4.17.1 php8-mbstring-debuginfo-8.0.25-150400.4.17.1 php8-mysql-8.0.25-150400.4.17.1 php8-mysql-debuginfo-8.0.25-150400.4.17.1 php8-odbc-8.0.25-150400.4.17.1 php8-odbc-debuginfo-8.0.25-150400.4.17.1 php8-opcache-8.0.25-150400.4.17.1 php8-opcache-debuginfo-8.0.25-150400.4.17.1 php8-openssl-8.0.25-150400.4.17.1 php8-openssl-debuginfo-8.0.25-150400.4.17.1 php8-pcntl-8.0.25-150400.4.17.1 php8-pcntl-debuginfo-8.0.25-150400.4.17.1 php8-pdo-8.0.25-150400.4.17.1 php8-pdo-debuginfo-8.0.25-150400.4.17.1 php8-pgsql-8.0.25-150400.4.17.1 php8-pgsql-debuginfo-8.0.25-150400.4.17.1 php8-phar-8.0.25-150400.4.17.1 php8-phar-debuginfo-8.0.25-150400.4.17.1 php8-posix-8.0.25-150400.4.17.1 php8-posix-debuginfo-8.0.25-150400.4.17.1 php8-readline-8.0.25-150400.4.17.1 php8-readline-debuginfo-8.0.25-150400.4.17.1 php8-shmop-8.0.25-150400.4.17.1 php8-shmop-debuginfo-8.0.25-150400.4.17.1 php8-snmp-8.0.25-150400.4.17.1 php8-snmp-debuginfo-8.0.25-150400.4.17.1 php8-soap-8.0.25-150400.4.17.1 php8-soap-debuginfo-8.0.25-150400.4.17.1 php8-sockets-8.0.25-150400.4.17.1 php8-sockets-debuginfo-8.0.25-150400.4.17.1 php8-sodium-8.0.25-150400.4.17.1 php8-sodium-debuginfo-8.0.25-150400.4.17.1 php8-sqlite-8.0.25-150400.4.17.1 php8-sqlite-debuginfo-8.0.25-150400.4.17.1 php8-sysvmsg-8.0.25-150400.4.17.1 php8-sysvmsg-debuginfo-8.0.25-150400.4.17.1 php8-sysvsem-8.0.25-150400.4.17.1 php8-sysvsem-debuginfo-8.0.25-150400.4.17.1 php8-sysvshm-8.0.25-150400.4.17.1 php8-sysvshm-debuginfo-8.0.25-150400.4.17.1 php8-test-8.0.25-150400.4.17.1 php8-tidy-8.0.25-150400.4.17.1 php8-tidy-debuginfo-8.0.25-150400.4.17.1 php8-tokenizer-8.0.25-150400.4.17.1 php8-tokenizer-debuginfo-8.0.25-150400.4.17.1 php8-xmlreader-8.0.25-150400.4.17.1 php8-xmlreader-debuginfo-8.0.25-150400.4.17.1 php8-xmlwriter-8.0.25-150400.4.17.1 php8-xmlwriter-debuginfo-8.0.25-150400.4.17.1 php8-xsl-8.0.25-150400.4.17.1 php8-xsl-debuginfo-8.0.25-150400.4.17.1 php8-zip-8.0.25-150400.4.17.1 php8-zip-debuginfo-8.0.25-150400.4.17.1 php8-zlib-8.0.25-150400.4.17.1 php8-zlib-debuginfo-8.0.25-150400.4.17.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_php8-8.0.25-150400.4.17.1 apache2-mod_php8-debuginfo-8.0.25-150400.4.17.1 apache2-mod_php8-debugsource-8.0.25-150400.4.17.1 php8-8.0.25-150400.4.17.1 php8-bcmath-8.0.25-150400.4.17.1 php8-bcmath-debuginfo-8.0.25-150400.4.17.1 php8-bz2-8.0.25-150400.4.17.1 php8-bz2-debuginfo-8.0.25-150400.4.17.1 php8-calendar-8.0.25-150400.4.17.1 php8-calendar-debuginfo-8.0.25-150400.4.17.1 php8-cli-8.0.25-150400.4.17.1 php8-cli-debuginfo-8.0.25-150400.4.17.1 php8-ctype-8.0.25-150400.4.17.1 php8-ctype-debuginfo-8.0.25-150400.4.17.1 php8-curl-8.0.25-150400.4.17.1 php8-curl-debuginfo-8.0.25-150400.4.17.1 php8-dba-8.0.25-150400.4.17.1 php8-dba-debuginfo-8.0.25-150400.4.17.1 php8-debuginfo-8.0.25-150400.4.17.1 php8-debugsource-8.0.25-150400.4.17.1 php8-devel-8.0.25-150400.4.17.1 php8-dom-8.0.25-150400.4.17.1 php8-dom-debuginfo-8.0.25-150400.4.17.1 php8-embed-8.0.25-150400.4.17.1 php8-embed-debuginfo-8.0.25-150400.4.17.1 php8-embed-debugsource-8.0.25-150400.4.17.1 php8-enchant-8.0.25-150400.4.17.1 php8-enchant-debuginfo-8.0.25-150400.4.17.1 php8-exif-8.0.25-150400.4.17.1 php8-exif-debuginfo-8.0.25-150400.4.17.1 php8-fastcgi-8.0.25-150400.4.17.1 php8-fastcgi-debuginfo-8.0.25-150400.4.17.1 php8-fastcgi-debugsource-8.0.25-150400.4.17.1 php8-fileinfo-8.0.25-150400.4.17.1 php8-fileinfo-debuginfo-8.0.25-150400.4.17.1 php8-fpm-8.0.25-150400.4.17.1 php8-fpm-debuginfo-8.0.25-150400.4.17.1 php8-fpm-debugsource-8.0.25-150400.4.17.1 php8-ftp-8.0.25-150400.4.17.1 php8-ftp-debuginfo-8.0.25-150400.4.17.1 php8-gd-8.0.25-150400.4.17.1 php8-gd-debuginfo-8.0.25-150400.4.17.1 php8-gettext-8.0.25-150400.4.17.1 php8-gettext-debuginfo-8.0.25-150400.4.17.1 php8-gmp-8.0.25-150400.4.17.1 php8-gmp-debuginfo-8.0.25-150400.4.17.1 php8-iconv-8.0.25-150400.4.17.1 php8-iconv-debuginfo-8.0.25-150400.4.17.1 php8-intl-8.0.25-150400.4.17.1 php8-intl-debuginfo-8.0.25-150400.4.17.1 php8-ldap-8.0.25-150400.4.17.1 php8-ldap-debuginfo-8.0.25-150400.4.17.1 php8-mbstring-8.0.25-150400.4.17.1 php8-mbstring-debuginfo-8.0.25-150400.4.17.1 php8-mysql-8.0.25-150400.4.17.1 php8-mysql-debuginfo-8.0.25-150400.4.17.1 php8-odbc-8.0.25-150400.4.17.1 php8-odbc-debuginfo-8.0.25-150400.4.17.1 php8-opcache-8.0.25-150400.4.17.1 php8-opcache-debuginfo-8.0.25-150400.4.17.1 php8-openssl-8.0.25-150400.4.17.1 php8-openssl-debuginfo-8.0.25-150400.4.17.1 php8-pcntl-8.0.25-150400.4.17.1 php8-pcntl-debuginfo-8.0.25-150400.4.17.1 php8-pdo-8.0.25-150400.4.17.1 php8-pdo-debuginfo-8.0.25-150400.4.17.1 php8-pgsql-8.0.25-150400.4.17.1 php8-pgsql-debuginfo-8.0.25-150400.4.17.1 php8-phar-8.0.25-150400.4.17.1 php8-phar-debuginfo-8.0.25-150400.4.17.1 php8-posix-8.0.25-150400.4.17.1 php8-posix-debuginfo-8.0.25-150400.4.17.1 php8-readline-8.0.25-150400.4.17.1 php8-readline-debuginfo-8.0.25-150400.4.17.1 php8-shmop-8.0.25-150400.4.17.1 php8-shmop-debuginfo-8.0.25-150400.4.17.1 php8-snmp-8.0.25-150400.4.17.1 php8-snmp-debuginfo-8.0.25-150400.4.17.1 php8-soap-8.0.25-150400.4.17.1 php8-soap-debuginfo-8.0.25-150400.4.17.1 php8-sockets-8.0.25-150400.4.17.1 php8-sockets-debuginfo-8.0.25-150400.4.17.1 php8-sodium-8.0.25-150400.4.17.1 php8-sodium-debuginfo-8.0.25-150400.4.17.1 php8-sqlite-8.0.25-150400.4.17.1 php8-sqlite-debuginfo-8.0.25-150400.4.17.1 php8-sysvmsg-8.0.25-150400.4.17.1 php8-sysvmsg-debuginfo-8.0.25-150400.4.17.1 php8-sysvsem-8.0.25-150400.4.17.1 php8-sysvsem-debuginfo-8.0.25-150400.4.17.1 php8-sysvshm-8.0.25-150400.4.17.1 php8-sysvshm-debuginfo-8.0.25-150400.4.17.1 php8-test-8.0.25-150400.4.17.1 php8-tidy-8.0.25-150400.4.17.1 php8-tidy-debuginfo-8.0.25-150400.4.17.1 php8-tokenizer-8.0.25-150400.4.17.1 php8-tokenizer-debuginfo-8.0.25-150400.4.17.1 php8-xmlreader-8.0.25-150400.4.17.1 php8-xmlreader-debuginfo-8.0.25-150400.4.17.1 php8-xmlwriter-8.0.25-150400.4.17.1 php8-xmlwriter-debuginfo-8.0.25-150400.4.17.1 php8-xsl-8.0.25-150400.4.17.1 php8-xsl-debuginfo-8.0.25-150400.4.17.1 php8-zip-8.0.25-150400.4.17.1 php8-zip-debuginfo-8.0.25-150400.4.17.1 php8-zlib-8.0.25-150400.4.17.1 php8-zlib-debuginfo-8.0.25-150400.4.17.1 References: https://www.suse.com/security/cve/CVE-2022-31630.html https://www.suse.com/security/cve/CVE-2022-37454.html https://bugzilla.suse.com/1204577 https://bugzilla.suse.com/1204979

