December 2022 - openSUSE Security Announce

SUSE-SU-2022:4593-1: important: Security update for cni-plugins
by opensuse-security＠opensuse.org 20 Dec '22

20 Dec '22

SUSE Security Update: Security update for cni-plugins ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4593-1 Rating: important References: #1181961 Cross-References: CVE-2021-20206 CVSS scores: CVE-2021-20206 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20206 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cni-plugins fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4593=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4593=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4593=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4593=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4593=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4593=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4593=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4593=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4593=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4593=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4593=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4593=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4593=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-4593=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-4593=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-4593=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-4593=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4593=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4593=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4593=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4593=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4593=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4593=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4593=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-4593=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4593=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4593=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Manager Proxy 4.1 (x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE CaaS Platform 4.0 (x86_64): cni-plugins-0.8.6-150100.3.11.1 References: https://www.suse.com/security/cve/CVE-2021-20206.html https://bugzilla.suse.com/1181961

1 0

SUSE-SU-2022:4585-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 20 Dec '22

20 Dec '22

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4585-1 Rating: important References: #1065729 #1156395 #1164051 #1184350 #1189297 #1190256 #1193629 #1194869 #1202341 #1203183 #1203391 #1203511 #1203960 #1204228 #1204405 #1204414 #1204631 #1204636 #1204693 #1204780 #1204810 #1204850 #1205007 #1205100 #1205111 #1205113 #1205128 #1205130 #1205149 #1205153 #1205220 #1205264 #1205282 #1205331 #1205332 #1205427 #1205428 #1205473 #1205507 #1205514 #1205521 #1205567 #1205616 #1205617 #1205653 #1205671 #1205679 #1205683 #1205700 #1205705 #1205709 #1205711 #1205744 #1205764 #1205796 #1205882 #1205993 #1206035 #1206036 #1206037 #1206045 #1206046 #1206047 #1206048 #1206049 #1206050 #1206051 #1206056 #1206057 #1206113 #1206114 #1206147 #1206149 #1206207 PED-1573 PED-1706 PED-1936 PED-2684 PED-611 PED-824 PED-849 Cross-References: CVE-2022-2602 CVE-2022-3176 CVE-2022-3566 CVE-2022-3567 CVE-2022-3635 CVE-2022-3643 CVE-2022-3707 CVE-2022-3903 CVE-2022-4095 CVE-2022-4129 CVE-2022-4139 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-42896 CVE-2022-4378 CVE-2022-43945 CVE-2022-45869 CVE-2022-45888 CVE-2022-45934 CVSS scores: CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3176 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3176 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3566 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3566 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3643 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2022-3643 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-3707 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4129 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4129 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45869 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-45869 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-45888 (NVD) : 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-45888 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that solves 22 vulnerabilities, contains 7 features and has 52 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which could cause a denial of service (bsc#1205882). - CVE-2022-45888: Fixed a use-after-free during physical removal of a USB devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-3566: Fixed a race condition in the functions tcp_getsockopt/tcp_setsockopt. The manipulation leads to a race condition (bsc#1204405). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). The following non-security bugs were fixed: - ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (git-fixes). - ACPI: HMAT: Fix initiator registration for single-initiator systems (git-fixes). - ACPI: HMAT: remove unnecessary variable initialization (git-fixes). - ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (git-fixes). - ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (git-fixes). - ALSA: dice: fix regression for Lexicon I-ONIX FW810S (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda/hdmi - enable runtime pm for more AMD display audio (git-fixes). - ALSA: hda/realtek: Add Positivo C6300 model quirk (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (bsc#1205100). - ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (bsc#1205100). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ALSA: usb-audio: Remove redundant workaround for Roland quirk (bsc#1205111). - ALSA: usb-audio: Yet more regression for for the delayed card registration (bsc#1205111). - ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue (git-fixes). - ARM: at91: rm9200: fix usb device clock id (git-fixes). - ARM: dts: am335x-pcm-953: Define fixed regulators in root node (git-fixes). - ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (git-fixes). - ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties (git-fixes). - ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (git-fixes). - ARM: dts: imx7: Fix NAND controller size-cells (git-fixes). - ARM: mxs: fix memory leak in mxs_machine_init() (git-fixes). - ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (git-fixes). - ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route" (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (git-fixes). - ASoC: fsl_sai: use local device pointer (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (git-fixes). - ASoC: ops: Fix bounds check for _sx controls (git-fixes). - ASoC: rt1019: Fix the TDM settings (git-fixes). - ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (git-fixes). - ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: stm32: dfsdm: manage cb buffers cleanup (git-fixes). - ASoC: tas2764: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: tas2770: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (git-fixes). - Bluetooth: Fix not cleanup led when bt_init fails (git-fixes). - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Decrease the number of SMB3 smbdirect client SGEs (bsc#1193629). - Drivers: hv: Always reserve framebuffer region for Gen1 VMs (git-fixes). - Drivers: hv: Fix syntax errors in comments (git-fixes). - Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (git-fixes). - Drivers: hv: fix repeated words in comments (git-fixes). - Drivers: hv: remove duplicate word in a comment (git-fixes). - Drivers: hv: vmbus: Accept hv_sock offers in isolated guests (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Do not wait for the ACPI device upon initialization (git-fixes). - Drivers: hv: vmbus: Fix kernel-doc (git-fixes). - Drivers: hv: vmbus: Optimize vmbus_on_event (git-fixes). - Drivers: hv: vmbus: Release cpu lock in error case (git-fixes). - Drivers: hv: vmbus: Use PCI_VENDOR_ID_MICROSOFT for better discoverability (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: fix typo in comment (git-fixes). - Fix formatting of client smbdirect RDMA logging (bsc#1193629). - HID: core: fix shift-out-of-bounds in hid_report_raw_event (git-fixes). - HID: hid-lg4ff: Add check for empty lbuf (git-fixes). - HID: hyperv: fix possible memory leak in mousevsc_probe() (git-fixes). - HID: playstation: add initial DualSense Edge controller support (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Handle variable number of SGEs in client smbdirect send (bsc#1193629). - IB/hfi1: Correctly move list in sc_disable() (git-fixes) - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (git-fixes) - Input: goodix - try resetting the controller when no config is set (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() (git-fixes). - Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] (git-fixes). - Input: soc_button_array - add use_low_level_irq module parameter (git-fixes). - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (git-fixes). - KVM: Move wiping of the kvm->vcpus array to common code (git-fixes). - KVM: SEV: Mark nested locking of vcpu->lock (git-fixes). - KVM: SVM: Disable SEV-ES support if MMIO caching is disable (git-fixes). - KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported (git-fixes). - KVM: SVM: adjust register allocation for __svm_vcpu_run() (git-fixes). - KVM: SVM: move guest vmsave/vmload back to assembly (git-fixes). - KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm (git-fixes). - KVM: SVM: retrieve VMCB from assembly (git-fixes). - KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL (git-fixes). - KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (git-fixes). - KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU (git-fixes). - KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled (bsc#1205007). - KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (git-fixes). - KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1 (git-fixes). - KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists (git-fixes). - KVM: nVMX: Rename handle_vm{on,off}() to handle_vmx{on,off}() (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes jsc#PED-611). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes jsc#PED-611). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: x86/mmu: Fix wrong/misleading comments in TDP MMU fast zap (git-fixes). - KVM: x86/mmu: WARN if old _or_ new SPTE is REMOVED in non-atomic path (git-fixes). - KVM: x86/mmu: fix memoryleak in kvm_mmu_vendor_module_init() (git-fixes). - KVM: x86/pmu: Fix and isolate TSX-specific performance event logic (git-fixes). - KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog (git-fixes). - KVM: x86/pmu: Use different raw event masks for AMD and Intel (git-fixes). - KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (git-fixes). - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (git-fixes). - KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000001H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000006H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000008H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001AH (git-fixes). - KVM: x86: Report error when setting CPUID if Hyper-V allocation fails (git-fixes). - KVM: x86: Retry page fault if MMU reload is pending and root has no sp (bsc#1205744). - KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) (git-fixes). - KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits (git-fixes). - KVM: x86: avoid loading a vCPU after .vm_destroy was called (git-fixes). - KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes). - KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes). - KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes). - KVM: x86: emulator: update the emulation mode after rsm (git-fixes). - KVM: x86: use a separate asm-offsets.c file (git-fixes). - MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (git-fixes). - NFC: nci: Bounds check struct nfc_target arrays (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - PCI: Move PCI_VENDOR_ID_MICROSOFT/PCI_DEVICE_ID_HYPERV_VIDEO definitions to pci_ids.h (git-fixes). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (git-fixes). - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cm: Use SLID in the work completion as the DLID in responder side (git-fixes) - RDMA/cma: Use output interface for net_dev check (git-fixes) - RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (git-fixes) - RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes) - RDMA/hfi1: Prevent use of lock before it is initialized (git-fixes) - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (git-fixes) - RDMA/hns: Correct the type of variables participating in the shift operation (git-fixes) - RDMA/hns: Disable local invalidate operation (git-fixes) - RDMA/hns: Fix incorrect clearing of interrupt status register (git-fixes) - RDMA/hns: Fix supported page size (git-fixes) - RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (git-fixes) - RDMA/hns: Remove magic number (git-fixes) - RDMA/hns: Remove the num_cqc_timer variable (git-fixes) - RDMA/hns: Remove the num_qpc_timer variable (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/hns: Replace tab with space in the right-side comments (git-fixes) - RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (git-fixes) - RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (git-fixes) - RDMA/irdma: Use s/g array in post send only when its valid (git-fixes) - RDMA/mlx5: Set local port to one when accessing counters (git-fixes) - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (git-fixes) - RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (git-fixes) - RDMA/rtrs-srv: Fix modinfo output for stringify (git-fixes) - RDMA/rxe: Limit the number of calls to each tasklet (git-fixes) - RDMA/rxe: Remove useless pkt parameters (git-fixes) - Reduce client smbdirect max receive segment size (bsc#1193629). - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - SMB3: fix lease break timeout when multiple deferred close handles for the same file (bsc#1193629). - USB: bcma: Make GPIO explicitly optional (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - arcnet: fix potential memory leak in com20020_probe() (git-fixes). - arm64/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - arm64: Add AMPERE1 to the Spectre-BHB affected list (git-fixes). - arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (git-fixes) - arm64: dts: imx8: correct clock order (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes). - arm64: dts: imx8mn: Fix NAND controller size-cells (git-fixes). - arm64: dts: juno: Add thermal critical trip points (git-fixes). - arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (git-fixes). - arm64: dts: rockchip: add enable-strobe-pulldown to emmc phy on nanopi4 (git-fixes). - arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (git-fixes). - arm64: efi: Fix handling of misaligned runtime regions and drop warning (git-fixes). - arm64: entry: avoid kprobe recursion (git-fixes). - arm64: errata: Add Cortex-A55 to the repeat tlbi list (git-fixes). Enable CONFIG_ARM64_ERRATUM_2441007, too - arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default - arm64: fix rodata=full again (git-fixes) - ata: libata-core: do not issue non-internal commands once EH is pending (git-fixes). - ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (git-fixes). - ata: libata-scsi: simplify __ata_scsi_queuecmd() (git-fixes). - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - audit: fix undefined behavior in bit shift for AUDIT_BIT (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-mq: fix io hung due to missing commit_rqs (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block/rnbd-srv: Set keep_id to true after mutex_trylock (git-fixes). - block: add bio_start_io_acct_time() to control start_time (git-fixes). - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (git-fixes). - block: drop unused includes in <linux/genhd.h> (git-fixes). - bridge: switchdev: Fix memory leaks when changing VLAN protocol (git-fixes). - btrfs: check if root is readonly while setting security xattr (bsc#1206147). - btrfs: do not allow compression on nodatacow files (bsc#1206149). - btrfs: export a helper for compression hard check (bsc#1206149). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057). - btrfs: prevent subvol with swapfile from being deleted (bsc#1206035). - btrfs: send: always use the rbtree based inode ref management infrastructure (bsc#1206036). - btrfs: send: fix failures when processing inodes with no links (bsc#1206036). - btrfs: send: fix send failure of a subcase of orphan inodes (bsc#1206036). - btrfs: send: fix sending link commands for existing file paths (bsc#1206036). - btrfs: send: introduce recorded_ref_alloc and recorded_ref_free (bsc#1206036). - btrfs: send: refactor arguments of get_inode_info() (bsc#1206036). - btrfs: send: remove unused found_type parameter to lookup_dir_item_inode() (bsc#1206036). - btrfs: send: remove unused type parameter to iterate_inode_ref_t (bsc#1206036). - btrfs: send: use boolean types for current inode status (bsc#1206036). - bus: sunxi-rsb: Remove the shutdown callback (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - ca8210: Fix crash by zero initializing data (git-fixes). - can: af_can: fix NULL pointer dereference in can_rx_register() (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: etas_es58x: es58x_init_netdev(): free netdev when register_candev() (git-fixes). - can: j1939: j1939_send_one(): fix missing CAN header initialization (git-fixes). - can: m_can: Add check for devm_clk_get (git-fixes). - can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1206050). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1206051). - ceph: do not update snapshot context when there is no new snapshot (bsc#1206047). - ceph: fix inode reference leakage in ceph_get_snapdir() (bsc#1206048). - ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (bsc#1206049). - ceph: properly handle statfs on multifs setups (bsc#1206045). - ceph: switch netfs read ops to use rreq->inode instead of rreq->mapping->host (bsc#1206046). - char: tpm: Protect tpm_pm_suspend with locks (git-fixes). - cifs: Add constructor/destructors for tcon->cfid (bsc#1193629). - cifs: Add helper function to check smb1+ server (bsc#1193629). - cifs: Do not access tcon->cfids->cfid directly from is_path_accessible (bsc#1193629). - cifs: Do not use tcon->cfid directly, use the cfid we get from open_cached_dir (bsc#1193629). - cifs: Fix connections leak when tlink setup failed (git-fixes). - cifs: Fix memory leak on the deferred close (bsc#1193629). - cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1193629). - cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (bsc#1193629). - cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (bsc#1193629). - cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1193629). - cifs: Fix wrong return value checking when GETFLAGS (git-fixes). - cifs: Fix xid leak in cifs_copy_file_range() (bsc#1193629). - cifs: Fix xid leak in cifs_create() (bsc#1193629). - cifs: Fix xid leak in cifs_flock() (bsc#1193629). - cifs: Fix xid leak in cifs_get_file_info_unix() (bsc#1193629). - cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1193629). - cifs: Make tcon contain a wrapper structure cached_fids instead of cached_fid (bsc#1193629). - cifs: Move cached-dir functions into a separate file (bsc#1193629). - cifs: Replace a couple of one-element arrays with flexible-array members (bsc#1193629). - cifs: Use after free in debug code (git-fixes). - cifs: Use help macro to get the header preamble size (bsc#1193629). - cifs: Use help macro to get the mid header size (bsc#1193629). - cifs: add check for returning value of SMB2_close_init (git-fixes). - cifs: add check for returning value of SMB2_set_info_init (git-fixes). - cifs: add missing spinlock around tcon refcount (bsc#1193629). - cifs: alloc_mid function should be marked as static (bsc#1193629). - cifs: always initialize struct msghdr smb_msg completely (bsc#1193629). - cifs: always iterate smb sessions using primary channel (bsc#1193629). - cifs: avoid deadlocks while updating iface (bsc#1193629). - cifs: avoid unnecessary iteration of tcp sessions (bsc#1193629). - cifs: avoid use of global locks for high contention data (bsc#1193629). - cifs: cache the dirents for entries in a cached directory (bsc#1193629). - cifs: change iface_list from array to sorted linked list (bsc#1193629). - cifs: destage dirty pages before re-reading them for cache=none (bsc#1193629). - cifs: do not send down the destination address to sendmsg for a SOCK_STREAM (bsc#1193629). - cifs: drop the lease for cached directories on rmdir or rename (bsc#1193629). - cifs: during reconnect, update interface if necessary (bsc#1193629). - cifs: enable caching of directories for which a lease is held (bsc#1193629). - cifs: find and use the dentry for cached non-root directories also (bsc#1193629). - cifs: fix double-fault crash during ntlmssp (bsc#1193629). - cifs: fix lock length calculation (bsc#1193629). - cifs: fix memory leaks in session setup (bsc#1193629). - cifs: fix missing unlock in cifs_file_copychunk_range() (git-fixes). - cifs: fix race condition with delayed threads (bsc#1193629). - cifs: fix skipping to incorrect offset in emit_cached_dirents (bsc#1193629). - cifs: fix small mempool leak in SMB2_negotiate() (bsc#1193629). - cifs: fix static checker warning (bsc#1193629). - cifs: fix uninitialised var in smb2_compound_op() (bsc#1193629). - cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1193629). - cifs: fix use-after-free on the link name (bsc#1193629). - cifs: fix wrong unlock before return from cifs_tree_connect() (bsc#1193629). - cifs: improve handlecaching (bsc#1193629). - cifs: improve symlink handling for smb2+ (bsc#1193629). - cifs: lease key is uninitialized in smb1 paths (bsc#1193629). - cifs: lease key is uninitialized in two additional functions when smb1 (bsc#1193629). - cifs: list_for_each() -> list_for_each_entry() (bsc#1193629). - cifs: misc: fix spelling typo in comment (bsc#1193629). - cifs: move from strlcpy with unused retval to strscpy (bsc#1193629). - cifs: periodically query network interfaces from server (bsc#1193629). - cifs: populate empty hostnames for extra channels (bsc#1193629). - cifs: prevent copying past input buffer boundaries (bsc#1193629). - cifs: remove "cifs_" prefix from init/destroy mids functions (bsc#1193629). - cifs: remove initialization value (bsc#1193629). - cifs: remove minor build warning (bsc#1193629). - cifs: remove redundant initialization to variable mnt_sign_enabled (bsc#1193629). - cifs: remove remaining build warnings (bsc#1193629). - cifs: remove some camelCase and also some static build warnings (bsc#1193629). - cifs: remove unnecessary (void*) conversions (bsc#1193629). - cifs: remove unnecessary locking of chan_lock while freeing session (bsc#1193629). - cifs: remove unnecessary type castings (bsc#1193629). - cifs: remove unused server parameter from calc_smb_size() (bsc#1193629). - cifs: remove useless DeleteMidQEntry() (bsc#1193629). - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1193629). - cifs: replace kfree() with kfree_sensitive() for sensitive data (bsc#1193629). - cifs: return correct error in ->calc_signature() (bsc#1193629). - cifs: return errors during session setup during reconnects (bsc#1193629). - cifs: revalidate mapping when doing direct writes (bsc#1193629). - cifs: secmech: use shash_desc directly, remove sdesc (bsc#1193629). - cifs: set rc to -ENOENT if we can not get a dentry for the cached dir (bsc#1193629). - cifs: skip extra NULL byte in filenames (bsc#1193629). - cifs: store a pointer to a fid in the cfid structure instead of the struct (bsc#1193629). - cifs: truncate the inode and mapping when we simulate fcollapse (bsc#1193629). - cifs: update cifs_ses::ip_addr after failover (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use ALIGN() and round_up() macros (bsc#1193629). - cifs: use LIST_HEAD() and list_move() to simplify code (bsc#1193629). - cifs: when a channel is not found for server, log its connection id (bsc#1193629). - cifs: when insecure legacy is disabled shrink amount of SMB1 code (bsc#1193629). - clocksource/drivers/hyperv: add data structure for reference TSC MSR (git-fixes). - cpufreq: intel_pstate: Handle no_turbo in frequency invariance (jsc#PED-849). - cpufreq: intel_pstate: Support Sapphire Rapids OOB mode (jsc#PED-849). - cpuidle: intel_idle: Drop redundant backslash at line end (jsc#PED-1936). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm: fix double accounting of flush with data (git-fixes). - dm: interlock pending dm_io and dm_wait_for_bios_completion (git-fixes). - dm: properly fix redundant bio-based IO accounting (git-fixes). - dm: remove unnecessary assignment statement in alloc_dev() (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dm: revert partial fix for redundant bio-based IO accounting (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix concurrency over descriptor (git-fixes). - dmaengine: at_hdmac: Fix concurrency over the active list (git-fixes). - dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all() (git-fixes). - dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: at_hdmac: Fix premature completion of desc in issue_pending (git-fixes). - dmaengine: at_hdmac: Free the memset buf without holding the chan lock (git-fixes). - dmaengine: at_hdmac: Protect atchan->status with the channel lock (git-fixes). - dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - dmaengine: ti: k3-udma-glue: fix memory leak when register device fail (git-fixes). - docs, kprobes: Fix the wrong location of Kprobes (git-fixes). - docs/core-api: expand Fedora instructions for GCC plugins (git-fixes). - drm/amd/display: Add HUBP surface flip interrupt handler (git-fixes). - drm/amdgpu: disable BACO on special BEIGE_GOBY card (git-fixes). - drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() (git-fixes). - drm/amdkfd: Migrate in CPU page fault use current mm (git-fixes). - drm/amdkfd: avoid recursive lock in migrations back to RAM (git-fixes). - drm/amdkfd: handle CPU fault on COW mapping (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/hyperv: Add ratelimit on error message (git-fixes). - drm/hyperv: Do not overwrite dirt_needed value set by host (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/msm/hdmi: fix IRQ lifetime (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - dt-bindings: power: gpcv2: add power-domains property (git-fixes). - e1000e: Fix TX dispatch condition (git-fixes). - e100: Fix possible use after free in e100_xmit_prepare (git-fixes). - efi/tpm: Pass correct address to memblock_reserve (git-fixes). - efi: random: Use 'ACPI reclaim' memory for random seed (git-fixes). - efi: random: reduce seed size to 32 bytes (git-fixes). - firmware: arm_scmi: Make Rx chan_setup fail on memory errors (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - firmware: coreboot: Register bus in module init (git-fixes). - fm10k: Fix error handling in fm10k_init_module() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205332). - fuse: fix readdir cache race (bsc#1205331). - gpio: amd8111: Fix PCI device reference count leak (git-fixes). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_sock: Add validation for untrusted Hyper-V values (git-fixes). - hv_sock: Check hv_pkt_iter_first_raw()'s return value (git-fixes). - hv_sock: Copy packets sent by Hyper-V out of the ring buffer (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - hwmon: (ina3221) Fix shunt sum critical calculation (git-fixes). - hwmon: (ltc2947) fix temperature scaling (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set (git-fixes). - i2c: npcm7xx: Fix error handling in npcm_i2c_init() (git-fixes). - i2c: piix4: Fix adapter not be removed in piix4_remove() (git-fixes). - i2c: tegra: Allocate DMA memory for DMA engine (git-fixes). - i2c: xiic: Add platform module alias (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - ieee802154: cc2520: Fix error return code in cc2520_hw_init() (git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: adc: mp2629: fix potential array out of bound access (git-fixes). - iio: adc: mp2629: fix wrong comparison of channel (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: ms5611: Simplify IO callback parameters (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: pressure: ms5611: fixed value compensation bug (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash (git-fixes). - intel_idle: Add AlderLake support (jsc#PED-824). - intel_idle: Fix SPR C6 optimization (jsc#PED-824 jsc#PED-1936). - intel_idle: Fix the 'preferred_cstates' module parameter (jsc#PED-824 jsc#PED-1936). - intel_idle: make SPR C1 and C1E be independent (jsc#PED-1936). - io-wq: Remove duplicate code in io_workqueue_create() (bnc#1205113). - io-wq: do not retry task_work creation failure on fatal conditions (bnc#1205113). - io-wq: ensure we exit if thread group is exiting (git-fixes). - io-wq: exclusively gate signal based exit on get_signal() return (git-fixes). - io-wq: fix cancellation on create-worker failure (bnc#1205113). - io-wq: fix silly logic error in io_task_work_match() (bnc#1205113). - io_uring: correct __must_hold annotation (git-fixes). - io_uring: drop ctx->uring_lock before acquiring sqd->lock (git-fixes). - io_uring: ensure IORING_REGISTER_IOWQ_MAX_WORKERS works with SQPOLL (git-fixes). - io_uring: fix io_timeout_remove locking (git-fixes). - io_uring: fix missing mb() before waitqueue_active (git-fixes). - io_uring: fix missing sigmask restore in io_cqring_wait() (git-fixes). - io_uring: fix possible poll event lost in multi shot mode (git-fixes). - io_uring: pin SQPOLL data before unlocking ring lock (git-fixes). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - kABI: Fix kABI after "KVM: x86/pmu: Use different raw event masks for AMD and Intel" (git-fixes). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mac80211: radiotap: Use BIT() instead of shifts (git-fixes). - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (git-fixes). - macsec: Fix invalid error code set (git-fixes). - macsec: add missing attribute validation for offload (git-fixes). - macsec: clear encryption keys from the stack after setting up offload (git-fixes). - macsec: delete new rxsc when offload fails (git-fixes). - macsec: fix detection of RXSCs when toggling offloading (git-fixes). - macsec: fix secy->n_rx_sc accounting (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (git-fixes). - md: Replace snprintf with scnprintf (git-fixes, bsc#1164051). - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: rkisp1: Do not pass the quantization to rkisp1_csm_config() (git-fixes). - media: rkisp1: Initialize color space on resizer sink and source pads (git-fixes). - media: rkisp1: Use correct macro for gradient registers (git-fixes). - media: rkisp1: Zero v4l2_subdev_format fields in when validating links (git-fixes). - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: v4l: subdev: Fail graciously when getting try data for NULL state (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: Fix ambiguous TRIM and DISCARD arg (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: mmc_test: Fix removal of debugfs file (git-fixes). - mmc: sdhci-brcmstb: Enable Clock Gating to save power (git-fixes). - mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-brcmstb: Re-organize flags (git-fixes). - mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check (git-fixes). - mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - mmc: sdhci-sprd: Fix no reset data and command after voltage switch (git-fixes). - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mtd: parsers: bcm47xxpart: Fix halfblock reads (git-fixes). - mtd: parsers: bcm47xxpart: print correct offset on read error (git-fixes). - mtd: spi-nor: intel-spi: Disable write protection only if asked (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - net/smc: Avoid overwriting the copies of clcsock callback functions (git-fixes). - net/smc: Fix an error code in smc_lgr_create() (git-fixes). - net/smc: Fix possible access to freed memory in link clear (git-fixes). - net/smc: Fix possible leaked pernet namespace in smc_init() (git-fixes). - net/smc: Fix slab-out-of-bounds issue in fallback (git-fixes). - net/smc: Fix sock leak when release after smc_shutdown() (git-fixes). - net/smc: Forward wakeup to smc socket waitqueue after fallback (git-fixes). - net/smc: Only save the original clcsock callback functions (git-fixes). - net/smc: Send directly when TCP_CORK is cleared (git-fixes). - net/smc: kABI workarounds for struct smc_link (git-fixes). - net/smc: kABI workarounds for struct smc_sock (git-fixes). - net/smc: send directly on setting TCP_NODELAY (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: ethernet: ti: am65-cpsw: fix error handling in am65_cpsw_nuss_probe() (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: mdio: fix unbalanced fwnode reference count in mdio_device_release() (git-fixes). - net: mdiobus: fix unbalanced node reference count (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: phy: marvell: add sleep time after enabling the loopback bit (git-fixes). - net: phy: mscc: macsec: clear encryption keys when freeing a flow (git-fixes). - net: smsc95xx: add support for Microchip EVB-LAN8670-USB (git-fixes). - net: stmmac: work around sporadic tx issue on link-up (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: thunderbolt: fix memory leak in tbnet_open() (git-fixes). - net: thunderx: Fix the ACPI memory leak (git-fixes). - net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes). - net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type (git-fixes). - net: wwan: iosm: fix kernel test robot reported error (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (git-fixes). - nilfs2: fix deadlock in nilfs_count_free_blocks() (git-fixes). - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (git-fixes). - nilfs2: fix use-after-free bug of ns_writer on remount (git-fixes). - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (git-fixes). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: ralink: mt7621-pci: add sentinel to quirks table (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - pinctrl: intel: Save and restore pins in "direct IRQ" mode (git-fixes). - pinctrl: rockchip: list all pins in a possible mux route for PX30 (git-fixes). - pinctrl: single: Fix potential division by zero (git-fixes). - platform/surface: aggregator: Do not check for repeated unsequenced packets (git-fixes). - platform/x86/intel/pmt: Sapphire Rapids PMT errata fix (jsc#PED-2684 bsc#1205683). - platform/x86/intel: hid: add quirk to support Surface Go 3 (git-fixes). - platform/x86/intel: pmc: Do not unconditionally attach Intel PMC when virtualized (git-fixes). - platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (git-fixes). - platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (git-fixes). - platform/x86: hp-wmi: Ignore Smart Experience App event (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - platform/x86: ideapad-laptop: Disable touchpad_switch (git-fixes). - platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 (git-fixes). - powerpc/64: Fix build failure with allyesconfig in book3s_64_entry.S (bsc#1194869). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - powerpc/pseries/vas: Declare pseries_vas_fault_thread_fn() as static (bsc#1194869). - proc: avoid integer type confusion in get_proc_long (git-fixes). - proc: proc_skip_spaces() shouldn't think it is working on C strings (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205427 LTC#200502). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (bsc#1205427 LTC#200502). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390: fix nospec table alignments (git-fixes). - sched: Clear ttwu_pending after enqueue_task() (git fixes (sched/core)). - sched: Disable sched domain debugfs creation on ppc64 unless sched_verbose is specified (bnc#1205653). - scripts/faddr2line: Fix regression in name resolution on ppc64le (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qedf: Populate sysfs attributes for vport (git-fixes). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix typo in comment (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: remove an extraneous "to" in a comment (git-fixes). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - selftests/intel_pstate: fix build for ARCH=x86_64 (git-fixes). - selftests: mptcp: fix mibit vs mbit mix up (git-fixes). - selftests: mptcp: make sendfile selftest work (git-fixes). - selftests: mptcp: more stable simult_flows tests (git-fixes). - selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload (git-fixes). - serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() (git-fixes). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: Flush DMA Rx on RLSI (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - smb2: small refactor in smb2_check_message() (bsc#1193629). - smb3: Move the flush out of smb2_copychunk_range() into its callers (bsc#1193629). - smb3: add dynamic trace points for tree disconnect (bsc#1193629). - smb3: add trace point for SMB2_set_eof (bsc#1193629). - smb3: allow deferred close timeout to be configurable (bsc#1193629). - smb3: check xattr value length earlier (bsc#1193629). - smb3: clarify multichannel warning (bsc#1193629). - smb3: do not log confusing message when server returns no network interfaces (bsc#1193629). - smb3: fix empty netname context on secondary channels (bsc#1193629). - smb3: fix oops in calculating shash_setkey (bsc#1193629). - smb3: fix temporary data corruption in collapse range (bsc#1193629). - smb3: fix temporary data corruption in insert range (bsc#1193629). - smb3: improve SMB3 change notification support (bsc#1193629). - smb3: interface count displayed incorrectly (bsc#1193629). - smb3: missing inode locks in punch hole (bsc#1193629). - smb3: missing inode locks in zero range (bsc#1193629). - smb3: must initialize two ACL struct fields to zero (bsc#1193629). - smb3: remove unneeded null check in cifs_readdir (bsc#1193629). - smb3: rename encryption/decryption TFMs (bsc#1193629). - smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait (bsc#1193629). - smb3: use netname when available on secondary channels (bsc#1193629). - smb3: workaround negprot bug in some Samba servers (bsc#1193629). - soc: imx8m: Enable OCOTP clock before reading the register (git-fixes). - soundwire: intel: Initialize clock stop timeout (bsc#1205507). - soundwire: qcom: check for outanding writes before doing a read (git-fixes). - soundwire: qcom: reinit broadcast completion (git-fixes). - speakup: fix a segfault caused by switching consoles (git-fixes). - spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (git-fixes). - spi: tegra210-quad: Fix duplicate resource error (git-fixes). - thunderbolt: Add DP OUT resource when DP tunnel is discovered (git-fixes). - tools: hv: Remove an extraneous "the" (git-fixes). - tools: hv: kvp: remove unnecessary (void*) conversions (git-fixes). - tools: iio: iio_generic_buffer: Fix read size (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() (git-fixes). - tracing: Fix memory leak in tracing_read_pipe() (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() (git-fixes). - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (git-fixes). - tty: serial: fsl_lpuart: do not break the on-going transfer when global reset (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: cdns3: host: fix endless superspeed hub port reset (git-fixes). - usb: cdnsp: Fix issue with Clear Feature Halt Endpoint (git-fixes). - usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Return -ESHUTDOWN on ep disable (git-fixes). - usb: dwc3: gadget: conditionally remove requests (git-fixes). - usb: smsc: use eth_hw_addr_set() (git-fixes). - usb: typec: mux: Enter safe mode only when pins need to be reconfigured (git-fixes). - usb: xhci-mtk: check boundary before check tt (git-fixes). - usb: xhci-mtk: update fs bus bandwidth by bw_budget_table (git-fixes). - usbnet: smsc95xx: Do not reset PHY behind PHY driver's back (git-fixes). - v3 of "PCI: hv: Only reuse existing IRTE allocation for Multi-MSI" - video/fbdev/stifb: Implement the stifb_fillrect() function (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - vmxnet3: correctly report encapsulated LRO packet (git-fixes). - vmxnet3: use correct intrConf reference when using extended queues (git-fixes). - wifi: airo: do not assign -1 to unsigned char (git-fixes). - wifi: ath11k: Fix QCN9074 firmware boot on x86 (git-fixes). - wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() (git-fixes). - wifi: cfg80211: do not allow multi-BSSID in S1G (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac80211: Fix ack frame idr leak when mesh has no route (git-fixes). - wifi: mac80211: fix memory free error when registering wiphy fail (git-fixes). - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - wifi: wext: use flex array destination for memcpy() (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute (git-fixes). - wifi: wilc1000: validate number of channels (git-fixes). - wifi: wilc1000: validate pairwise and authentication suite offsets (git-fixes). - x86/Xen: streamline (and fix) PV CPU enumeration (git-fixes). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/entry: Work around Clang __bdos() bug (git-fixes). - x86/extable: Extend extable functionality (git-fixes). - x86/fpu: Drop fpregs lock before inheriting FPU permissions (bnc#1205282). - x86/futex: Remove .fixup usage (git-fixes). - x86/hyperv: Disable hardlockup detector by default in Hyper-V guests (git-fixes). - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: Update 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: fix invalid writes to MSRs during root partition kexec (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/uaccess: Implement macros for CMPXCHG on user addresses (git-fixes). - xen/gntdev: Accommodate VMA splitting (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xfs: convert XLOG_FORCED_SHUTDOWN() to xlog_is_shutdown() (git-fixes). - xfs: fix perag reference leak on iteration race with growfs (git-fixes). - xfs: fix xfs_ifree() error handling to not leak perag ref (git-fixes). - xfs: reserve quota for dir expansion when linking/unlinking files (bsc#1205616). - xfs: reserve quota for target dir expansion when renaming files (bsc#1205679). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4585=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4585=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-4585=1 - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-4585=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-4585=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4585=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4585=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4585=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-4585=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): kernel-default-5.14.21-150400.24.38.1 kernel-default-base-5.14.21-150400.24.38.1.150400.24.13.2 kernel-default-debuginfo-5.14.21-150400.24.38.1 kernel-default-debugsource-5.14.21-150400.24.38.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.14.21-150400.24.38.1 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.38.1 dlm-kmp-default-5.14.21-150400.24.38.1 dlm-kmp-default-debuginfo-5.14.21-150400.24.38.1 gfs2-kmp-default-5.14.21-150400.24.38.1 gfs2-kmp-default-debuginfo-5.14.21-150400.24.38.1 kernel-default-5.14.21-150400.24.38.1 kernel-default-base-5.14.21-150400.24.38.1.150400.24.13.2 kernel-default-base-rebuild-5.14.21-150400.24.38.1.150400.24.13.2 kernel-default-debuginfo-5.14.21-150400.24.38.1 kernel-default-debugsource-5.14.21-150400.24.38.1 kernel-default-devel-5.14.21-150400.24.38.1 kernel-default-devel-debuginfo-5.14.21-150400.24.38.1 kernel-default-extra-5.14.21-150400.24.38.1 kernel-default-extra-debuginfo-5.14.21-150400.24.38.1 kernel-default-livepatch-5.14.21-150400.24.38.1 kernel-default-livepatch-devel-5.14.21-150400.24.38.1 kernel-default-optional-5.14.21-150400.24.38.1 kernel-default-optional-debuginfo-5.14.21-150400.24.38.1 kernel-obs-build-5.14.21-150400.24.38.1 kernel-obs-build-debugsource-5.14.21-150400.24.38.1 kernel-obs-qa-5.14.21-150400.24.38.1 kernel-syms-5.14.21-150400.24.38.1 kselftests-kmp-default-5.14.21-150400.24.38.1 kselftests-kmp-default-debuginfo-5.14.21-150400.24.38.1 ocfs2-kmp-default-5.14.21-150400.24.38.1 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.38.1 reiserfs-kmp-default-5.14.21-150400.24.38.1 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.38.1 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): kernel-kvmsmall-5.14.21-150400.24.38.1 kernel-kvmsmall-debuginfo-5.14.21-150400.24.38.1 kernel-kvmsmall-debugsource-5.14.21-150400.24.38.1 kernel-kvmsmall-devel-5.14.21-150400.24.38.1 kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.38.1 kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.38.1 - openSUSE Leap 15.4 (ppc64le x86_64): kernel-debug-5.14.21-150400.24.38.1 kernel-debug-debuginfo-5.14.21-150400.24.38.1 kernel-debug-debugsource-5.14.21-150400.24.38.1 kernel-debug-devel-5.14.21-150400.24.38.1 kernel-debug-devel-debuginfo-5.14.21-150400.24.38.1 kernel-debug-livepatch-devel-5.14.21-150400.24.38.1 - openSUSE Leap 15.4 (aarch64): cluster-md-kmp-64kb-5.14.21-150400.24.38.1 cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.38.1 dlm-kmp-64kb-5.14.21-150400.24.38.1 dlm-kmp-64kb-debuginfo-5.14.21-150400.24.38.1 dtb-allwinner-5.14.21-150400.24.38.1 dtb-altera-5.14.21-150400.24.38.1 dtb-amazon-5.14.21-150400.24.38.1 dtb-amd-5.14.21-150400.24.38.1 dtb-amlogic-5.14.21-150400.24.38.1 dtb-apm-5.14.21-150400.24.38.1 dtb-apple-5.14.21-150400.24.38.1 dtb-arm-5.14.21-150400.24.38.1 dtb-broadcom-5.14.21-150400.24.38.1 dtb-cavium-5.14.21-150400.24.38.1 dtb-exynos-5.14.21-150400.24.38.1 dtb-freescale-5.14.21-150400.24.38.1 dtb-hisilicon-5.14.21-150400.24.38.1 dtb-lg-5.14.21-150400.24.38.1 dtb-marvell-5.14.21-150400.24.38.1 dtb-mediatek-5.14.21-150400.24.38.1 dtb-nvidia-5.14.21-150400.24.38.1 dtb-qcom-5.14.21-150400.24.38.1 dtb-renesas-5.14.21-150400.24.38.1 dtb-rockchip-5.14.21-150400.24.38.1 dtb-socionext-5.14.21-150400.24.38.1 dtb-sprd-5.14.21-150400.24.38.1 dtb-xilinx-5.14.21-150400.24.38.1 gfs2-kmp-64kb-5.14.21-150400.24.38.1 gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.38.1 kernel-64kb-5.14.21-150400.24.38.1 kernel-64kb-debuginfo-5.14.21-150400.24.38.1 kernel-64kb-debugsource-5.14.21-150400.24.38.1 kernel-64kb-devel-5.14.21-150400.24.38.1 kernel-64kb-devel-debuginfo-5.14.21-150400.24.38.1 kernel-64kb-extra-5.14.21-150400.24.38.1 kernel-64kb-extra-debuginfo-5.14.21-150400.24.38.1 kernel-64kb-livepatch-devel-5.14.21-150400.24.38.1 kernel-64kb-optional-5.14.21-150400.24.38.1 kernel-64kb-optional-debuginfo-5.14.21-150400.24.38.1 kselftests-kmp-64kb-5.14.21-150400.24.38.1 kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.38.1 ocfs2-kmp-64kb-5.14.21-150400.24.38.1 ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.38.1 reiserfs-kmp-64kb-5.14.21-150400.24.38.1 reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.38.1 - openSUSE Leap 15.4 (noarch): kernel-devel-5.14.21-150400.24.38.1 kernel-docs-5.14.21-150400.24.38.1 kernel-docs-html-5.14.21-150400.24.38.1 kernel-macros-5.14.21-150400.24.38.1 kernel-source-5.14.21-150400.24.38.1 kernel-source-vanilla-5.14.21-150400.24.38.1 - openSUSE Leap 15.4 (s390x): kernel-zfcpdump-5.14.21-150400.24.38.1 kernel-zfcpdump-debuginfo-5.14.21-150400.24.38.1 kernel-zfcpdump-debugsource-5.14.21-150400.24.38.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): kernel-default-debuginfo-5.14.21-150400.24.38.1 kernel-default-debugsource-5.14.21-150400.24.38.1 kernel-default-extra-5.14.21-150400.24.38.1 kernel-default-extra-debuginfo-5.14.21-150400.24.38.1 - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-default-debuginfo-5.14.21-150400.24.38.1 kernel-default-debugsource-5.14.21-150400.24.38.1 kernel-default-livepatch-5.14.21-150400.24.38.1 kernel-default-livepatch-devel-5.14.21-150400.24.38.1 kernel-livepatch-5_14_21-150400_24_38-default-1-150400.9.3.2 kernel-livepatch-5_14_21-150400_24_38-default-debuginfo-1-150400.9.3.2 kernel-livepatch-SLE15-SP4_Update_6-debugsource-1-150400.9.3.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.14.21-150400.24.38.1 kernel-default-debugsource-5.14.21-150400.24.38.1 reiserfs-kmp-default-5.14.21-150400.24.38.1 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.38.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.14.21-150400.24.38.1 kernel-obs-build-debugsource-5.14.21-150400.24.38.1 kernel-syms-5.14.21-150400.24.38.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): kernel-docs-5.14.21-150400.24.38.1 kernel-source-5.14.21-150400.24.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-5.14.21-150400.24.38.1 kernel-default-base-5.14.21-150400.24.38.1.150400.24.13.2 kernel-default-debuginfo-5.14.21-150400.24.38.1 kernel-default-debugsource-5.14.21-150400.24.38.1 kernel-default-devel-5.14.21-150400.24.38.1 kernel-default-devel-debuginfo-5.14.21-150400.24.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64): kernel-64kb-5.14.21-150400.24.38.1 kernel-64kb-debuginfo-5.14.21-150400.24.38.1 kernel-64kb-debugsource-5.14.21-150400.24.38.1 kernel-64kb-devel-5.14.21-150400.24.38.1 kernel-64kb-devel-debuginfo-5.14.21-150400.24.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): kernel-devel-5.14.21-150400.24.38.1 kernel-macros-5.14.21-150400.24.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (s390x): kernel-zfcpdump-5.14.21-150400.24.38.1 kernel-zfcpdump-debuginfo-5.14.21-150400.24.38.1 kernel-zfcpdump-debugsource-5.14.21-150400.24.38.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): kernel-default-5.14.21-150400.24.38.1 kernel-default-base-5.14.21-150400.24.38.1.150400.24.13.2 kernel-default-debuginfo-5.14.21-150400.24.38.1 kernel-default-debugsource-5.14.21-150400.24.38.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.14.21-150400.24.38.1 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.38.1 dlm-kmp-default-5.14.21-150400.24.38.1 dlm-kmp-default-debuginfo-5.14.21-150400.24.38.1 gfs2-kmp-default-5.14.21-150400.24.38.1 gfs2-kmp-default-debuginfo-5.14.21-150400.24.38.1 kernel-default-debuginfo-5.14.21-150400.24.38.1 kernel-default-debugsource-5.14.21-150400.24.38.1 ocfs2-kmp-default-5.14.21-150400.24.38.1 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.38.1 References: https://www.suse.com/security/cve/CVE-2022-2602.html https://www.suse.com/security/cve/CVE-2022-3176.html https://www.suse.com/security/cve/CVE-2022-3566.html https://www.suse.com/security/cve/CVE-2022-3567.html https://www.suse.com/security/cve/CVE-2022-3635.html https://www.suse.com/security/cve/CVE-2022-3643.html https://www.suse.com/security/cve/CVE-2022-3707.html https://www.suse.com/security/cve/CVE-2022-3903.html https://www.suse.com/security/cve/CVE-2022-4095.html https://www.suse.com/security/cve/CVE-2022-4129.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-41850.html https://www.suse.com/security/cve/CVE-2022-41858.html https://www.suse.com/security/cve/CVE-2022-42328.html https://www.suse.com/security/cve/CVE-2022-42329.html https://www.suse.com/security/cve/CVE-2022-42895.html https://www.suse.com/security/cve/CVE-2022-42896.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://www.suse.com/security/cve/CVE-2022-45869.html https://www.suse.com/security/cve/CVE-2022-45888.html https://www.suse.com/security/cve/CVE-2022-45934.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1164051 https://bugzilla.suse.com/1184350 https://bugzilla.suse.com/1189297 https://bugzilla.suse.com/1190256 https://bugzilla.suse.com/1193629 https://bugzilla.suse.com/1194869 https://bugzilla.suse.com/1202341 https://bugzilla.suse.com/1203183 https://bugzilla.suse.com/1203391 https://bugzilla.suse.com/1203511 https://bugzilla.suse.com/1203960 https://bugzilla.suse.com/1204228 https://bugzilla.suse.com/1204405 https://bugzilla.suse.com/1204414 https://bugzilla.suse.com/1204631 https://bugzilla.suse.com/1204636 https://bugzilla.suse.com/1204693 https://bugzilla.suse.com/1204780 https://bugzilla.suse.com/1204810 https://bugzilla.suse.com/1204850 https://bugzilla.suse.com/1205007 https://bugzilla.suse.com/1205100 https://bugzilla.suse.com/1205111 https://bugzilla.suse.com/1205113 https://bugzilla.suse.com/1205128 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205149 https://bugzilla.suse.com/1205153 https://bugzilla.suse.com/1205220 https://bugzilla.suse.com/1205264 https://bugzilla.suse.com/1205282 https://bugzilla.suse.com/1205331 https://bugzilla.suse.com/1205332 https://bugzilla.suse.com/1205427 https://bugzilla.suse.com/1205428 https://bugzilla.suse.com/1205473 https://bugzilla.suse.com/1205507 https://bugzilla.suse.com/1205514 https://bugzilla.suse.com/1205521 https://bugzilla.suse.com/1205567 https://bugzilla.suse.com/1205616 https://bugzilla.suse.com/1205617 https://bugzilla.suse.com/1205653 https://bugzilla.suse.com/1205671 https://bugzilla.suse.com/1205679 https://bugzilla.suse.com/1205683 https://bugzilla.suse.com/1205700 https://bugzilla.suse.com/1205705 https://bugzilla.suse.com/1205709 https://bugzilla.suse.com/1205711 https://bugzilla.suse.com/1205744 https://bugzilla.suse.com/1205764 https://bugzilla.suse.com/1205796 https://bugzilla.suse.com/1205882 https://bugzilla.suse.com/1205993 https://bugzilla.suse.com/1206035 https://bugzilla.suse.com/1206036 https://bugzilla.suse.com/1206037 https://bugzilla.suse.com/1206045 https://bugzilla.suse.com/1206046 https://bugzilla.suse.com/1206047 https://bugzilla.suse.com/1206048 https://bugzilla.suse.com/1206049 https://bugzilla.suse.com/1206050 https://bugzilla.suse.com/1206051 https://bugzilla.suse.com/1206056 https://bugzilla.suse.com/1206057 https://bugzilla.suse.com/1206113 https://bugzilla.suse.com/1206114 https://bugzilla.suse.com/1206147 https://bugzilla.suse.com/1206149 https://bugzilla.suse.com/1206207

1 0

SUSE-SU-2022:4586-1: important: Security update for openssl-3
by opensuse-security＠opensuse.org 20 Dec '22

20 Dec '22

SUSE Security Update: Security update for openssl-3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4586-1 Rating: important References: #1206374 Cross-References: CVE-2022-3786 CVE-2022-3996 CVSS scores: CVE-2022-3786 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3786 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3996 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3996 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openssl-3 fixes the following issues: - CVE-2022-3996: Fixed X.509 Policy Constraints Double Locking (bsc#1206374) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4586=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4586=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libopenssl-3-devel-3.0.1-150400.4.14.1 libopenssl3-3.0.1-150400.4.14.1 libopenssl3-debuginfo-3.0.1-150400.4.14.1 openssl-3-3.0.1-150400.4.14.1 openssl-3-debuginfo-3.0.1-150400.4.14.1 openssl-3-debugsource-3.0.1-150400.4.14.1 - openSUSE Leap 15.4 (noarch): openssl-3-doc-3.0.1-150400.4.14.1 - openSUSE Leap 15.4 (x86_64): libopenssl-3-devel-32bit-3.0.1-150400.4.14.1 libopenssl3-32bit-3.0.1-150400.4.14.1 libopenssl3-32bit-debuginfo-3.0.1-150400.4.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-3-devel-3.0.1-150400.4.14.1 libopenssl3-3.0.1-150400.4.14.1 libopenssl3-debuginfo-3.0.1-150400.4.14.1 openssl-3-3.0.1-150400.4.14.1 openssl-3-debuginfo-3.0.1-150400.4.14.1 openssl-3-debugsource-3.0.1-150400.4.14.1 References: https://www.suse.com/security/cve/CVE-2022-3786.html https://www.suse.com/security/cve/CVE-2022-3996.html https://bugzilla.suse.com/1206374

1 0

SUSE-SU-2022:4579-1: important: Security update for MozillaThunderbird
by opensuse-security＠opensuse.org 20 Dec '22

20 Dec '22

SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4579-1 Rating: important References: #1206242 Cross-References: CVE-2022-46872 CVE-2022-46874 CVE-2022-46875 CVE-2022-46878 CVE-2022-46880 CVE-2022-46881 CVE-2022-46882 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: Update to version 102.6 (bsc#1206242): - CVE-2022-46880: Use-after-free in WebGL - CVE-2022-46872: Arbitrary file read from a compromised content process - CVE-2022-46881: Memory corruption in WebGL - CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions - CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS - CVE-2022-46882: Use-after-free in WebGL - CVE-2022-46878: Memory safety bugs fixed in Thunderbird 102.6 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4579=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4579=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-4579=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4579=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-102.6.0-150200.8.96.1 MozillaThunderbird-debuginfo-102.6.0-150200.8.96.1 MozillaThunderbird-debugsource-102.6.0-150200.8.96.1 MozillaThunderbird-translations-common-102.6.0-150200.8.96.1 MozillaThunderbird-translations-other-102.6.0-150200.8.96.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-102.6.0-150200.8.96.1 MozillaThunderbird-debuginfo-102.6.0-150200.8.96.1 MozillaThunderbird-debugsource-102.6.0-150200.8.96.1 MozillaThunderbird-translations-common-102.6.0-150200.8.96.1 MozillaThunderbird-translations-other-102.6.0-150200.8.96.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): MozillaThunderbird-102.6.0-150200.8.96.1 MozillaThunderbird-debuginfo-102.6.0-150200.8.96.1 MozillaThunderbird-debugsource-102.6.0-150200.8.96.1 MozillaThunderbird-translations-common-102.6.0-150200.8.96.1 MozillaThunderbird-translations-other-102.6.0-150200.8.96.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): MozillaThunderbird-102.6.0-150200.8.96.1 MozillaThunderbird-debuginfo-102.6.0-150200.8.96.1 MozillaThunderbird-debugsource-102.6.0-150200.8.96.1 MozillaThunderbird-translations-common-102.6.0-150200.8.96.1 MozillaThunderbird-translations-other-102.6.0-150200.8.96.1 References: https://www.suse.com/security/cve/CVE-2022-46872.html https://www.suse.com/security/cve/CVE-2022-46874.html https://www.suse.com/security/cve/CVE-2022-46875.html https://www.suse.com/security/cve/CVE-2022-46878.html https://www.suse.com/security/cve/CVE-2022-46880.html https://www.suse.com/security/cve/CVE-2022-46881.html https://www.suse.com/security/cve/CVE-2022-46882.html https://bugzilla.suse.com/1206242

1 0

SUSE-SU-2022:4574-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 19 Dec '22