1 0

SUSE-SU-2022:4000-1: Security update for python-Twisted
by opensuse-security＠opensuse.org 15 Nov '22

15 Nov '22

SUSE Security Update: Security update for python-Twisted ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4000-1 Rating: low References: #1204781 Cross-References: CVE-2022-39348 CVSS scores: CVE-2022-39348 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2022-39348 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Twisted fixes the following issues: - CVE-2022-39348: Fixed NameVirtualHost Host header injection (bsc#1204781). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4000=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4000=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-Twisted-doc-22.2.0-150400.5.7.1 python3-Twisted-22.2.0-150400.5.7.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): python3-Twisted-22.2.0-150400.5.7.1 References: https://www.suse.com/security/cve/CVE-2022-39348.html https://bugzilla.suse.com/1204781

1 0

SUSE-SU-2022:3996-1: Security update for 389-ds
by opensuse-security＠opensuse.org 15 Nov '22

15 Nov '22

SUSE Security Update: Security update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3996-1 Rating: low References: #1194119 #1204493 #1204748 #1205146 Cross-References: CVE-2021-45710 CVSS scores: CVE-2021-45710 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-45710 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for 389-ds fixes the following issues: - CVE-2021-45710: Fixed tokio data race with memory corruption (bsc#1194119). - Update to version 2.0.16~git56.d15a0a7: - Failure to migrate from openldap if pwdPolicyChecker present (bsc#1205146). - Resolve issue with checklist post migration when dds is present (bsc#1204748). - Improve reliability of migrations from openldap when dynamic directory services is configured (bsc#1204493). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3996=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3996=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): 389-ds-2.0.16~git56.d15a0a7-150400.3.15.1 389-ds-debuginfo-2.0.16~git56.d15a0a7-150400.3.15.1 389-ds-debugsource-2.0.16~git56.d15a0a7-150400.3.15.1 389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1 389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1 389-ds-snmp-debuginfo-2.0.16~git56.d15a0a7-150400.3.15.1 lib389-2.0.16~git56.d15a0a7-150400.3.15.1 libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1 libsvrcore0-debuginfo-2.0.16~git56.d15a0a7-150400.3.15.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): 389-ds-2.0.16~git56.d15a0a7-150400.3.15.1 389-ds-debuginfo-2.0.16~git56.d15a0a7-150400.3.15.1 389-ds-debugsource-2.0.16~git56.d15a0a7-150400.3.15.1 389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1 lib389-2.0.16~git56.d15a0a7-150400.3.15.1 libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1 libsvrcore0-debuginfo-2.0.16~git56.d15a0a7-150400.3.15.1 References: https://www.suse.com/security/cve/CVE-2021-45710.html https://bugzilla.suse.com/1194119 https://bugzilla.suse.com/1204493 https://bugzilla.suse.com/1204748 https://bugzilla.suse.com/1205146

1 0

SUSE-SU-2022:3998-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 15 Nov '22

15 Nov '22

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3998-1 Rating: important References: #1065729 #1071995 #1152472 #1152489 #1188238 #1194869 #1196018 #1196632 #1199904 #1200567 #1200692 #1200788 #1202187 #1202686 #1202700 #1202914 #1203098 #1203229 #1203290 #1203435 #1203514 #1203699 #1203701 #1203767 #1203770 #1203802 #1203922 #1203979 #1204017 #1204051 #1204059 #1204060 #1204125 #1204142 #1204166 #1204168 #1204171 #1204241 #1204353 #1204354 #1204355 #1204402 #1204413 #1204415 #1204417 #1204428 #1204431 #1204439 #1204470 #1204479 #1204498 #1204533 #1204569 #1204574 #1204575 #1204619 #1204635 #1204637 #1204646 #1204647 #1204650 #1204653 #1204693 #1204705 #1204719 #1204728 #1204753 #1204868 #1204926 #1204933 #1204934 #1204947 #1204957 #1204963 #1204970 PED-1082 PED-1084 PED-1085 PED-1096 PED-1211 PED-1649 PED-634 PED-676 PED-678 PED-679 PED-707 PED-732 PED-813 PED-817 PED-822 PED-825 PED-833 PED-842 PED-846 PED-850 PED-851 PED-856 PED-857 SLE-13847 SLE-9246 Cross-References: CVE-2022-1882 CVE-2022-2153 CVE-2022-28748 CVE-2022-2964 CVE-2022-2978 CVE-2022-3169 CVE-2022-33981 CVE-2022-3424 CVE-2022-3435 CVE-2022-3521 CVE-2022-3524 CVE-2022-3526 CVE-2022-3535 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3577 CVE-2022-3586 CVE-2022-3594 CVE-2022-3619 CVE-2022-3621 CVE-2022-3625 CVE-2022-3628 CVE-2022-3629 CVE-2022-3633 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-40476 CVE-2022-40768 CVE-2022-41674 CVE-2022-42703 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-43750 CVSS scores: CVE-2022-1882 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1882 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-2153 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2153 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2978 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2978 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-33981 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3435 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-3435 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2022-3521 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3521 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3526 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3526 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3535 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3535 (SUSE): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2022-3542 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3594 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3594 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3619 (NVD) : 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3619 (SUSE): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3625 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3625 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3629 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3629 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3633 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3633 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3640 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3640 (SUSE): 7.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3646 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3646 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3649 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3649 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-40476 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40476 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41674 (NVD) : 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-41674 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42721 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42721 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42722 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42722 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43750 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 37 vulnerabilities, contains 25 features and has 38 fixes is now available. Description: The SUSE Linux Enterprise 15-SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904). - CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788). - CVE-2022-2964, CVE-2022-28748: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686 bsc#1196018). - CVE-2022-2978: Fixed use-after-free in the NILFS file system that could lead to local privilege escalation or DoS (bnc#1202700). - CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent (bnc#1203290). - CVE-2022-33981: Fixed a use-after-free in floppy driver (bnc#1200692). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3526: Fixed a memory leak in macvlan_handle_frame() from drivers/net/macvlan.c (bnc#1204353). - CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device driver that could lead to local privilege escalation or DoS (bnc#1204470). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479). - CVE-2022-3619: Fixed memory leak in l2cap_recv_acldata() in net/bluetooth/l2cap_core.c of the component (bnc#1204569). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635). - CVE-2022-3633: Fixed memory leak in j1939_session_destroy() in net/can/j1939/transport.c (bnc#1204650). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647). - CVE-2022-40476: Fixed a null pointer dereference in fs/io_uring.c (bnc#1203435). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bnc#1203514). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - ACPI: extlog: Handle multiple records (git-fixes). - ACPI: tables: FPDT: Do not call acpi_os_map_memory() on invalid phys address (git-fixes). - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - ACPI: video: Make backlight class device registration a separate step (v2) (git-fixes). - ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (git-fixes). - ALSA: Use del_timer_sync() before freeing timer (git-fixes). - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - ALSA: aoa: Fix I2S device accounting (git-fixes). - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - ALSA: au88x0: use explicitly signed char (git-fixes). - ALSA: dmaengine: increment buffer pointer atomically (git-fixes). - ALSA: hda/cs_dsp_ctl: Fix mutex inversion when creating controls (bsc#1203699). - ALSA: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - ALSA: hda/hdmi: Fix the converter allocation for the silent stream (git-fixes). - ALSA: hda/hdmi: Fix the converter reuse for the silent stream (git-fixes). - ALSA: hda/hdmi: change type for the 'assigned' variable (git-fixes). - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - ALSA: hda/realtek: Add another HP ZBook G9 model quirks (bsc#1203699). - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (bsc#1203922). - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - ALSA: hda: Fix position reporting on Poulsbo (git-fixes). - ALSA: hda: cs35l41: Remove suspend/resume hda hooks (bsc#1203699). - ALSA: hda: cs35l41: Support System Suspend (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Ensure pwr_lock is held before reading/writing controls (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Minor clean and redundant code removal (bsc#1203699). - ALSA: hiface: fix repeated words in comments (git-fixes). - ALSA: line6: Replace sprintf() with sysfs_emit() (git-fixes). - ALSA: line6: remove line6_set_raw declaration (git-fixes). - ALSA: oss: Fix potential deadlock at unregistration (git-fixes). - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - ALSA: rme9652: use explicitly signed char (git-fixes). - ALSA: scarlett2: Add Focusrite Clarett+ 8Pre support (git-fixes). - ALSA: scarlett2: Add support for the internal "standalone" switch (git-fixes). - ALSA: scarlett2: Split scarlett2_config_items[] into 3 sections (git-fixes). - ALSA: usb-audio: Add mixer mapping for Gigabyte B450/550 Mobos (git-fixes). - ALSA: usb-audio: Add quirk to enable Avid Mbox 3 support (git-fixes). - ALSA: usb-audio: Add quirks for M-Audio Fast Track C400/600 (git-fixes). - ALSA: usb-audio: Fix NULL dererence at error path (git-fixes). - ALSA: usb-audio: Fix last interface check for registration (git-fixes). - ALSA: usb-audio: Fix potential memory leaks (git-fixes). - ALSA: usb-audio: Fix regression with Dell Dock jack detection (bsc#1204719). - ALSA: usb-audio: Register card at the last interface (git-fixes). - ALSA: usb-audio: make read-only array marker static const (git-fixes). - ALSA: usb-audio: remove redundant assignment to variable c (git-fixes). - ALSA: usb-audio: scarlett2: Use struct_size() helper in scarlett2_usb() (git-fixes). - ALSA: usb/6fire: fix repeated words in comments (git-fixes). - ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (git-fixes). - ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd() (git-fixes). - ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE (git-fixes). - ARM: Drop CMDLINE_* dependency on ATAGS (git-fixes). - ARM: decompressor: Include .data.rel.ro.local (git-fixes). - ARM: defconfig: clean up multi_v4t and multi_v5 configs (git-fixes). - ARM: defconfig: drop CONFIG_PTP_1588_CLOCK=y (git-fixes). - ARM: defconfig: drop CONFIG_SERIAL_OMAP references (git-fixes). - ARM: defconfig: drop CONFIG_USB_FSL_USB2 (git-fixes). - ARM: dts: armada-38x: Add gpio-ranges for pin muxing (git-fixes). - ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family (git-fixes). - ARM: dts: exynos: fix polarity of VBUS GPIO of Origen (git-fixes). - ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer (git-fixes). - ARM: dts: imx6dl: add missing properties for sram (git-fixes). - ARM: dts: imx6q: add missing properties for sram (git-fixes). - ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (git-fixes). - ARM: dts: imx6qp: add missing properties for sram (git-fixes). - ARM: dts: imx6sl: add missing properties for sram (git-fixes). - ARM: dts: imx6sll: add missing properties for sram (git-fixes). - ARM: dts: imx6sx: add missing properties for sram (git-fixes). - ARM: dts: imx7d-sdb: config the max pressure for tsc2046 (git-fixes). - ARM: dts: integrator: Tag PCI host with device_type (git-fixes). - ARM: dts: kirkwood: lsxl: fix serial line (git-fixes). - ARM: dts: kirkwood: lsxl: remove first ethernet port (git-fixes). - ARM: dts: turris-omnia: Add label for wan port (git-fixes). - ARM: dts: turris-omnia: Fix mpp26 pin name and comment (git-fixes). - ASoC: SOF: pci: Change DMI match info to support all Chrome platforms (git-fixes). - ASoC: codecs: tx-macro: fix kcontrol put (git-fixes). - ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() (git-fixes). - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - ASoC: mt6359: fix tests for platform_get_irq() failure (git-fixes). - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (git-fixes). - ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile (git-fixes). - ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes). - ASoC: tas2764: Allow mono streams (git-fixes). - ASoC: tas2764: Drop conflicting set_bias_level power setting (git-fixes). - ASoC: tas2764: Fix mute/unmute (git-fixes). - ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - ASoC: wm_adsp: Handle optional legacy support (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - Bluetooth: L2CAP: Fix user-after-free (git-fixes). - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release (git-fixes). - Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (git-fixes). - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - Bluetooth: virtio_bt: Use skb_put to set length (git-fixes). - Documentation: devres: add missing I2C helper (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drop verbose nvme logging feature (bsc#1200567). - HID: hidraw: fix memory leak in hidraw_release() (git-fixes). - HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - HID: multitouch: Add memory barriers (git-fixes). - HID: roccat: Fix use-after-free in roccat_read() (git-fixes). - HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - IB/core: Fix a nested dead lock as part of ODP flow (git-fixes) - IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - Input: i8042 - fix refount leak on sparc (git-fixes). - Input: synaptics-rmi4 - fix firmware update operations with bootloader v8 (git-fixes). - Input: xpad - add supported devices as contributed on github (git-fixes). - Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - KVM: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors (git-fixes). - KVM: VMX: Inject #PF on ENCLS as "emulated" #PF (git-fixes). - KVM: fix avic_set_running for preemptable kernels (git-fixes). - KVM: nVMX: Ignore SIPI that arrives in L2 when vCPU is not in WFS (git-fixes). - KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" (git-fixes). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - KVM: s390: pv: do not present the ecall interrupt twice (bsc#1203229 LTC#199905). - KVM: s390x: fix SCK locking (git-fixes). - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - KVM: x86/mmu: Do not advance iterator after restart due to yielding (git-fixes). - KVM: x86/mmu: Retry page fault if root is invalidated by memslot update (git-fixes). - KVM: x86/pmu: Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - KVM: x86/pmu: Do not truncate the PerfEvtSeln MSR when creating a perf event (git-fixes). - KVM: x86/pmu: Fix available_event_types check for REF_CPU_CYCLES event (git-fixes). - KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - KVM: x86: Add KVM_CAP_ENABLE_CAP to x86 (git-fixes). - KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (git-fixes). - KVM: x86: Always set kvm_run->if_flag (git-fixes). - KVM: x86: Forcibly leave nested virt when SMM state is toggled (git-fixes). - KVM: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled (git-fixes). - KVM: x86: Keep MSR_IA32_XSS unchanged for INIT (git-fixes). - KVM: x86: Register perf callbacks after calling vendor's hardware_setup() (git-fixes). - KVM: x86: Sync the states size with the XCR0/IA32_XSS at, any time (git-fixes). - KVM: x86: Update vPMCs when retiring branch instructions (git-fixes). - KVM: x86: Update vPMCs when retiring instructions (git-fixes). - KVM: x86: do not report preemption if the steal time cache is stale (git-fixes). - KVM: x86: nSVM/nVMX: set nested_run_pending on VM entry which is a result of RSM (git-fixes). - KVM: x86: nSVM: fix potential NULL derefernce on nested migration (git-fixes). - KVM: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved state (git-fixes). - NFS: Fix another fsync() issue after a server reboot (git-fixes). - NFSv4: Fixes for nfs4_inode_return_delegation() (git-fixes). - PCI/ASPM: Correct LTR_L1.2_THRESHOLD computation (git-fixes). - PCI/ASPM: Ignore L1 PM Substates if device lacks capability (git-fixes). - PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - PCI: mediatek-gen3: Change driver name to mtk-pcie-gen3 (git-fixes). - PM: domains: Fix handling of unavailable/disabled idle states (git-fixes). - PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - RDMA/cma: Fix arguments order in net device validation (git-fixes) - RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - RDMA/hns: Add the detection for CMDQ status in the device initialization process (git-fixes) - RDMA/irdma: Add support for address handle re-use (git-fixes) - RDMA/irdma: Align AE id codes to correct flush code and event (git-fixes) - RDMA/irdma: Do not advertise 1GB page size for x722 (git-fixes) - RDMA/irdma: Fix VLAN connection with wildcard address (git-fixes) - RDMA/irdma: Fix a window for use-after-free (git-fixes) - RDMA/irdma: Fix setting of QP context err_rq_idx_valid field (git-fixes) - RDMA/irdma: Fix sleep from invalid context BUG (git-fixes) - RDMA/irdma: Move union irdma_sockaddr to header file (git-fixes) - RDMA/irdma: Remove the unnecessary variable saddr (git-fixes) - RDMA/irdma: Report RNR NAK generation in device caps (git-fixes) - RDMA/irdma: Report the correct max cqes from query device (git-fixes) - RDMA/irdma: Return correct WC error for bind operation failure (git-fixes) - RDMA/irdma: Return error on MR deregister CQP failure (git-fixes) - RDMA/irdma: Use net_type to check network type (git-fixes) - RDMA/irdma: Validate udata inlen and outlen (git-fixes) - RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes) - RDMA/mlx5: Do not compare mkey tags in DEVX indirect mkey (git-fixes) - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - RDMA/qedr: Fix reporting QP timeout attribute (git-fixes) - RDMA/rxe: Fix "kernel NULL pointer dereference" error (git-fixes) - RDMA/rxe: Fix deadlock in rxe_do_local_ops() (git-fixes) - RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - RDMA/rxe: Fix mw bind to allow any consumer key portion (git-fixes) - RDMA/rxe: Fix resize_finish() in rxe_queue.c (git-fixes) - RDMA/rxe: Fix rnr retry behavior (git-fixes) - RDMA/rxe: Fix the error caused by qp->sk (git-fixes) - RDMA/rxe: For invalidate compare according to set keys in mr (git-fixes) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - RDMA/siw: Fix QP destroy to wait for all references dropped. (git-fixes) - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - RDMA/siw: Pass a pointer to virt_to_page() (git-fixes) - RDMA/srp: Fix srp_abort() (git-fixes) - RDMA/srp: Handle dev_set_name() failure (git-fixes) - RDMA/srp: Rework the srp_add_port() error path (git-fixes) - RDMA/srp: Set scmnd->result only when scmnd is not NULL (git-fixes) - RDMA/srp: Support more than 255 rdma ports (git-fixes) - RDMA/srp: Use the attribute group mechanism for sysfs attributes (git-fixes) - RDMA/srpt: Duplicate port name members (git-fixes) - RDMA/srpt: Fix a use-after-free (git-fixes) - RDMA/srpt: Introduce a reference count in struct srpt_device (git-fixes) - RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - RDMA: remove useless condition in siw_create_cq() (git-fixes) - Revert "workqueue: remove unused cancel_work()" (bsc#1204933). - arm64/bti: Disable in kernel BTI when cross section thunks are broken (git-fixes) - arm64/mm: Consolidate TCR_EL1 fields (git-fixes). - arm64: dts: imx8: correct clock order (git-fixes). - arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (git-fixes). - arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (git-fixes). - arm64: dts: juno: Add thermal critical trip points (git-fixes). - arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: qcom: sc7280: Cleanup the lpasscc node (git-fixes). - arm64: dts: ti: k3-j7200: fix main pinmux range (git-fixes). - arm64: entry: avoid kprobe recursion (git-fixes). - arm64: ftrace: fix module PLTs with mcount (git-fixes). - arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored (git-fixes). - arm64: topology: move store_cpu_topology() to shared code (git-fixes). - ata: ahci-imx: Fix MODULE_ALIAS (git-fixes). - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - bnxt_en: Fix bnxt_refclk_read() (git-fixes). - bnxt_en: Fix bnxt_reinit_after_abort() code path (git-fixes). - bnxt_en: fix livepatch query (git-fixes). - bnxt_en: reclaim max resources if sriov enable fails (git-fixes). - bonding: 802.3ad: fix no transmission of LACPDUs (git-fixes). - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (git-fixes). - build mlx in arm64/azure as modules again (bsc#1203701) There is little gain by having the drivers built into the kernel. Having them as modules allows easy replacement by third party drivers. Change mlx4, mlx5 and mlxfw from built-in to module. - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (git-fixes). - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct length to read dev_id (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: ast2600: BCLK comes from EPLL (git-fixes). - clk: at91: fix the build with binutils 2.27 (git-fixes). - clk: baikal-t1: Add SATA internal ref clock buffer (git-fixes). - clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (git-fixes). - clk: baikal-t1: Fix invalid xGMAC PTP clock divider (git-fixes). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: Round UART input clock up (bsc#1188238) - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: bcm: rpi: Add support for VEC clock (bsc#1196632) - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: imx: scu: fix memleak on platform_device_add() fails (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: meson: Hold reference returned by of_get_parent() (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: sprd: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - cpufreq: qcom: fix memory leak in error path (git-fixes). - cpufreq: qcom: fix writes in read-only memory region (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - crypto: inside-secure - Change swab to swab32 (git-fixes). - crypto: inside-secure - Replace generic aes with libaes (git-fixes). - crypto: marvell/octeontx - prevent integer overflows (git-fixes). - crypto: qat - fix default value of WDT timer (git-fixes). - crypto: sahara - do not sleep when in softirq (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: hisilicon: Add multi-thread support for a DMA channel (git-fixes). - dmaengine: hisilicon: Disable channels when unregister hisi_dma (git-fixes). - dmaengine: hisilicon: Fix CQ head update (git-fixes). - dmaengine: idxd: change bandwidth token to read buffers (jsc#PED-679). - dmaengine: idxd: deprecate token sysfs attributes for read buffers (jsc#PED-679). - dmaengine: idxd: force wq context cleanup on device disable path (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: mxs: use platform_driver_register (git-fixes). - dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (git-fixes). - dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - docs: update mediator information in CoC docs (git-fixes). - dpaa2-eth: trace the allocated address instead of page struct (git-fixes). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amd/display: Assume an LTTPR is always present on fixed_vs links (git-fixes). - drm/amd/display: Changed pipe split policy to allow for multi-display (bsc#1152472) Backporting notes: * remove changes to non-existing 201 and 31 directories - drm/amd/display: Correct MPC split policy for DCN301 (git-fixes). - drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (git-fixes). - drm/amd/display: Fix double cursor on non-video RGB MPO (git-fixes). - drm/amd/display: Fix vblank refcount in vrr transition (git-fixes). - drm/amd/display: Remove interface for periodic interrupt 1 (git-fixes). - drm/amd/display: skip audio setup when audio stream is enabled (git-fixes). - drm/amd/display: update gamut remap if plane has changed (git-fixes). - drm/amd/pm: smu7_hwmgr: fix potential off-by-one overflow in 'performance_levels' (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.0 (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.1 (git-fixes). - drm/amdgpu/gfx10: add wraparound gpu counter check for APUs as well (bsc#1152472) - drm/amdgpu/gfx9: switch to golden tsc registers for renoir+ (bsc#1152472) - drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: fix sdma doorbell init ordering on APUs (git-fixes). - drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/dp: Reset frl trained flag before restarting FRL training (git-fixes). - drm/i915/ehl: Update MOCS table for EHL (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915 (bsc#1152489) - drm/i915: Reject unsupported TMDS rates on ICL+ (git-fixes). - drm/komeda: Fix handling of atomic commit in the atomic_commit_tail hook (git-fixes). - drm/meson: explicitly remove aggregate driver at module unload time (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dp: Silence inconsistent indent warning (git-fixes). - drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (git-fixes). - drm/msm/dp: fix IRQ lifetime (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/msm: fix use-after-free on probe deferral (git-fixes). - drm/nouveau/kms/nv140-: Disable interlacing (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/nouveau: wait for the exclusive fence after the shared ones v2 (bsc#1152472) - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/virtio: Check whether transferred 2D BO is shmem (git-fixes). - drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: bridge: dw_hdmi: only trigger hotplug event on link change (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - dt-bindings: PCI: microchip,pcie-host: fix missing clocks properties (git-fixes). - dt-bindings: PCI: microchip,pcie-host: fix missing dma-ranges (git-fixes). - dt-bindings: crypto: ti,sa2ul: drop dma-coherent property (git-fixes). - dt-bindings: display/msm: dpu-sc7180: add missing DPU opp-table (git-fixes). - dt-bindings: display/msm: dpu-sdm845: add missing DPU opp-table (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix compatible string (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix maximum chip select value (git-fixes). - dt-bindings: phy: qcom,qmp-usb3-dp: fix bogus clock-cells property (git-fixes). - dt-bindings: phy: qcom,qmp: fix bogus clock-cells property (git-fixes). - dt-bindings: power: gpcv2: add power-domains property (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: fix static_branch manipulation (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi/tpm: Pass correct address to memblock_reserve (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - fec: Fix timer capture timing in `fec_ptp_enable_pps()` (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: arm_scmi: Harden accesses to the sensor domains (git-fixes). - firmware: arm_scmi: Improve checks in the info_get operations (git-fixes). - firmware: arm_scmi: Make Rx chan_setup fail on memory errors (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - fs/binfmt_elf: Fix memory leak in load_elf_binary() (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: fix deadlock between atomic O_TRUNC and page invalidation (bsc#1204533). - gcov: support GCC 12.1 and newer compilers (git-fixes). - gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hinic: Avoid some over memory allocation (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (git-fixes). - i2c: designware: Fix handling of real but unexpected device interrupts (git-fixes). - i2c: i801: Add support for Intel Ice Lake PCH-N (jsc#PED-634). - i2c: i801: Add support for Intel Meteor Lake-P (jsc#PED-732). - i2c: i801: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - i2c: i801: Improve handling of chip-specific feature definitions (jsc#PED-634). - i2c: piix4: Fix adapter not be removed in piix4_remove() (git-fixes). - i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (git-fixes). - i40e: Fix call trace in setup_tx_descriptors (git-fixes). - i40e: Fix dropped jumbo frames statistics (git-fixes). - i40e: Fix to stop tx_timeout recovery if GLOBR fails (git-fixes). - iavf: Fix adminq error handling (git-fixes). - iavf: Fix handling of dummy receive descriptors (git-fixes). - iavf: Fix reset error handling (git-fixes). - ice: Fix switchdev rules book keeping (git-fixes). - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (git-fixes). - ice: do not setup vlan for loopback VSI (git-fixes). - igb: Make DMA faster when CPU is active on the PCIe link (git-fixes). - igb: fix a use-after-free issue in igb_clean_tx_ring (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: adxl372: Fix unsafe buffer attributes (git-fixes). - iio: bmc150-accel-core: Fix unsafe buffer attributes (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: ltc2497: Fix reading conversion results (git-fixes). - iio: magnetometer: yas530: Change data type of hard_offsets to signed (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - iio: temperature: ltc2983: allocate iio channels once (git-fixes). - ima: fix blocking of security.ima xattrs of unsupported algorithms (git-fixes). - increase NR_CPUS on azure and follow kernel-default (bsc#1203979) - iommu/vt-d: Do not falsely log intel_iommu is unsupported kernel option (bsc#1204947). - ip: Fix data-races around sysctl_ip_fwd_update_priority (git-fixes). - ipv4: Fix data-races around sysctl_fib_multipath_hash_policy (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git-fixes). - ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes). - ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: Fix kABI after backport Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - kABI: Fix kABI after backport Always set kvm_run->if_flag (git-fixes). - kABI: Fix kABI after backport Forcibly leave nested virt when SMM state is toggled (git-fixes). - kABI: Fix kABI after backport Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - kABI: Fix kABI after backport Update vPMCs when retiring branch instructions (git-fixes). - kabi/severities: ignore CS35L41-specific exports (bsc#1203699) - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: rpm-pkg: fix breakage when V=1 is used (git-fixes). - kernfs: fix use-after-free in __kernfs_remove (git-fixes). - kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (git-fixes). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - macvlan: enforce a consistent minimal mtu (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - mailbox: mpfs: account for mbox offsets while sending (git-fixes). - mailbox: mpfs: fix handling of the reg property (git-fixes). - media: atomisp: prevent integer overflow in sh_css_set_black_frame() (git-fixes). - media: cedrus: Fix endless loop in cedrus_h265_skip_bits() (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: ipu3-imgu: Fix NULL pointer dereference in active selection access (git-fixes). - media: mceusb: set timeout to at least timeout provided (git-fixes). - media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (git-fixes). - media: uvcvideo: Fix memory leak in uvc_gpio_parse (git-fixes). - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (git-fixes). - media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args() (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes). - media: vivid: s_fbuf: add more sanity checks (git-fixes). - media: vivid: set num_in/outputs to 0 if not supported (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: fsl-imx25: Fix check for platform_get_irq() errors (git-fixes). - mfd: intel-lpss: Add Intel Raptor Lake PCH-S PCI IDs (jsc#PED-634). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - misc: pci_endpoint_test: Aggregate params checking for xfer (git-fixes). - misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic (git-fixes). - mlxsw: spectrum: Clear PTP configuration after unregistering the netdevice (git-fixes). - mlxsw: spectrum_cnt: Reorder counter pools (git-fixes). - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (git-fixes). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: fsl_elbc: Fix none ECC mode (git-fixes). - mtd: rawnand: intel: Do not re-define NAND_DATA_IFACE_CHECK_ONLY (git-fixes). - mtd: rawnand: intel: Read the chip-select line from the correct OF node (git-fixes). - mtd: rawnand: intel: Remove undocumented compatible string (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (git-fixes). - net/ice: fix initializing the bitmap in the switch code (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (git-fixes). - net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (git-fixes). - net/mlx5e: Properly disable vlan strip on non-UL reps (git-fixes). - net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version (git-fixes). - net/mlx5e: Ring the TX doorbell on DMA errors (git-fixes). - net/mlx5e: TC, fix decap fallback to uplink when int port not supported (git-fixes). - net/mlx5e: Update netdev features after changing XDP state (git-fixes). - net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ size (git-fixes). - net: altera: Fix refcount leak in altera_tse_mdio_create (git-fixes). - net: atlantic: fix aq_vec index out of range error (git-fixes). - net: bcmgenet: Indicate MAC is in charge of PHY PM (git-fixes). - net: bgmac: Fix a BUG triggered by wrong bytes_compl (git-fixes). - net: bgmac: Fix an erroneous kfree() in bgmac_remove() (git-fixes). - net: bgmac: support MDIO described in DT (git-fixes). - net: bonding: fix possible NULL deref in rlb code (git-fixes). - net: bonding: fix use-after-free after 802.3ad slave unbind (git-fixes). - net: chelsio: cxgb4: Avoid potential negative array offset (git-fixes). - net: dp83822: disable false carrier interrupt (git-fixes). - net: dp83822: disable rx error interrupt (git-fixes). - net: dsa: bcm_sf2: force pause link settings (git-fixes). - net: dsa: ksz9477: port mirror sniffing limited to one port (git-fixes). - net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (git-fixes). - net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry (git-fixes). - net: dsa: microchip: ksz_common: Fix refcount leak bug (git-fixes). - net: dsa: mv88e6060: prevent crash on an unused port (git-fixes). - net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete (git-fixes). - net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() (git-fixes). - net: dsa: sja1105: silent spi_device_id warnings (git-fixes). - net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (git-fixes). - net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register (git-fixes). - net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (git-fixes). - net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (git-fixes). - net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (git-fixes). - net: fix IFF_TX_SKB_NO_LINEAR definition (git-fixes). - net: ftgmac100: Hold reference returned by of_get_child_by_name() (git-fixes). - net: hns3: do not push link state to VF if unalive (git-fixes). - net: hns3: set port base vlan tbl_sta to false before removing old vlan (git-fixes). - net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc() (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: ipa: do not assume SMEM is page-aligned (git-fixes). - net: ipvtap - add __init/__exit annotations to module init/exit funcs (git-fixes). - net: moxa: get rid of asymmetry in DMA mapping/unmapping (git-fixes). - net: moxa: pass pdev instead of ndev to DMA functions (git-fixes). - net: mscc: ocelot: fix address of SYS_COUNT_TX_AGING counter (git-fixes). - net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii (git-fixes). - net: phy: dp83822: disable MDI crossover status change interrupt (git-fixes). - net: phy: dp83867: Extend RX strap quirk for SGMII mode (git-fixes). - net: stmmac: fix dma queue left shift overflow issue (git-fixes). - net: stmmac: fix leaks in probe (git-fixes). - net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (git-fixes). - net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (git-fixes). - net: stmmac: remove redunctant disable xPCS EEE call (git-fixes). - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (git-fixes). - net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: r8152: Add in new Devices that are supported for Mac-Passthru (git-fixes). - netdevsim: fib: Fix reference count leak on route deletion failure (git-fixes). - nfc: fdp: Fix potential memory leak in fdp_nci_send() (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfp: ethtool: fix the display error of `ethtool -m DEVNAME` (git-fixes). - nvme: do not print verbose errors for internal passthrough requests (bsc#1202187). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - octeontx2-af: Apply tx nibble fixup always (git-fixes). - octeontx2-af: Fix key checking for source mac (git-fixes). - octeontx2-af: Fix mcam entry resource leak (git-fixes). - octeontx2-af: suppress external profile loading warning (git-fixes). - octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration (git-fixes). - octeontx2-pf: Fix UDP/TCP src and dst port tc filters (git-fixes). - octeontx2-pf: cn10k: Fix egress ratelimit configuration (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: add nf_ct_is_confirmed check before assigning the helper (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - overflow.h: restore __ab_c_size (git-fixes). - overflow: Implement size_t saturating arithmetic helpers (jsc#PED-1211). - phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (git-fixes). - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: Ingenic: JZ4755 bug fixes (git-fixes). - pinctrl: alderlake: Add Intel Alder Lake-N pin controller support (jsc#PED-676). - pinctrl: alderlake: Add Raptor Lake-S ACPI ID (jsc#PED-634). - pinctrl: alderlake: Fix register offsets for ADL-N variant (jsc#PED-676). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: microchip-sgpio: Correct the fwnode_irq_get() return value check (git-fixes). - platform/chrome: cros_ec: Notify the PM of wake events during resume (git-fixes). - platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure (git-fixes). - platform/chrome: cros_ec_typec: Correct alt mode index (git-fixes). - platform/chrome: fix double-free in chromeos_laptop_prepare() (git-fixes). - platform/chrome: fix memory corruption in ioctl (git-fixes). - platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the egpu_enable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the panel_od sysfs attribute (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - plip: avoid rcu debug splat (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/64: pcpu setup avoid reading mmu_linear_psize on 64e or radix (bsc#1204413 ltc#200176). - powerpc/64s: Fix build failure when CONFIG_PPC_64S_HASH_MMU is not set (bsc#1204413 ltc#200176). - powerpc/64s: Make flush_and_reload_slb a no-op when radix is enabled (bsc#1204413 ltc#200176). - powerpc/64s: Make hash MMU support configurable (bsc#1204413 ltc#200176). - powerpc/64s: Move and rename do_bad_slb_fault as it is not hash specific (bsc#1204413 ltc#200176). - powerpc/64s: Move hash MMU support code under CONFIG_PPC_64S_HASH_MMU (bsc#1204413 ltc#200176). - powerpc/64s: Rename hash_hugetlbpage.c to hugetlbpage.c (bsc#1204413 ltc#200176). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries/vas: Add VAS IRQ primary handler (bsc#1204413 ltc#200176). - powerpc/pseries: Stop selecting PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). - powerpc/pseries: lparcfg do not include slb_size line in radix mode (bsc#1204413 ltc#200176). - powerpc: Ignore DSI error caused by the copy/paste instruction (bsc#1204413 ltc#200176). - powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). Update config files. - powerpc: make memremap_compat_align 64s-only (bsc#1204413 ltc#200176). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - regulator: core: Prevent integer underflow (git-fixes). - remoteproc: imx_rproc: Simplify some error message (git-fixes). - remove unused CONFIG_MAXSMP from arm64/azure - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (bsc#1204705). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - rose: Fix NULL pointer dereference in rose_send_frame() (git-fixes). - rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128. - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/smp: enforce lowcore protection on CPU restart (git-fixes). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake "unsolicted" -> "unsolicited" (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (bnc#1204498). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_fc: Use %u for dev_loss_tmo (bsc#1202914). - scsi: ufs: ufs-pci: Add support for Intel ADL (jsc#PED-707). - scsi: ufs: ufs-pci: Add support for Intel MTL (jsc#PED-732). - selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - selftests/pidfd_test: Remove the erroneous ',' (git-fixes). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - selftests: netfilter: Fix nft_fib.sh for all.rp_filter=1 (git-fixes). - selinux: allow FIOCLEX and FIONCLEX with policy capability (git-fixes). - selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (git-fixes). - selinux: use "grep -E" instead of "egrep" (git-fixes). - serial: 8250: Fix restoring termios speed after suspend (git-fixes). - serial: core: move RS485 configuration tasks from drivers into core (git-fixes). - sfc: disable softirqs for ptp TX (git-fixes). - sfc: fix kernel panic when creating VF (git-fixes). - sfc: fix use after free when disabling sriov (git-fixes). - signal: break out of wait loops on kthread_stop() (bsc#1204926). - slimbus: qcom-ngd: cleanup in probe error path (git-fixes). - slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure (git-fixes). - soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi: sram: Fix probe function ordering issues (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - soundwire: cadence: Do not overwrite msg->buf during write commands (git-fixes). - soundwire: intel: fix error handling on dai registration issues (git-fixes). - spi: Ensure that sg_table won't be used after being freed (git-fixes). - spi: pxa2xx: Add support for Intel Meteor Lake-P (jsc#PED-732). - spi: pxa2xx: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - spmi: pmic-arb: correct duplicate APID to PPID mapping logic (git-fixes). - spmi: pmic-arb: do not ack and clear peripheral interrupts in cleanup_irq (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() (git-fixes). - stmmac: intel: Fix an error handling path in intel_eth_pci_probe() (git-fixes). - thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (git-fixes). - thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() (git-fixes). - thermal: int340x: Mode setting with new OS handshake (jsc#PED-678). - thermal: int340x: Update OS policy capability handshake (jsc#PED-678). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (git-fixes). - thunderbolt: Add missing device ID to tb_switch_is_alpine_ridge() (git-fixes). - thunderbolt: Add support for Intel Raptor Lake (jsc#PED-634). - thunderbolt: Disable LTTPR on Intel Titan Ridge (git-fixes). - thunderbolt: Explicitly enable lane adapter hotplug events at startup (git-fixes). - thunderbolt: Explicitly reset plug events delay back to USB4 spec value (git-fixes). - thunderbolt: Fix buffer allocation of devices with no DisplayPort adapters (git-fixes). - tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (git-fixes). - tracing: Add "(fault)" name injection to kernel probes (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix reading strings from synthetic events (git-fixes). - tracing: Move duplicate code of trace_kprobe/eprobe.c into header (git-fixes). - tracing: Replace deprecated CPU-hotplug functions (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - tracing: kprobe: Fix kprobe event gen test module on exit (git-fixes). - tracing: kprobe: Make gen test module work in arm and riscv (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (git-fixes). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb/hcd: Fix dma_map_sg error check (git-fixes). - usb: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: cdc-wdm: Use skb_put_data() instead of skb_put/memcpy pair (git-fixes). - usb: common: debug: Check non-standard control requests (git-fixes). - usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: ehci: Fix a function name in comments (git-fixes). - usb: gadget: bdc: fix typo in comment (git-fixes). - usb: gadget: f_fs: stricter integer overflow checks (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci-plat: suspend and resume clocks (git-fixes). - usb: host: xhci-plat: suspend/resume clks for brcm (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: mtu3: fix failed runtime suspend in host only mode (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - usb: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - usb: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - usb: typec: tcpm: fix typo in comment (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - virt: vbox: convert to use dev_groups (git-fixes). - vsock: fix possible infinite sleep in vsock_connectible_wait_data() (git-fixes). - vsock: remove the unused 'wait' in vsock_connectible_recvmsg() (git-fixes). - watchdog/hpwdt: Include nmi.h only if CONFIG_HPWDT_NMI_DECODING (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211/mac80211: reject bad MBSSID elements (git-fixes). - wifi: cfg80211: fix ieee80211_data_to_8023_exthdr handling of small packets (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211: fix decap offload for stations on AP_VLAN interfaces (git-fixes). - wifi: mac80211: fix probe req HE capabilities access (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (git-fixes). - x86/boot: Do not propagate uninitialized boot_params->cc_blob_address (bsc#1204970). - x86/boot: Fix the setup data types max limit (bsc#1204970). - x86/compressed/64: Add identity mappings for setup_data entries (bsc#1204970). - x86/sev: Annotate stack change in the #VC handler (bsc#1204970). - x86/sev: Do not use cc_platform_has() for early SEV-SNP calls (bsc#1204970). - x86/sev: Remove duplicated assignment to variable info (bsc#1204970). - xen/gntdev: Prevent leaking grants (git-fixes). - xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (git-fixes). - xhci: Add quirk to reset host back to default state at shutdown (git-fixes). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). - xhci: dbc: Fix memory leak in xhci_alloc_dbc() (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3998=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-3998=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): cluster-md-kmp-azure-5.14.21-150400.14.21.2 cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.21.2 dlm-kmp-azure-5.14.21-150400.14.21.2 dlm-kmp-azure-debuginfo-5.14.21-150400.14.21.2 gfs2-kmp-azure-5.14.21-150400.14.21.2 gfs2-kmp-azure-debuginfo-5.14.21-150400.14.21.2 kernel-azure-5.14.21-150400.14.21.2 kernel-azure-debuginfo-5.14.21-150400.14.21.2 kernel-azure-debugsource-5.14.21-150400.14.21.2 kernel-azure-devel-5.14.21-150400.14.21.2 kernel-azure-devel-debuginfo-5.14.21-150400.14.21.2 kernel-azure-extra-5.14.21-150400.14.21.2 kernel-azure-extra-debuginfo-5.14.21-150400.14.21.2 kernel-azure-livepatch-devel-5.14.21-150400.14.21.2 kernel-azure-optional-5.14.21-150400.14.21.2 kernel-azure-optional-debuginfo-5.14.21-150400.14.21.2 kernel-syms-azure-5.14.21-150400.14.21.1 kselftests-kmp-azure-5.14.21-150400.14.21.2 kselftests-kmp-azure-debuginfo-5.14.21-150400.14.21.2 ocfs2-kmp-azure-5.14.21-150400.14.21.2 ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.21.2 reiserfs-kmp-azure-5.14.21-150400.14.21.2 reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.21.2 - openSUSE Leap 15.4 (noarch): kernel-devel-azure-5.14.21-150400.14.21.1 kernel-source-azure-5.14.21-150400.14.21.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 x86_64): kernel-azure-5.14.21-150400.14.21.2 kernel-azure-debuginfo-5.14.21-150400.14.21.2 kernel-azure-debugsource-5.14.21-150400.14.21.2 kernel-azure-devel-5.14.21-150400.14.21.2 kernel-azure-devel-debuginfo-5.14.21-150400.14.21.2 kernel-syms-azure-5.14.21-150400.14.21.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): kernel-devel-azure-5.14.21-150400.14.21.1 kernel-source-azure-5.14.21-150400.14.21.1 References: https://www.suse.com/security/cve/CVE-2022-1882.html https://www.suse.com/security/cve/CVE-2022-2153.html https://www.suse.com/security/cve/CVE-2022-28748.html https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-2978.html https://www.suse.com/security/cve/CVE-2022-3169.html https://www.suse.com/security/cve/CVE-2022-33981.html https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-3435.html https://www.suse.com/security/cve/CVE-2022-3521.html https://www.suse.com/security/cve/CVE-2022-3524.html https://www.suse.com/security/cve/CVE-2022-3526.html https://www.suse.com/security/cve/CVE-2022-3535.html https://www.suse.com/security/cve/CVE-2022-3542.html https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3565.html https://www.suse.com/security/cve/CVE-2022-3577.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3594.html https://www.suse.com/security/cve/CVE-2022-3619.html https://www.suse.com/security/cve/CVE-2022-3621.html https://www.suse.com/security/cve/CVE-2022-3625.html https://www.suse.com/security/cve/CVE-2022-3628.html https://www.suse.com/security/cve/CVE-2022-3629.html https://www.suse.com/security/cve/CVE-2022-3633.html https://www.suse.com/security/cve/CVE-2022-3640.html https://www.suse.com/security/cve/CVE-2022-3646.html https://www.suse.com/security/cve/CVE-2022-3649.html https://www.suse.com/security/cve/CVE-2022-40476.html https://www.suse.com/security/cve/CVE-2022-40768.html https://www.suse.com/security/cve/CVE-2022-41674.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-42719.html https://www.suse.com/security/cve/CVE-2022-42720.html https://www.suse.com/security/cve/CVE-2022-42721.html https://www.suse.com/security/cve/CVE-2022-42722.html https://www.suse.com/security/cve/CVE-2022-43750.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1188238 https://bugzilla.suse.com/1194869 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1196632 https://bugzilla.suse.com/1199904 https://bugzilla.suse.com/1200567 https://bugzilla.suse.com/1200692 https://bugzilla.suse.com/1200788 https://bugzilla.suse.com/1202187 https://bugzilla.suse.com/1202686 https://bugzilla.suse.com/1202700 https://bugzilla.suse.com/1202914 https://bugzilla.suse.com/1203098 https://bugzilla.suse.com/1203229 https://bugzilla.suse.com/1203290 https://bugzilla.suse.com/1203435 https://bugzilla.suse.com/1203514 https://bugzilla.suse.com/1203699 https://bugzilla.suse.com/1203701 https://bugzilla.suse.com/1203767 https://bugzilla.suse.com/1203770 https://bugzilla.suse.com/1203802 https://bugzilla.suse.com/1203922 https://bugzilla.suse.com/1203979 https://bugzilla.suse.com/1204017 https://bugzilla.suse.com/1204051 https://bugzilla.suse.com/1204059 https://bugzilla.suse.com/1204060 https://bugzilla.suse.com/1204125 https://bugzilla.suse.com/1204142 https://bugzilla.suse.com/1204166 https://bugzilla.suse.com/1204168 https://bugzilla.suse.com/1204171 https://bugzilla.suse.com/1204241 https://bugzilla.suse.com/1204353 https://bugzilla.suse.com/1204354 https://bugzilla.suse.com/1204355 https://bugzilla.suse.com/1204402 https://bugzilla.suse.com/1204413 https://bugzilla.suse.com/1204415 https://bugzilla.suse.com/1204417 https://bugzilla.suse.com/1204428 https://bugzilla.suse.com/1204431 https://bugzilla.suse.com/1204439 https://bugzilla.suse.com/1204470 https://bugzilla.suse.com/1204479 https://bugzilla.suse.com/1204498 https://bugzilla.suse.com/1204533 https://bugzilla.suse.com/1204569 https://bugzilla.suse.com/1204574 https://bugzilla.suse.com/1204575 https://bugzilla.suse.com/1204619 https://bugzilla.suse.com/1204635 https://bugzilla.suse.com/1204637 https://bugzilla.suse.com/1204646 https://bugzilla.suse.com/1204647 https://bugzilla.suse.com/1204650 https://bugzilla.suse.com/1204653 https://bugzilla.suse.com/1204693 https://bugzilla.suse.com/1204705 https://bugzilla.suse.com/1204719 https://bugzilla.suse.com/1204728 https://bugzilla.suse.com/1204753 https://bugzilla.suse.com/1204868 https://bugzilla.suse.com/1204926 https://bugzilla.suse.com/1204933 https://bugzilla.suse.com/1204934 https://bugzilla.suse.com/1204947 https://bugzilla.suse.com/1204957 https://bugzilla.suse.com/1204963 https://bugzilla.suse.com/1204970