19 Dec '22

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4574-1 Rating: important References: #1198702 #1199365 #1200788 #1200845 #1201455 #1202686 #1203008 #1203183 #1203290 #1203322 #1203514 #1203860 #1203960 #1204017 #1204166 #1204170 #1204354 #1204355 #1204402 #1204414 #1204415 #1204424 #1204431 #1204432 #1204439 #1204446 #1204479 #1204574 #1204576 #1204631 #1204635 #1204636 #1204646 #1204647 #1204653 #1204850 #1204868 #1205006 #1205128 #1205220 #1205473 #1205514 #1205617 #1205671 #1205796 #1206113 #1206114 #1206207 Cross-References: CVE-2021-4037 CVE-2022-2153 CVE-2022-28693 CVE-2022-2964 CVE-2022-3169 CVE-2022-3424 CVE-2022-3521 CVE-2022-3524 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3567 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3628 CVE-2022-3629 CVE-2022-3635 CVE-2022-3643 CVE-2022-3646 CVE-2022-3649 CVE-2022-3903 CVE-2022-40307 CVE-2022-40768 CVE-2022-4095 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42703 CVE-2022-42895 CVE-2022-42896 CVE-2022-43750 CVE-2022-4378 CVE-2022-43945 CVE-2022-45934 CVSS scores: CVE-2021-4037 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4037 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-2153 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2153 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-28693 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3521 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3521 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3594 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3594 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3629 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3629 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3643 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2022-3643 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-3646 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3646 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3649 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3649 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40307 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40307 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-43750 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 36 vulnerabilities and has 12 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bsc#1203322). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-3545: Fixed a use-after-free vulnerability is area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355). - CVE-2022-2153: Fixed a NULL pointer dereference in KVM when attempting to set a SynIC IRQ (bsc#1200788). The following non-security bugs were fixed: - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Move __vmbus_open() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Add validation for untrusted Hyper-V values (bsc#1204017). - hv_netvsc: Cache the current data path to avoid duplicate call and message (bsc#1204017). - hv_netvsc: Check VF datapath when sending traffic to VF (bsc#1204017). - hv_netvsc: Fix error handling in netvsc_set_features() (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (bsc#1204017). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Remove unnecessary round_up for recv_completion_cnt (bsc#1204017). - hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive() (bsc#1204017). - hv_netvsc: Sync offloading features to VF NIC (git-fixes). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: netvsc: remove break after return (git-fixes). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (bsc#1204017). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017, bsc#1203860, bsc#1205617). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017, bsc#1205617). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: hv: Support for create interrupt v3 (git-fixes). - PCI: hv: Use struct_size() helper (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - Revert "scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback()" (bsc#1204017). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - sunrpc: Re-purpose trace_svc_process (bsc#1205006). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: Set pv_info.name to "Hyper-V" (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4574=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4574=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4574=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4574=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4574=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-4574=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4574=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4574=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-4574=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4574=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): kernel-default-base-debuginfo-4.12.14-150100.197.131.1 kernel-vanilla-4.12.14-150100.197.131.1 kernel-vanilla-base-4.12.14-150100.197.131.1 kernel-vanilla-base-debuginfo-4.12.14-150100.197.131.1 kernel-vanilla-debuginfo-4.12.14-150100.197.131.1 kernel-vanilla-debugsource-4.12.14-150100.197.131.1 kernel-vanilla-devel-4.12.14-150100.197.131.1 kernel-vanilla-devel-debuginfo-4.12.14-150100.197.131.1 kernel-vanilla-livepatch-devel-4.12.14-150100.197.131.1 - openSUSE Leap 15.4 (ppc64le x86_64): kernel-debug-base-4.12.14-150100.197.131.1 kernel-debug-base-debuginfo-4.12.14-150100.197.131.1 - openSUSE Leap 15.4 (x86_64): kernel-kvmsmall-base-4.12.14-150100.197.131.1 kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.131.1 - openSUSE Leap 15.4 (s390x): kernel-default-man-4.12.14-150100.197.131.1 kernel-zfcpdump-man-4.12.14-150100.197.131.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): kernel-default-base-debuginfo-4.12.14-150100.197.131.1 kernel-vanilla-4.12.14-150100.197.131.1 kernel-vanilla-base-4.12.14-150100.197.131.1 kernel-vanilla-base-debuginfo-4.12.14-150100.197.131.1 kernel-vanilla-debuginfo-4.12.14-150100.197.131.1 kernel-vanilla-debugsource-4.12.14-150100.197.131.1 kernel-vanilla-devel-4.12.14-150100.197.131.1 kernel-vanilla-devel-debuginfo-4.12.14-150100.197.131.1 kernel-vanilla-livepatch-devel-4.12.14-150100.197.131.1 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-base-4.12.14-150100.197.131.1 kernel-debug-base-debuginfo-4.12.14-150100.197.131.1 - openSUSE Leap 15.3 (x86_64): kernel-kvmsmall-base-4.12.14-150100.197.131.1 kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.131.1 - openSUSE Leap 15.3 (s390x): kernel-default-man-4.12.14-150100.197.131.1 kernel-zfcpdump-man-4.12.14-150100.197.131.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): kernel-default-4.12.14-150100.197.131.1 kernel-default-base-4.12.14-150100.197.131.1 kernel-default-base-debuginfo-4.12.14-150100.197.131.1 kernel-default-debuginfo-4.12.14-150100.197.131.1 kernel-default-debugsource-4.12.14-150100.197.131.1 kernel-default-devel-4.12.14-150100.197.131.1 kernel-default-devel-debuginfo-4.12.14-150100.197.131.1 kernel-obs-build-4.12.14-150100.197.131.1 kernel-obs-build-debugsource-4.12.14-150100.197.131.1 kernel-syms-4.12.14-150100.197.131.1 reiserfs-kmp-default-4.12.14-150100.197.131.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.131.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): kernel-devel-4.12.14-150100.197.131.1 kernel-docs-4.12.14-150100.197.131.1 kernel-macros-4.12.14-150100.197.131.1 kernel-source-4.12.14-150100.197.131.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-150100.197.131.1 kernel-default-base-4.12.14-150100.197.131.1 kernel-default-base-debuginfo-4.12.14-150100.197.131.1 kernel-default-debuginfo-4.12.14-150100.197.131.1 kernel-default-debugsource-4.12.14-150100.197.131.1 kernel-default-devel-4.12.14-150100.197.131.1 kernel-default-devel-debuginfo-4.12.14-150100.197.131.1 kernel-obs-build-4.12.14-150100.197.131.1 kernel-obs-build-debugsource-4.12.14-150100.197.131.1 kernel-syms-4.12.14-150100.197.131.1 reiserfs-kmp-default-4.12.14-150100.197.131.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.131.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): kernel-devel-4.12.14-150100.197.131.1 kernel-docs-4.12.14-150100.197.131.1 kernel-macros-4.12.14-150100.197.131.1 kernel-source-4.12.14-150100.197.131.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): kernel-default-man-4.12.14-150100.197.131.1 kernel-zfcpdump-debuginfo-4.12.14-150100.197.131.1 kernel-zfcpdump-debugsource-4.12.14-150100.197.131.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): kernel-devel-4.12.14-150100.197.131.1 kernel-docs-4.12.14-150100.197.131.1 kernel-macros-4.12.14-150100.197.131.1 kernel-source-4.12.14-150100.197.131.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): kernel-default-4.12.14-150100.197.131.1 kernel-default-base-4.12.14-150100.197.131.1 kernel-default-base-debuginfo-4.12.14-150100.197.131.1 kernel-default-debuginfo-4.12.14-150100.197.131.1 kernel-default-debugsource-4.12.14-150100.197.131.1 kernel-default-devel-4.12.14-150100.197.131.1 kernel-default-devel-debuginfo-4.12.14-150100.197.131.1 kernel-obs-build-4.12.14-150100.197.131.1 kernel-obs-build-debugsource-4.12.14-150100.197.131.1 kernel-syms-4.12.14-150100.197.131.1 reiserfs-kmp-default-4.12.14-150100.197.131.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.131.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150100.197.131.1 kernel-default-debugsource-4.12.14-150100.197.131.1 kernel-default-livepatch-4.12.14-150100.197.131.1 kernel-default-livepatch-devel-4.12.14-150100.197.131.1 kernel-livepatch-4_12_14-150100_197_131-default-1-150100.3.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): kernel-default-4.12.14-150100.197.131.1 kernel-default-base-4.12.14-150100.197.131.1 kernel-default-base-debuginfo-4.12.14-150100.197.131.1 kernel-default-debuginfo-4.12.14-150100.197.131.1 kernel-default-debugsource-4.12.14-150100.197.131.1 kernel-default-devel-4.12.14-150100.197.131.1 kernel-default-devel-debuginfo-4.12.14-150100.197.131.1 kernel-obs-build-4.12.14-150100.197.131.1 kernel-obs-build-debugsource-4.12.14-150100.197.131.1 kernel-syms-4.12.14-150100.197.131.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): kernel-devel-4.12.14-150100.197.131.1 kernel-docs-4.12.14-150100.197.131.1 kernel-macros-4.12.14-150100.197.131.1 kernel-source-4.12.14-150100.197.131.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150100.197.131.1 kernel-default-base-4.12.14-150100.197.131.1 kernel-default-base-debuginfo-4.12.14-150100.197.131.1 kernel-default-debuginfo-4.12.14-150100.197.131.1 kernel-default-debugsource-4.12.14-150100.197.131.1 kernel-default-devel-4.12.14-150100.197.131.1 kernel-default-devel-debuginfo-4.12.14-150100.197.131.1 kernel-obs-build-4.12.14-150100.197.131.1 kernel-obs-build-debugsource-4.12.14-150100.197.131.1 kernel-syms-4.12.14-150100.197.131.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): kernel-devel-4.12.14-150100.197.131.1 kernel-docs-4.12.14-150100.197.131.1 kernel-macros-4.12.14-150100.197.131.1 kernel-source-4.12.14-150100.197.131.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150100.197.131.1 cluster-md-kmp-default-debuginfo-4.12.14-150100.197.131.1 dlm-kmp-default-4.12.14-150100.197.131.1 dlm-kmp-default-debuginfo-4.12.14-150100.197.131.1 gfs2-kmp-default-4.12.14-150100.197.131.1 gfs2-kmp-default-debuginfo-4.12.14-150100.197.131.1 kernel-default-debuginfo-4.12.14-150100.197.131.1 kernel-default-debugsource-4.12.14-150100.197.131.1 ocfs2-kmp-default-4.12.14-150100.197.131.1 ocfs2-kmp-default-debuginfo-4.12.14-150100.197.131.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): kernel-default-4.12.14-150100.197.131.1 kernel-default-base-4.12.14-150100.197.131.1 kernel-default-base-debuginfo-4.12.14-150100.197.131.1 kernel-default-debuginfo-4.12.14-150100.197.131.1 kernel-default-debugsource-4.12.14-150100.197.131.1 kernel-default-devel-4.12.14-150100.197.131.1 kernel-default-devel-debuginfo-4.12.14-150100.197.131.1 kernel-obs-build-4.12.14-150100.197.131.1 kernel-obs-build-debugsource-4.12.14-150100.197.131.1 kernel-syms-4.12.14-150100.197.131.1 reiserfs-kmp-default-4.12.14-150100.197.131.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.131.1 - SUSE Enterprise Storage 6 (noarch): kernel-devel-4.12.14-150100.197.131.1 kernel-docs-4.12.14-150100.197.131.1 kernel-macros-4.12.14-150100.197.131.1 kernel-source-4.12.14-150100.197.131.1 - SUSE CaaS Platform 4.0 (x86_64): kernel-default-4.12.14-150100.197.131.1 kernel-default-base-4.12.14-150100.197.131.1 kernel-default-base-debuginfo-4.12.14-150100.197.131.1 kernel-default-debuginfo-4.12.14-150100.197.131.1 kernel-default-debugsource-4.12.14-150100.197.131.1 kernel-default-devel-4.12.14-150100.197.131.1 kernel-default-devel-debuginfo-4.12.14-150100.197.131.1 kernel-obs-build-4.12.14-150100.197.131.1 kernel-obs-build-debugsource-4.12.14-150100.197.131.1 kernel-syms-4.12.14-150100.197.131.1 reiserfs-kmp-default-4.12.14-150100.197.131.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.131.1 - SUSE CaaS Platform 4.0 (noarch): kernel-devel-4.12.14-150100.197.131.1 kernel-docs-4.12.14-150100.197.131.1 kernel-macros-4.12.14-150100.197.131.1 kernel-source-4.12.14-150100.197.131.1 References: https://www.suse.com/security/cve/CVE-2021-4037.html https://www.suse.com/security/cve/CVE-2022-2153.html https://www.suse.com/security/cve/CVE-2022-28693.html https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-3169.html https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-3521.html https://www.suse.com/security/cve/CVE-2022-3524.html https://www.suse.com/security/cve/CVE-2022-3542.html https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3565.html https://www.suse.com/security/cve/CVE-2022-3567.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3594.html https://www.suse.com/security/cve/CVE-2022-3621.html https://www.suse.com/security/cve/CVE-2022-3628.html https://www.suse.com/security/cve/CVE-2022-3629.html https://www.suse.com/security/cve/CVE-2022-3635.html https://www.suse.com/security/cve/CVE-2022-3643.html https://www.suse.com/security/cve/CVE-2022-3646.html https://www.suse.com/security/cve/CVE-2022-3649.html https://www.suse.com/security/cve/CVE-2022-3903.html https://www.suse.com/security/cve/CVE-2022-40307.html https://www.suse.com/security/cve/CVE-2022-40768.html https://www.suse.com/security/cve/CVE-2022-4095.html https://www.suse.com/security/cve/CVE-2022-41850.html https://www.suse.com/security/cve/CVE-2022-41858.html https://www.suse.com/security/cve/CVE-2022-42328.html https://www.suse.com/security/cve/CVE-2022-42329.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-42895.html https://www.suse.com/security/cve/CVE-2022-42896.html https://www.suse.com/security/cve/CVE-2022-43750.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://www.suse.com/security/cve/CVE-2022-45934.html https://bugzilla.suse.com/1198702 https://bugzilla.suse.com/1199365 https://bugzilla.suse.com/1200788 https://bugzilla.suse.com/1200845 https://bugzilla.suse.com/1201455 https://bugzilla.suse.com/1202686 https://bugzilla.suse.com/1203008 https://bugzilla.suse.com/1203183 https://bugzilla.suse.com/1203290 https://bugzilla.suse.com/1203322 https://bugzilla.suse.com/1203514 https://bugzilla.suse.com/1203860 https://bugzilla.suse.com/1203960 https://bugzilla.suse.com/1204017 https://bugzilla.suse.com/1204166 https://bugzilla.suse.com/1204170 https://bugzilla.suse.com/1204354 https://bugzilla.suse.com/1204355 https://bugzilla.suse.com/1204402 https://bugzilla.suse.com/1204414 https://bugzilla.suse.com/1204415 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204431 https://bugzilla.suse.com/1204432 https://bugzilla.suse.com/1204439 https://bugzilla.suse.com/1204446 https://bugzilla.suse.com/1204479 https://bugzilla.suse.com/1204574 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1204631 https://bugzilla.suse.com/1204635 https://bugzilla.suse.com/1204636 https://bugzilla.suse.com/1204646 https://bugzilla.suse.com/1204647 https://bugzilla.suse.com/1204653 https://bugzilla.suse.com/1204850 https://bugzilla.suse.com/1204868 https://bugzilla.suse.com/1205006 https://bugzilla.suse.com/1205128 https://bugzilla.suse.com/1205220 https://bugzilla.suse.com/1205473 https://bugzilla.suse.com/1205514 https://bugzilla.suse.com/1205617 https://bugzilla.suse.com/1205671 https://bugzilla.suse.com/1205796 https://bugzilla.suse.com/1206113 https://bugzilla.suse.com/1206114 https://bugzilla.suse.com/1206207

1 0

openSUSE-SU-2022:10245-1: important: Security update for chromium
by opensuse-security＠opensuse.org 16 Dec '22