1 0

SUSE-SU-2022:3999-1: moderate: Security update for systemd
by opensuse-security＠opensuse.org 15 Nov '22

15 Nov '22

SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3999-1 Rating: moderate References: #1204179 #1204968 Cross-References: CVE-2022-3821 CVSS scores: CVE-2022-3821 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3821 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make "sle15-sp3" net naming scheme still available for backward compatibility reason Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3999=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3999=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3999=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libsystemd0-249.12-150400.8.13.1 libsystemd0-debuginfo-249.12-150400.8.13.1 libudev1-249.12-150400.8.13.1 libudev1-debuginfo-249.12-150400.8.13.1 nss-myhostname-249.12-150400.8.13.1 nss-myhostname-debuginfo-249.12-150400.8.13.1 nss-systemd-249.12-150400.8.13.1 nss-systemd-debuginfo-249.12-150400.8.13.1 systemd-249.12-150400.8.13.1 systemd-container-249.12-150400.8.13.1 systemd-container-debuginfo-249.12-150400.8.13.1 systemd-coredump-249.12-150400.8.13.1 systemd-coredump-debuginfo-249.12-150400.8.13.1 systemd-debuginfo-249.12-150400.8.13.1 systemd-debugsource-249.12-150400.8.13.1 systemd-devel-249.12-150400.8.13.1 systemd-doc-249.12-150400.8.13.1 systemd-experimental-249.12-150400.8.13.1 systemd-experimental-debuginfo-249.12-150400.8.13.1 systemd-journal-remote-249.12-150400.8.13.1 systemd-journal-remote-debuginfo-249.12-150400.8.13.1 systemd-network-249.12-150400.8.13.1 systemd-network-debuginfo-249.12-150400.8.13.1 systemd-portable-249.12-150400.8.13.1 systemd-portable-debuginfo-249.12-150400.8.13.1 systemd-sysvinit-249.12-150400.8.13.1 systemd-testsuite-249.12-150400.8.13.1 systemd-testsuite-debuginfo-249.12-150400.8.13.1 udev-249.12-150400.8.13.1 udev-debuginfo-249.12-150400.8.13.1 - openSUSE Leap 15.4 (noarch): systemd-lang-249.12-150400.8.13.1 - openSUSE Leap 15.4 (x86_64): libsystemd0-32bit-249.12-150400.8.13.1 libsystemd0-32bit-debuginfo-249.12-150400.8.13.1 libudev1-32bit-249.12-150400.8.13.1 libudev1-32bit-debuginfo-249.12-150400.8.13.1 nss-myhostname-32bit-249.12-150400.8.13.1 nss-myhostname-32bit-debuginfo-249.12-150400.8.13.1 systemd-32bit-249.12-150400.8.13.1 systemd-32bit-debuginfo-249.12-150400.8.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libsystemd0-249.12-150400.8.13.1 libsystemd0-debuginfo-249.12-150400.8.13.1 libudev1-249.12-150400.8.13.1 libudev1-debuginfo-249.12-150400.8.13.1 systemd-249.12-150400.8.13.1 systemd-container-249.12-150400.8.13.1 systemd-container-debuginfo-249.12-150400.8.13.1 systemd-coredump-249.12-150400.8.13.1 systemd-coredump-debuginfo-249.12-150400.8.13.1 systemd-debuginfo-249.12-150400.8.13.1 systemd-debugsource-249.12-150400.8.13.1 systemd-devel-249.12-150400.8.13.1 systemd-doc-249.12-150400.8.13.1 systemd-sysvinit-249.12-150400.8.13.1 udev-249.12-150400.8.13.1 udev-debuginfo-249.12-150400.8.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): systemd-lang-249.12-150400.8.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libsystemd0-32bit-249.12-150400.8.13.1 libsystemd0-32bit-debuginfo-249.12-150400.8.13.1 libudev1-32bit-249.12-150400.8.13.1 libudev1-32bit-debuginfo-249.12-150400.8.13.1 systemd-32bit-249.12-150400.8.13.1 systemd-32bit-debuginfo-249.12-150400.8.13.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libsystemd0-249.12-150400.8.13.1 libsystemd0-debuginfo-249.12-150400.8.13.1 libudev1-249.12-150400.8.13.1 libudev1-debuginfo-249.12-150400.8.13.1 systemd-249.12-150400.8.13.1 systemd-container-249.12-150400.8.13.1 systemd-container-debuginfo-249.12-150400.8.13.1 systemd-debuginfo-249.12-150400.8.13.1 systemd-debugsource-249.12-150400.8.13.1 systemd-journal-remote-249.12-150400.8.13.1 systemd-journal-remote-debuginfo-249.12-150400.8.13.1 systemd-sysvinit-249.12-150400.8.13.1 udev-249.12-150400.8.13.1 udev-debuginfo-249.12-150400.8.13.1 References: https://www.suse.com/security/cve/CVE-2022-3821.html https://bugzilla.suse.com/1204179 https://bugzilla.suse.com/1204968

1 0

SUSE-SU-2022:3990-1: moderate: Security update for LibVNCServer
by opensuse-security＠opensuse.org 15 Nov '22