16 Dec '22

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10245-1 Rating: important References: #1205433 Cross-References: CVE-2022-4436 CVE-2022-4437 CVE-2022-4438 CVE-2022-4439 CVE-2022-4440 Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Update to version 108.0.5359.124 (boo#1206403): - CVE-2022-4436: Use after free in Blink Media - CVE-2022-4437: Use after free in Mojo IPC - CVE-2022-4438: Use after free in Blink Frames - CVE-2022-4439: Use after free in Aura - CVE-2022-4440: Use after free in Profiles Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-10245=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 x86_64): chromedriver-108.0.5359.124-bp153.2.148.1 chromium-108.0.5359.124-bp153.2.148.1 References: https://www.suse.com/security/cve/CVE-2022-4436.html https://www.suse.com/security/cve/CVE-2022-4437.html https://www.suse.com/security/cve/CVE-2022-4438.html https://www.suse.com/security/cve/CVE-2022-4439.html https://www.suse.com/security/cve/CVE-2022-4440.html https://bugzilla.suse.com/1205433

1 0

SUSE-SU-2022:4504-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 16 Dec '22

16 Dec '22

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4504-1 Rating: important References: #1065729 #1156395 #1164051 #1184350 #1189297 #1190256 #1193629 #1194869 #1202341 #1203183 #1204631 #1204636 #1204693 #1204810 #1204850 #1205007 #1205100 #1205111 #1205128 #1205130 #1205149 #1205153 #1205220 #1205331 #1205428 #1205473 #1205514 #1205617 #1205653 #1205744 #1205764 #1205796 #1205882 #1205993 #1206035 #1206036 #1206037 #1206046 #1206047 #1206051 #1206056 #1206057 #1206113 #1206114 #1206147 #1206149 #1206207 #1206273 PED-1573 PED-1706 PED-1936 PED-2684 PED-611 PED-824 PED-849 Cross-References: CVE-2022-2602 CVE-2022-3176 CVE-2022-3566 CVE-2022-3567 CVE-2022-3635 CVE-2022-3643 CVE-2022-3707 CVE-2022-3903 CVE-2022-4095 CVE-2022-4129 CVE-2022-4139 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-42896 CVE-2022-4378 CVE-2022-43945 CVE-2022-45869 CVE-2022-45888 CVE-2022-45934 CVSS scores: CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3176 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3176 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3566 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3566 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3643 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2022-3643 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-3707 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4129 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4129 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45869 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-45869 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-45888 (NVD) : 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-45888 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 22 vulnerabilities, contains 7 features and has 26 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bnc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bnc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bnc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c of the component IPsec (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() of the component IPv6 Handler (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which could cause a denial of service (bsc#1205882). - CVE-2022-45888: Fixed a use-after-free during physical removal of a USB devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-3566: Fixed a race condition in the functions tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition (bsc#1204405). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). - CVE-2022-41850: Fixed a use-after-free in roccat_report_event in drivers/hid/hid-roccat.c (bnc#1203960). The following non-security bugs were fixed: - ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (git-fixes). - ACPI: HMAT: Fix initiator registration for single-initiator systems (git-fixes). - ACPI: HMAT: remove unnecessary variable initialization (git-fixes). - ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (git-fixes). - ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (git-fixes). - ALSA: dice: fix regression for Lexicon I-ONIX FW810S (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda/hdmi - enable runtime pm for more AMD display audio (git-fixes). - ALSA: hda/realtek: Add Positivo C6300 model quirk (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (bsc#1205100). - ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (bsc#1205100). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ALSA: usb-audio: Remove redundant workaround for Roland quirk (bsc#1205111). - ALSA: usb-audio: Yet more regression for for the delayed card registration (bsc#1205111). - ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue (git-fixes). - ARM: at91: rm9200: fix usb device clock id (git-fixes). - ARM: dts: am335x-pcm-953: Define fixed regulators in root node (git-fixes). - ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (git-fixes). - ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties (git-fixes). - ARM: dts: imx7: Fix NAND controller size-cells (git-fixes). - ARM: mxs: fix memory leak in mxs_machine_init() (git-fixes). - ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (git-fixes). - ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route" (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (git-fixes). - ASoC: fsl_sai: use local device pointer (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (git-fixes). - ASoC: ops: Fix bounds check for _sx controls (git-fixes). - ASoC: rt1019: Fix the TDM settings (git-fixes). - ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (git-fixes). - ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: stm32: dfsdm: manage cb buffers cleanup (git-fixes). - ASoC: tas2764: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: tas2770: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (git-fixes). - Bluetooth: Fix not cleanup led when bt_init fails (git-fixes). - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Decrease the number of SMB3 smbdirect client SGEs (bsc#1193629). - Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573) - Drivers: hv: Always reserve framebuffer region for Gen1 VMs (git-fixes). - Drivers: hv: Fix syntax errors in comments (git-fixes). - Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (git-fixes). - Drivers: hv: fix repeated words in comments (git-fixes). - Drivers: hv: remove duplicate word in a comment (git-fixes). - Drivers: hv: vmbus: Accept hv_sock offers in isolated guests (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Do not wait for the ACPI device upon initialization (git-fixes). - Drivers: hv: vmbus: Fix kernel-doc (git-fixes). - Drivers: hv: vmbus: Optimize vmbus_on_event (git-fixes). - Drivers: hv: vmbus: Release cpu lock in error case (git-fixes). - Drivers: hv: vmbus: Use PCI_VENDOR_ID_MICROSOFT for better discoverability (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: fix typo in comment (git-fixes). - Fix formatting of client smbdirect RDMA logging (bsc#1193629). - HID: core: fix shift-out-of-bounds in hid_report_raw_event (git-fixes). - HID: hid-lg4ff: Add check for empty lbuf (git-fixes). - HID: hyperv: fix possible memory leak in mousevsc_probe() (git-fixes). - HID: playstation: add initial DualSense Edge controller support (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Handle variable number of SGEs in client smbdirect send (bsc#1193629). - IB/hfi1: Correctly move list in sc_disable() (git-fixes) - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (git-fixes) - Input: goodix - try resetting the controller when no config is set (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() (git-fixes). - Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] (git-fixes). - Input: soc_button_array - add use_low_level_irq module parameter (git-fixes). - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (git-fixes). - KVM: Move wiping of the kvm->vcpus array to common code (git-fixes). - KVM: SEV: Mark nested locking of vcpu->lock (git-fixes). - KVM: SVM: Disable SEV-ES support if MMIO caching is disable (git-fixes). - KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported (git-fixes). - KVM: SVM: adjust register allocation for __svm_vcpu_run() (git-fixes). - KVM: SVM: move guest vmsave/vmload back to assembly (git-fixes). - KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm (git-fixes). - KVM: SVM: retrieve VMCB from assembly (git-fixes). - KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL (git-fixes). - KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (git-fixes). - KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU (git-fixes). - KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled (bsc#1205007). - KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (git-fixes). - KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1 (git-fixes). - KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists (git-fixes). - KVM: nVMX: Rename handle_vm{on,off}() to handle_vmx{on,off}() (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes jsc#PED-611). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes jsc#PED-611). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: x86/mmu: Fix wrong/misleading comments in TDP MMU fast zap (git-fixes). - KVM: x86/mmu: WARN if old _or_ new SPTE is REMOVED in non-atomic path (git-fixes). - KVM: x86/mmu: fix memoryleak in kvm_mmu_vendor_module_init() (git-fixes). - KVM: x86/pmu: Fix and isolate TSX-specific performance event logic (git-fixes). - KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog (git-fixes). - KVM: x86/pmu: Use different raw event masks for AMD and Intel (git-fixes). - KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (git-fixes). - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (git-fixes). - KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000001H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000006H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000008H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001AH (git-fixes). - KVM: x86: Report error when setting CPUID if Hyper-V allocation fails (git-fixes). - KVM: x86: Retry page fault if MMU reload is pending and root has no sp (bsc#1205744). - KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) (git-fixes). - KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits (git-fixes). - KVM: x86: avoid loading a vCPU after .vm_destroy was called (git-fixes). - KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes). - KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes). - KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes). - KVM: x86: emulator: update the emulation mode after rsm (git-fixes). - KVM: x86: use a separate asm-offsets.c file (git-fixes). - Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (git-fixes). - MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (git-fixes). - NFC: nci: Bounds check struct nfc_target arrays (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - PCI: Move PCI_VENDOR_ID_MICROSOFT/PCI_DEVICE_ID_HYPERV_VIDEO definitions to pci_ids.h (git-fixes). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (git-fixes). - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cm: Use SLID in the work completion as the DLID in responder side (git-fixes) - RDMA/cma: Use output interface for net_dev check (git-fixes) - RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (git-fixes) - RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes) - RDMA/hfi1: Prevent use of lock before it is initialized (git-fixes) - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (git-fixes) - RDMA/hns: Correct the type of variables participating in the shift operation (git-fixes) - RDMA/hns: Disable local invalidate operation (git-fixes) - RDMA/hns: Fix incorrect clearing of interrupt status register (git-fixes) - RDMA/hns: Fix supported page size (git-fixes) - RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (git-fixes) - RDMA/hns: Remove magic number (git-fixes) - RDMA/hns: Remove the num_cqc_timer variable (git-fixes) - RDMA/hns: Remove the num_qpc_timer variable (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/hns: Replace tab with space in the right-side comments (git-fixes) - RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (git-fixes) - RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (git-fixes) - RDMA/irdma: Use s/g array in post send only when its valid (git-fixes) - RDMA/mlx5: Set local port to one when accessing counters (git-fixes) - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (git-fixes) - RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (git-fixes) - RDMA/rtrs-srv: Fix modinfo output for stringify (git-fixes) - RDMA/rxe: Limit the number of calls to each tasklet (git-fixes) - RDMA/rxe: Remove useless pkt parameters (git-fixes) - Reduce client smbdirect max receive segment size (bsc#1193629). - Revert "net: phy: meson-gxl: improve link-up behavior" (git-fixes). - Revert "tty: n_gsm: avoid call of sleeping functions from atomic context" (git-fixes). - Revert "tty: n_gsm: replace kicktimer with delayed_work" (git-fixes). - Revert "usb: dwc3: disable USB core PHY management" (git-fixes). - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - SMB3: fix lease break timeout when multiple deferred close handles for the same file (bsc#1193629). - USB: bcma: Make GPIO explicitly optional (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - arcnet: fix potential memory leak in com20020_probe() (git-fixes). - arm64/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - arm64: Add AMPERE1 to the Spectre-BHB affected list (git-fixes). - arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (git-fixes) - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes). - arm64: dts: imx8mn: Fix NAND controller size-cells (git-fixes). - arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (git-fixes). - arm64: dts: rockchip: add enable-strobe-pulldown to emmc phy on nanopi4 (git-fixes). - arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (git-fixes). - arm64: efi: Fix handling of misaligned runtime regions and drop warning (git-fixes). - arm64: errata: Add Cortex-A55 to the repeat tlbi list (git-fixes). Enable CONFIG_ARM64_ERRATUM_2441007, too - arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default - arm64: fix rodata=full again (git-fixes) - ata: libata-core: do not issue non-internal commands once EH is pending (git-fixes). - ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (git-fixes). - ata: libata-scsi: simplify __ata_scsi_queuecmd() (git-fixes). - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - audit: fix undefined behavior in bit shift for AUDIT_BIT (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-mq: fix io hung due to missing commit_rqs (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block/rnbd-srv: Set keep_id to true after mutex_trylock (git-fixes). - block: add bio_start_io_acct_time() to control start_time (git-fixes). - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (git-fixes). - block: drop unused includes in <linux/genhd.h> (git-fixes). - bridge: switchdev: Fix memory leaks when changing VLAN protocol (git-fixes). - btrfs: check if root is readonly while setting security xattr (bsc#1206147). - btrfs: do not allow compression on nodatacow files (bsc#1206149). - btrfs: export a helper for compression hard check (bsc#1206149). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057). - btrfs: prevent subvol with swapfile from being deleted (bsc#1206035). - btrfs: send: always use the rbtree based inode ref management infrastructure (bsc#1206036). - btrfs: send: fix failures when processing inodes with no links (bsc#1206036). - btrfs: send: fix send failure of a subcase of orphan inodes (bsc#1206036). - btrfs: send: fix sending link commands for existing file paths (bsc#1206036). - btrfs: send: introduce recorded_ref_alloc and recorded_ref_free (bsc#1206036). - btrfs: send: refactor arguments of get_inode_info() (bsc#1206036). - btrfs: send: remove unused found_type parameter to lookup_dir_item_inode() (bsc#1206036). - btrfs: send: remove unused type parameter to iterate_inode_ref_t (bsc#1206036). - btrfs: send: use boolean types for current inode status (bsc#1206036). - bus: sunxi-rsb: Remove the shutdown callback (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - ca8210: Fix crash by zero initializing data (git-fixes). - can: af_can: fix NULL pointer dereference in can_rx_register() (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: etas_es58x: es58x_init_netdev(): free netdev when register_candev() (git-fixes). - can: j1939: j1939_send_one(): fix missing CAN header initialization (git-fixes). - can: m_can: Add check for devm_clk_get (git-fixes). - can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1206050). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1206051). - ceph: do not update snapshot context when there is no new snapshot (bsc#1206047). - ceph: fix inode reference leakage in ceph_get_snapdir() (bsc#1206048). - ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (bsc#1206049). - ceph: properly handle statfs on multifs setups (bsc#1206045). - ceph: switch netfs read ops to use rreq->inode instead of rreq->mapping->host (bsc#1206046). - char: tpm: Protect tpm_pm_suspend with locks (git-fixes). - cifs: Add constructor/destructors for tcon->cfid (bsc#1193629). - cifs: Add helper function to check smb1+ server (bsc#1193629). - cifs: Do not access tcon->cfids->cfid directly from is_path_accessible (bsc#1193629). - cifs: Do not use tcon->cfid directly, use the cfid we get from open_cached_dir (bsc#1193629). - cifs: Fix connections leak when tlink setup failed (git-fixes). - cifs: Fix memory leak on the deferred close (bsc#1193629). - cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1193629). - cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (bsc#1193629). - cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (bsc#1193629). - cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1193629). - cifs: Fix wrong return value checking when GETFLAGS (git-fixes). - cifs: Fix xid leak in cifs_copy_file_range() (bsc#1193629). - cifs: Fix xid leak in cifs_create() (bsc#1193629). - cifs: Fix xid leak in cifs_flock() (bsc#1193629). - cifs: Fix xid leak in cifs_get_file_info_unix() (bsc#1193629). - cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1193629). - cifs: Make tcon contain a wrapper structure cached_fids instead of cached_fid (bsc#1193629). - cifs: Move cached-dir functions into a separate file (bsc#1193629). - cifs: Replace a couple of one-element arrays with flexible-array members (bsc#1193629). - cifs: Use after free in debug code (git-fixes). - cifs: Use help macro to get the header preamble size (bsc#1193629). - cifs: Use help macro to get the mid header size (bsc#1193629). - cifs: add check for returning value of SMB2_close_init (git-fixes). - cifs: add check for returning value of SMB2_set_info_init (git-fixes). - cifs: add missing spinlock around tcon refcount (bsc#1193629). - cifs: alloc_mid function should be marked as static (bsc#1193629). - cifs: always initialize struct msghdr smb_msg completely (bsc#1193629). - cifs: always iterate smb sessions using primary channel (bsc#1193629). - cifs: avoid deadlocks while updating iface (bsc#1193629). - cifs: avoid unnecessary iteration of tcp sessions (bsc#1193629). - cifs: avoid use of global locks for high contention data (bsc#1193629). - cifs: cache the dirents for entries in a cached directory (bsc#1193629). - cifs: change iface_list from array to sorted linked list (bsc#1193629). - cifs: destage dirty pages before re-reading them for cache=none (bsc#1193629). - cifs: do not send down the destination address to sendmsg for a SOCK_STREAM (bsc#1193629). - cifs: drop the lease for cached directories on rmdir or rename (bsc#1193629). - cifs: during reconnect, update interface if necessary (bsc#1193629). - cifs: enable caching of directories for which a lease is held (bsc#1193629). - cifs: find and use the dentry for cached non-root directories also (bsc#1193629). - cifs: fix double-fault crash during ntlmssp (bsc#1193629). - cifs: fix lock length calculation (bsc#1193629). - cifs: fix memory leaks in session setup (bsc#1193629). - cifs: fix missing unlock in cifs_file_copychunk_range() (git-fixes). - cifs: fix race condition with delayed threads (bsc#1193629). - cifs: fix skipping to incorrect offset in emit_cached_dirents (bsc#1193629). - cifs: fix small mempool leak in SMB2_negotiate() (bsc#1193629). - cifs: fix static checker warning (bsc#1193629). - cifs: fix uninitialised var in smb2_compound_op() (bsc#1193629). - cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1193629). - cifs: fix use-after-free on the link name (bsc#1193629). - cifs: fix wrong unlock before return from cifs_tree_connect() (bsc#1193629). - cifs: improve handlecaching (bsc#1193629). - cifs: improve symlink handling for smb2+ (bsc#1193629). - cifs: lease key is uninitialized in smb1 paths (bsc#1193629). - cifs: lease key is uninitialized in two additional functions when smb1 (bsc#1193629). - cifs: list_for_each() -> list_for_each_entry() (bsc#1193629). - cifs: misc: fix spelling typo in comment (bsc#1193629). - cifs: move from strlcpy with unused retval to strscpy (bsc#1193629). - cifs: periodically query network interfaces from server (bsc#1193629). - cifs: populate empty hostnames for extra channels (bsc#1193629). - cifs: prevent copying past input buffer boundaries (bsc#1193629). - cifs: remove "cifs_" prefix from init/destroy mids functions (bsc#1193629). - cifs: remove initialization value (bsc#1193629). - cifs: remove minor build warning (bsc#1193629). - cifs: remove redundant initialization to variable mnt_sign_enabled (bsc#1193629). - cifs: remove remaining build warnings (bsc#1193629). - cifs: remove some camelCase and also some static build warnings (bsc#1193629). - cifs: remove unnecessary (void*) conversions (bsc#1193629). - cifs: remove unnecessary locking of chan_lock while freeing session (bsc#1193629). - cifs: remove unnecessary type castings (bsc#1193629). - cifs: remove unused server parameter from calc_smb_size() (bsc#1193629). - cifs: remove useless DeleteMidQEntry() (bsc#1193629). - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1193629). - cifs: replace kfree() with kfree_sensitive() for sensitive data (bsc#1193629). - cifs: return correct error in ->calc_signature() (bsc#1193629). - cifs: return errors during session setup during reconnects (bsc#1193629). - cifs: revalidate mapping when doing direct writes (bsc#1193629). - cifs: secmech: use shash_desc directly, remove sdesc (bsc#1193629). - cifs: set rc to -ENOENT if we can not get a dentry for the cached dir (bsc#1193629). - cifs: skip extra NULL byte in filenames (bsc#1193629). - cifs: store a pointer to a fid in the cfid structure instead of the struct (bsc#1193629). - cifs: truncate the inode and mapping when we simulate fcollapse (bsc#1193629). - cifs: update cifs_ses::ip_addr after failover (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use ALIGN() and round_up() macros (bsc#1193629). - cifs: use LIST_HEAD() and list_move() to simplify code (bsc#1193629). - cifs: when a channel is not found for server, log its connection id (bsc#1193629). - cifs: when insecure legacy is disabled shrink amount of SMB1 code (bsc#1193629). - clocksource/drivers/hyperv: add data structure for reference TSC MSR (git-fixes). - cpufreq: intel_pstate: Handle no_turbo in frequency invariance (jsc#PED-849). - cpufreq: intel_pstate: Support Sapphire Rapids OOB mode (jsc#PED-849). - cpuidle: intel_idle: Drop redundant backslash at line end (jsc#PED-1936). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm: fix double accounting of flush with data (git-fixes). - dm: interlock pending dm_io and dm_wait_for_bios_completion (git-fixes). - dm: properly fix redundant bio-based IO accounting (git-fixes). - dm: remove unnecessary assignment statement in alloc_dev() (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dm: revert partial fix for redundant bio-based IO accounting (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix concurrency over descriptor (git-fixes). - dmaengine: at_hdmac: Fix concurrency over the active list (git-fixes). - dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all() (git-fixes). - dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: at_hdmac: Fix premature completion of desc in issue_pending (git-fixes). - dmaengine: at_hdmac: Free the memset buf without holding the chan lock (git-fixes). - dmaengine: at_hdmac: Protect atchan->status with the channel lock (git-fixes). - dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - dmaengine: ti: k3-udma-glue: fix memory leak when register device fail (git-fixes). - docs, kprobes: Fix the wrong location of Kprobes (git-fixes). - docs/core-api: expand Fedora instructions for GCC plugins (git-fixes). - drm/amd/display: Add HUBP surface flip interrupt handler (git-fixes). - drm/amdgpu: disable BACO on special BEIGE_GOBY card (git-fixes). - drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid in SRIOV case (git-fixes). - drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() (git-fixes). - drm/amdkfd: Migrate in CPU page fault use current mm (git-fixes). - drm/amdkfd: avoid recursive lock in migrations back to RAM (git-fixes). - drm/amdkfd: handle CPU fault on COW mapping (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/hyperv: Add ratelimit on error message (git-fixes). - drm/hyperv: Do not overwrite dirt_needed value set by host (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/msm/hdmi: fix IRQ lifetime (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - e1000e: Fix TX dispatch condition (git-fixes). - e100: Fix possible use after free in e100_xmit_prepare (git-fixes). - efi: random: Use 'ACPI reclaim' memory for random seed (git-fixes). - efi: random: reduce seed size to 32 bytes (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - firmware: coreboot: Register bus in module init (git-fixes). - fm10k: Fix error handling in fm10k_init_module() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205332). - fuse: fix readdir cache race (bsc#1205331). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206273). - gpio: amd8111: Fix PCI device reference count leak (git-fixes). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_sock: Add validation for untrusted Hyper-V values (git-fixes). - hv_sock: Check hv_pkt_iter_first_raw()'s return value (git-fixes). - hv_sock: Copy packets sent by Hyper-V out of the ring buffer (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - hwmon: (ina3221) Fix shunt sum critical calculation (git-fixes). - hwmon: (ltc2947) fix temperature scaling (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set (git-fixes). - i2c: npcm7xx: Fix error handling in npcm_i2c_init() (git-fixes). - i2c: tegra: Allocate DMA memory for DMA engine (git-fixes). - i2c: xiic: Add platform module alias (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - ieee802154: cc2520: Fix error return code in cc2520_hw_init() (git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: adc: mp2629: fix potential array out of bound access (git-fixes). - iio: adc: mp2629: fix wrong comparison of channel (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: ms5611: Simplify IO callback parameters (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: pressure: ms5611: fixed value compensation bug (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash (git-fixes). - intel_idle: Add AlderLake support (jsc#PED-824). - intel_idle: Fix SPR C6 optimization (jsc#PED-824 jsc#PED-1936). - intel_idle: Fix the 'preferred_cstates' module parameter (jsc#PED-824 jsc#PED-1936). - intel_idle: make SPR C1 and C1E be independent (jsc#PED-1936). - io-wq: Remove duplicate code in io_workqueue_create() (bnc#1205113). - io-wq: do not retry task_work creation failure on fatal conditions (bnc#1205113). - io-wq: ensure we exit if thread group is exiting (git-fixes). - io-wq: exclusively gate signal based exit on get_signal() return (git-fixes). - io-wq: fix cancellation on create-worker failure (bnc#1205113). - io-wq: fix silly logic error in io_task_work_match() (bnc#1205113). - io_uring: correct __must_hold annotation (git-fixes). - io_uring: drop ctx->uring_lock before acquiring sqd->lock (git-fixes). - io_uring: ensure IORING_REGISTER_IOWQ_MAX_WORKERS works with SQPOLL (git-fixes). - io_uring: fix io_timeout_remove locking (git-fixes). - io_uring: fix missing mb() before waitqueue_active (git-fixes). - io_uring: fix missing sigmask restore in io_cqring_wait() (git-fixes). - io_uring: fix possible poll event lost in multi shot mode (git-fixes). - io_uring: pin SQPOLL data before unlocking ring lock (git-fixes). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - kABI: Fix kABI after "KVM: x86/pmu: Use different raw event masks for AMD and Intel" (git-fixes). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mac80211: radiotap: Use BIT() instead of shifts (git-fixes). - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (git-fixes). - macsec: Fix invalid error code set (git-fixes). - macsec: add missing attribute validation for offload (git-fixes). - macsec: clear encryption keys from the stack after setting up offload (git-fixes). - macsec: delete new rxsc when offload fails (git-fixes). - macsec: fix detection of RXSCs when toggling offloading (git-fixes). - macsec: fix secy->n_rx_sc accounting (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (git-fixes). - md: Replace snprintf with scnprintf (git-fixes, bsc#1164051). - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: rkisp1: Do not pass the quantization to rkisp1_csm_config() (git-fixes). - media: rkisp1: Initialize color space on resizer sink and source pads (git-fixes). - media: rkisp1: Use correct macro for gradient registers (git-fixes). - media: rkisp1: Zero v4l2_subdev_format fields in when validating links (git-fixes). - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: v4l: subdev: Fail graciously when getting try data for NULL state (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: Fix ambiguous TRIM and DISCARD arg (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: mmc_test: Fix removal of debugfs file (git-fixes). - mmc: sdhci-brcmstb: Enable Clock Gating to save power (git-fixes). - mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-brcmstb: Re-organize flags (git-fixes). - mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check (git-fixes). - mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - mmc: sdhci-sprd: Fix no reset data and command after voltage switch (git-fixes). - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mtd: parsers: bcm47xxpart: Fix halfblock reads (git-fixes). - mtd: parsers: bcm47xxpart: print correct offset on read error (git-fixes). - mtd: spi-nor: intel-spi: Disable write protection only if asked (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - net/smc: Avoid overwriting the copies of clcsock callback functions (git-fixes). - net/smc: Fix an error code in smc_lgr_create() (git-fixes). - net/smc: Fix possible access to freed memory in link clear (git-fixes). - net/smc: Fix possible leaked pernet namespace in smc_init() (git-fixes). - net/smc: Fix slab-out-of-bounds issue in fallback (git-fixes). - net/smc: Fix sock leak when release after smc_shutdown() (git-fixes). - net/smc: Forward wakeup to smc socket waitqueue after fallback (git-fixes). - net/smc: Only save the original clcsock callback functions (git-fixes). - net/smc: Send directly when TCP_CORK is cleared (git-fixes). - net/smc: kABI workarounds for struct smc_link (git-fixes). - net/smc: kABI workarounds for struct smc_sock (git-fixes). - net/smc: send directly on setting TCP_NODELAY (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: ethernet: ti: am65-cpsw: fix error handling in am65_cpsw_nuss_probe() (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: mdio: fix unbalanced fwnode reference count in mdio_device_release() (git-fixes). - net: mdiobus: fix unbalanced node reference count (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: phy: marvell: add sleep time after enabling the loopback bit (git-fixes). - net: phy: mscc: macsec: clear encryption keys when freeing a flow (git-fixes). - net: smsc95xx: add support for Microchip EVB-LAN8670-USB (git-fixes). - net: stmmac: work around sporadic tx issue on link-up (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: thunderbolt: fix memory leak in tbnet_open() (git-fixes). - net: thunderx: Fix the ACPI memory leak (git-fixes). - net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes). - net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type (git-fixes). - net: wwan: iosm: fix kernel test robot reported error (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (git-fixes). - nilfs2: fix deadlock in nilfs_count_free_blocks() (git-fixes). - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (git-fixes). - nilfs2: fix use-after-free bug of ns_writer on remount (git-fixes). - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (git-fixes). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: ralink: mt7621-pci: add sentinel to quirks table (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - pinctrl: intel: Save and restore pins in "direct IRQ" mode (git-fixes). - pinctrl: rockchip: list all pins in a possible mux route for PX30 (git-fixes). - pinctrl: single: Fix potential division by zero (git-fixes). - platform/surface: aggregator: Do not check for repeated unsequenced packets (git-fixes). - platform/x86/intel/pmt: Sapphire Rapids PMT errata fix (jsc#PED-2684 bsc#1205683). - platform/x86/intel: hid: add quirk to support Surface Go 3 (git-fixes). - platform/x86/intel: pmc: Do not unconditionally attach Intel PMC when virtualized (git-fixes). - platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (git-fixes). - platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (git-fixes). - platform/x86: hp-wmi: Ignore Smart Experience App event (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - platform/x86: ideapad-laptop: Disable touchpad_switch (git-fixes). - platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 (git-fixes). - powerpc/64: Fix build failure with allyesconfig in book3s_64_entry.S (bsc#1194869). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - powerpc/pseries/vas: Declare pseries_vas_fault_thread_fn() as static (bsc#1194869). - proc: avoid integer type confusion in get_proc_long (git-fixes). - proc: proc_skip_spaces() shouldn't think it is working on C strings (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205427 LTC#200502). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (bsc#1205427 LTC#200502). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390: fix nospec table alignments (git-fixes). - sched: Clear ttwu_pending after enqueue_task() (git fixes (sched/core)). - sched: Disable sched domain debugfs creation on ppc64 unless sched_verbose is specified (bnc#1205653). - scripts/faddr2line: Fix regression in name resolution on ppc64le (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qedf: Populate sysfs attributes for vport (git-fixes). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix typo in comment (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: remove an extraneous "to" in a comment (git-fixes). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - selftests/intel_pstate: fix build for ARCH=x86_64 (git-fixes). - selftests: mptcp: fix mibit vs mbit mix up (git-fixes). - selftests: mptcp: make sendfile selftest work (git-fixes). - selftests: mptcp: more stable simult_flows tests (git-fixes). - selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload (git-fixes). - serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() (git-fixes). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: Flush DMA Rx on RLSI (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - smb2: small refactor in smb2_check_message() (bsc#1193629). - smb3: Move the flush out of smb2_copychunk_range() into its callers (bsc#1193629). - smb3: add dynamic trace points for tree disconnect (bsc#1193629). - smb3: add trace point for SMB2_set_eof (bsc#1193629). - smb3: allow deferred close timeout to be configurable (bsc#1193629). - smb3: check xattr value length earlier (bsc#1193629). - smb3: clarify multichannel warning (bsc#1193629). - smb3: do not log confusing message when server returns no network interfaces (bsc#1193629). - smb3: fix empty netname context on secondary channels (bsc#1193629). - smb3: fix oops in calculating shash_setkey (bsc#1193629). - smb3: fix temporary data corruption in collapse range (bsc#1193629). - smb3: fix temporary data corruption in insert range (bsc#1193629). - smb3: improve SMB3 change notification support (bsc#1193629). - smb3: interface count displayed incorrectly (bsc#1193629). - smb3: missing inode locks in punch hole (bsc#1193629). - smb3: missing inode locks in zero range (bsc#1193629). - smb3: must initialize two ACL struct fields to zero (bsc#1193629). - smb3: remove unneeded null check in cifs_readdir (bsc#1193629). - smb3: rename encryption/decryption TFMs (bsc#1193629). - smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait (bsc#1193629). - smb3: use netname when available on secondary channels (bsc#1193629). - smb3: workaround negprot bug in some Samba servers (bsc#1193629). - soc: imx8m: Enable OCOTP clock before reading the register (git-fixes). - soundwire: intel: Initialize clock stop timeout (bsc#1205507). - soundwire: qcom: check for outanding writes before doing a read (git-fixes). - soundwire: qcom: reinit broadcast completion (git-fixes). - speakup: fix a segfault caused by switching consoles (git-fixes). - spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (git-fixes). - spi: tegra210-quad: Fix duplicate resource error (git-fixes). - thunderbolt: Add DP OUT resource when DP tunnel is discovered (git-fixes). - tools: hv: Remove an extraneous "the" (git-fixes). - tools: hv: kvp: remove unnecessary (void*) conversions (git-fixes). - tools: iio: iio_generic_buffer: Fix read size (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() (git-fixes). - tracing: Fix memory leak in tracing_read_pipe() (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() (git-fixes). - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (git-fixes). - tty: serial: fsl_lpuart: do not break the on-going transfer when global reset (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: cdns3: host: fix endless superspeed hub port reset (git-fixes). - usb: cdnsp: Fix issue with Clear Feature Halt Endpoint (git-fixes). - usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Return -ESHUTDOWN on ep disable (git-fixes). - usb: dwc3: gadget: conditionally remove requests (git-fixes). - usb: smsc: use eth_hw_addr_set() (git-fixes). - usb: typec: mux: Enter safe mode only when pins need to be reconfigured (git-fixes). - usb: xhci-mtk: check boundary before check tt (git-fixes). - usb: xhci-mtk: update fs bus bandwidth by bw_budget_table (git-fixes). - usbnet: smsc95xx: Do not reset PHY behind PHY driver's back (git-fixes). - v3 of "PCI: hv: Only reuse existing IRTE allocation for Multi-MSI" - video/fbdev/stifb: Implement the stifb_fillrect() function (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - vmxnet3: correctly report encapsulated LRO packet (git-fixes). - vmxnet3: use correct intrConf reference when using extended queues (git-fixes). - wifi: airo: do not assign -1 to unsigned char (git-fixes). - wifi: ath11k: Fix QCN9074 firmware boot on x86 (git-fixes). - wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() (git-fixes). - wifi: cfg80211: do not allow multi-BSSID in S1G (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac80211: Fix ack frame idr leak when mesh has no route (git-fixes). - wifi: mac80211: fix memory free error when registering wiphy fail (git-fixes). - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - wifi: wext: use flex array destination for memcpy() (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute (git-fixes). - wifi: wilc1000: validate number of channels (git-fixes). - wifi: wilc1000: validate pairwise and authentication suite offsets (git-fixes). - x86/Xen: streamline (and fix) PV CPU enumeration (git-fixes). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/entry: Work around Clang __bdos() bug (git-fixes). - x86/extable: Extend extable functionality (git-fixes). - x86/fpu: Drop fpregs lock before inheriting FPU permissions (bnc#1205282). - x86/futex: Remove .fixup usage (git-fixes). - x86/hyperv: Disable hardlockup detector by default in Hyper-V guests (git-fixes). - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: Update 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: fix invalid writes to MSRs during root partition kexec (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/uaccess: Implement macros for CMPXCHG on user addresses (git-fixes). - xen/gntdev: Accommodate VMA splitting (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xfs: convert XLOG_FORCED_SHUTDOWN() to xlog_is_shutdown() (git-fixes). - xfs: fix perag reference leak on iteration race with growfs (git-fixes). - xfs: fix xfs_ifree() error handling to not leak perag ref (git-fixes). - xfs: reserve quota for dir expansion when linking/unlinking files (bsc#1205616). - xfs: reserve quota for target dir expansion when renaming files (bsc#1205679). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4504=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-4504=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): cluster-md-kmp-azure-5.14.21-150400.14.28.1 cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.28.1 dlm-kmp-azure-5.14.21-150400.14.28.1 dlm-kmp-azure-debuginfo-5.14.21-150400.14.28.1 gfs2-kmp-azure-5.14.21-150400.14.28.1 gfs2-kmp-azure-debuginfo-5.14.21-150400.14.28.1 kernel-azure-5.14.21-150400.14.28.1 kernel-azure-debuginfo-5.14.21-150400.14.28.1 kernel-azure-debugsource-5.14.21-150400.14.28.1 kernel-azure-devel-5.14.21-150400.14.28.1 kernel-azure-devel-debuginfo-5.14.21-150400.14.28.1 kernel-azure-extra-5.14.21-150400.14.28.1 kernel-azure-extra-debuginfo-5.14.21-150400.14.28.1 kernel-azure-livepatch-devel-5.14.21-150400.14.28.1 kernel-azure-optional-5.14.21-150400.14.28.1 kernel-azure-optional-debuginfo-5.14.21-150400.14.28.1 kernel-syms-azure-5.14.21-150400.14.28.1 kselftests-kmp-azure-5.14.21-150400.14.28.1 kselftests-kmp-azure-debuginfo-5.14.21-150400.14.28.1 ocfs2-kmp-azure-5.14.21-150400.14.28.1 ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.28.1 reiserfs-kmp-azure-5.14.21-150400.14.28.1 reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.28.1 - openSUSE Leap 15.4 (noarch): kernel-devel-azure-5.14.21-150400.14.28.1 kernel-source-azure-5.14.21-150400.14.28.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 x86_64): kernel-azure-5.14.21-150400.14.28.1 kernel-azure-debuginfo-5.14.21-150400.14.28.1 kernel-azure-debugsource-5.14.21-150400.14.28.1 kernel-azure-devel-5.14.21-150400.14.28.1 kernel-azure-devel-debuginfo-5.14.21-150400.14.28.1 kernel-syms-azure-5.14.21-150400.14.28.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): kernel-devel-azure-5.14.21-150400.14.28.1 kernel-source-azure-5.14.21-150400.14.28.1 References: https://www.suse.com/security/cve/CVE-2022-2602.html https://www.suse.com/security/cve/CVE-2022-3176.html https://www.suse.com/security/cve/CVE-2022-3566.html https://www.suse.com/security/cve/CVE-2022-3567.html https://www.suse.com/security/cve/CVE-2022-3635.html https://www.suse.com/security/cve/CVE-2022-3643.html https://www.suse.com/security/cve/CVE-2022-3707.html https://www.suse.com/security/cve/CVE-2022-3903.html https://www.suse.com/security/cve/CVE-2022-4095.html https://www.suse.com/security/cve/CVE-2022-4129.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-41850.html https://www.suse.com/security/cve/CVE-2022-41858.html https://www.suse.com/security/cve/CVE-2022-42328.html https://www.suse.com/security/cve/CVE-2022-42329.html https://www.suse.com/security/cve/CVE-2022-42895.html https://www.suse.com/security/cve/CVE-2022-42896.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://www.suse.com/security/cve/CVE-2022-45869.html https://www.suse.com/security/cve/CVE-2022-45888.html https://www.suse.com/security/cve/CVE-2022-45934.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1164051 https://bugzilla.suse.com/1184350 https://bugzilla.suse.com/1189297 https://bugzilla.suse.com/1190256 https://bugzilla.suse.com/1193629 https://bugzilla.suse.com/1194869 https://bugzilla.suse.com/1202341 https://bugzilla.suse.com/1203183 https://bugzilla.suse.com/1204631 https://bugzilla.suse.com/1204636 https://bugzilla.suse.com/1204693 https://bugzilla.suse.com/1204810 https://bugzilla.suse.com/1204850 https://bugzilla.suse.com/1205007 https://bugzilla.suse.com/1205100 https://bugzilla.suse.com/1205111 https://bugzilla.suse.com/1205128 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205149 https://bugzilla.suse.com/1205153 https://bugzilla.suse.com/1205220 https://bugzilla.suse.com/1205331 https://bugzilla.suse.com/1205428 https://bugzilla.suse.com/1205473 https://bugzilla.suse.com/1205514 https://bugzilla.suse.com/1205617 https://bugzilla.suse.com/1205653 https://bugzilla.suse.com/1205744 https://bugzilla.suse.com/1205764 https://bugzilla.suse.com/1205796 https://bugzilla.suse.com/1205882 https://bugzilla.suse.com/1205993 https://bugzilla.suse.com/1206035 https://bugzilla.suse.com/1206036 https://bugzilla.suse.com/1206037 https://bugzilla.suse.com/1206046 https://bugzilla.suse.com/1206047 https://bugzilla.suse.com/1206051 https://bugzilla.suse.com/1206056 https://bugzilla.suse.com/1206057 https://bugzilla.suse.com/1206113 https://bugzilla.suse.com/1206114 https://bugzilla.suse.com/1206147 https://bugzilla.suse.com/1206149 https://bugzilla.suse.com/1206207 https://bugzilla.suse.com/1206273