15 Nov '22

SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3990-1 Rating: moderate References: #1203106 Cross-References: CVE-2020-29260 CVSS scores: CVE-2020-29260 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-29260 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for LibVNCServer fixes the following issues: - CVE-2020-29260: Fixed memory leakage via rfbClientCleanup() (bsc#1203106). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3990=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3990=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3990=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3990=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3990=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libvncclient0-0.9.10-150000.4.29.1 libvncclient0-debuginfo-0.9.10-150000.4.29.1 libvncserver0-0.9.10-150000.4.29.1 libvncserver0-debuginfo-0.9.10-150000.4.29.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-150000.4.29.1 LibVNCServer-devel-0.9.10-150000.4.29.1 libvncclient0-0.9.10-150000.4.29.1 libvncclient0-debuginfo-0.9.10-150000.4.29.1 libvncserver0-0.9.10-150000.4.29.1 libvncserver0-debuginfo-0.9.10-150000.4.29.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): LibVNCServer-debugsource-0.9.10-150000.4.29.1 libvncclient0-0.9.10-150000.4.29.1 libvncclient0-debuginfo-0.9.10-150000.4.29.1 libvncserver0-0.9.10-150000.4.29.1 libvncserver0-debuginfo-0.9.10-150000.4.29.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-150000.4.29.1 libvncserver0-0.9.10-150000.4.29.1 libvncserver0-debuginfo-0.9.10-150000.4.29.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-150000.4.29.1 libvncserver0-0.9.10-150000.4.29.1 libvncserver0-debuginfo-0.9.10-150000.4.29.1 References: https://www.suse.com/security/cve/CVE-2020-29260.html https://bugzilla.suse.com/1203106

1 0

SUSE-SU-2022:3991-1: moderate: Security update for dhcp
by opensuse-security＠opensuse.org 15 Nov '22

15 Nov '22

SUSE Security Update: Security update for dhcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3991-1 Rating: moderate References: #1203988 #1203989 Cross-References: CVE-2022-2928 CVE-2022-2929 CVSS scores: CVE-2022-2928 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2928 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2929 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2929 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for dhcp fixes the following issues: - CVE-2022-2928: Fixed an option refcount overflow (bsc#1203988). - CVE-2022-2929: Fixed a DHCP memory leak (bsc#1203989). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3991=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3991=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3991=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3991=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3991=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3991=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): dhcp-4.3.6.P1-150000.6.17.1 dhcp-client-4.3.6.P1-150000.6.17.1 dhcp-client-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-debugsource-4.3.6.P1-150000.6.17.1 dhcp-devel-4.3.6.P1-150000.6.17.1 dhcp-doc-4.3.6.P1-150000.6.17.1 dhcp-relay-4.3.6.P1-150000.6.17.1 dhcp-relay-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-server-4.3.6.P1-150000.6.17.1 dhcp-server-debuginfo-4.3.6.P1-150000.6.17.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): dhcp-4.3.6.P1-150000.6.17.1 dhcp-client-4.3.6.P1-150000.6.17.1 dhcp-client-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-debugsource-4.3.6.P1-150000.6.17.1 dhcp-devel-4.3.6.P1-150000.6.17.1 dhcp-doc-4.3.6.P1-150000.6.17.1 dhcp-relay-4.3.6.P1-150000.6.17.1 dhcp-relay-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-server-4.3.6.P1-150000.6.17.1 dhcp-server-debuginfo-4.3.6.P1-150000.6.17.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): dhcp-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-debugsource-4.3.6.P1-150000.6.17.1 dhcp-relay-4.3.6.P1-150000.6.17.1 dhcp-relay-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-server-4.3.6.P1-150000.6.17.1 dhcp-server-debuginfo-4.3.6.P1-150000.6.17.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): dhcp-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-debugsource-4.3.6.P1-150000.6.17.1 dhcp-relay-4.3.6.P1-150000.6.17.1 dhcp-relay-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-server-4.3.6.P1-150000.6.17.1 dhcp-server-debuginfo-4.3.6.P1-150000.6.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): dhcp-4.3.6.P1-150000.6.17.1 dhcp-client-4.3.6.P1-150000.6.17.1 dhcp-client-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-debugsource-4.3.6.P1-150000.6.17.1 dhcp-devel-4.3.6.P1-150000.6.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): dhcp-4.3.6.P1-150000.6.17.1 dhcp-client-4.3.6.P1-150000.6.17.1 dhcp-client-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-debugsource-4.3.6.P1-150000.6.17.1 dhcp-devel-4.3.6.P1-150000.6.17.1 References: https://www.suse.com/security/cve/CVE-2022-2928.html https://www.suse.com/security/cve/CVE-2022-2929.html https://bugzilla.suse.com/1203988 https://bugzilla.suse.com/1203989

1 0

SUSE-SU-2022:3986-1: moderate: Security update for libX11
by opensuse-security＠opensuse.org 15 Nov '22

15 Nov '22

SUSE Security Update: Security update for libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3986-1 Rating: moderate References: #1204422 #1204425 Cross-References: CVE-2022-3554 CVE-2022-3555 CVSS scores: CVE-2022-3554 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3554 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3555 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3555 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libX11 fixes the following issues: - CVE-2022-3554: Fixed memory leak in XRegisterIMInstantiateCallback() (bsc#1204422). - CVE-2022-3555: Fixed memory leak in _XFreeX11XCBStructure() (bsc#1204425). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3986=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3986=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3986=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3986=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3986=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3986=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3986=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libX11-6-1.6.5-150000.3.24.1 libX11-6-debuginfo-1.6.5-150000.3.24.1 libX11-debugsource-1.6.5-150000.3.24.1 libX11-xcb1-1.6.5-150000.3.24.1 libX11-xcb1-debuginfo-1.6.5-150000.3.24.1 - openSUSE Leap Micro 5.2 (noarch): libX11-data-1.6.5-150000.3.24.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.5-150000.3.24.1 libX11-6-debuginfo-1.6.5-150000.3.24.1 libX11-debugsource-1.6.5-150000.3.24.1 libX11-devel-1.6.5-150000.3.24.1 libX11-xcb1-1.6.5-150000.3.24.1 libX11-xcb1-debuginfo-1.6.5-150000.3.24.1 - openSUSE Leap 15.4 (noarch): libX11-data-1.6.5-150000.3.24.1 - openSUSE Leap 15.4 (x86_64): libX11-6-32bit-1.6.5-150000.3.24.1 libX11-6-32bit-debuginfo-1.6.5-150000.3.24.1 libX11-devel-32bit-1.6.5-150000.3.24.1 libX11-xcb1-32bit-1.6.5-150000.3.24.1 libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.24.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.5-150000.3.24.1 libX11-6-debuginfo-1.6.5-150000.3.24.1 libX11-debugsource-1.6.5-150000.3.24.1 libX11-devel-1.6.5-150000.3.24.1 libX11-xcb1-1.6.5-150000.3.24.1 libX11-xcb1-debuginfo-1.6.5-150000.3.24.1 - openSUSE Leap 15.3 (noarch): libX11-data-1.6.5-150000.3.24.1 - openSUSE Leap 15.3 (x86_64): libX11-6-32bit-1.6.5-150000.3.24.1 libX11-6-32bit-debuginfo-1.6.5-150000.3.24.1 libX11-devel-32bit-1.6.5-150000.3.24.1 libX11-xcb1-32bit-1.6.5-150000.3.24.1 libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.5-150000.3.24.1 libX11-6-debuginfo-1.6.5-150000.3.24.1 libX11-debugsource-1.6.5-150000.3.24.1 libX11-devel-1.6.5-150000.3.24.1 libX11-xcb1-1.6.5-150000.3.24.1 libX11-xcb1-debuginfo-1.6.5-150000.3.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): libX11-data-1.6.5-150000.3.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libX11-6-32bit-1.6.5-150000.3.24.1 libX11-6-32bit-debuginfo-1.6.5-150000.3.24.1 libX11-xcb1-32bit-1.6.5-150000.3.24.1 libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.5-150000.3.24.1 libX11-6-debuginfo-1.6.5-150000.3.24.1 libX11-debugsource-1.6.5-150000.3.24.1 libX11-devel-1.6.5-150000.3.24.1 libX11-xcb1-1.6.5-150000.3.24.1 libX11-xcb1-debuginfo-1.6.5-150000.3.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): libX11-data-1.6.5-150000.3.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libX11-6-32bit-1.6.5-150000.3.24.1 libX11-6-32bit-debuginfo-1.6.5-150000.3.24.1 libX11-xcb1-32bit-1.6.5-150000.3.24.1 libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.24.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libX11-6-1.6.5-150000.3.24.1 libX11-6-debuginfo-1.6.5-150000.3.24.1 libX11-debugsource-1.6.5-150000.3.24.1 libX11-xcb1-1.6.5-150000.3.24.1 libX11-xcb1-debuginfo-1.6.5-150000.3.24.1 - SUSE Linux Enterprise Micro 5.3 (noarch): libX11-data-1.6.5-150000.3.24.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libX11-6-1.6.5-150000.3.24.1 libX11-6-debuginfo-1.6.5-150000.3.24.1 libX11-debugsource-1.6.5-150000.3.24.1 libX11-xcb1-1.6.5-150000.3.24.1 libX11-xcb1-debuginfo-1.6.5-150000.3.24.1 - SUSE Linux Enterprise Micro 5.2 (noarch): libX11-data-1.6.5-150000.3.24.1 References: https://www.suse.com/security/cve/CVE-2022-3554.html https://www.suse.com/security/cve/CVE-2022-3555.html https://bugzilla.suse.com/1204422 https://bugzilla.suse.com/1204425

1 0