1 0

SUSE-SU-2022:4503-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 16 Dec '22

16 Dec '22

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4503-1 Rating: important References: #1065729 #1071995 #1156395 #1184350 #1189297 #1192761 #1200845 #1201455 #1203144 #1203746 #1203960 #1204017 #1204142 #1204215 #1204228 #1204241 #1204328 #1204446 #1204636 #1204693 #1204780 #1204791 #1204810 #1204827 #1204850 #1204868 #1204934 #1204957 #1204963 #1204967 #1205220 #1205264 #1205329 #1205330 #1205428 #1205514 #1205567 #1205617 #1205671 #1205700 #1205705 #1205709 #1205753 #1205984 #1205985 #1205986 #1205987 #1205988 #1205989 #1206207 Cross-References: CVE-2022-2602 CVE-2022-28693 CVE-2022-3567 CVE-2022-3628 CVE-2022-3635 CVE-2022-3707 CVE-2022-3903 CVE-2022-4095 CVE-2022-4129 CVE-2022-4139 CVE-2022-41850 CVE-2022-41858 CVE-2022-42895 CVE-2022-42896 CVE-2022-4378 CVE-2022-43945 CVE-2022-45934 CVSS scores: CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28693 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3707 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4129 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4129 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 17 vulnerabilities and has 33 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c of the component IPsec (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() of the component IPv6 Handler (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). The following non-security bugs were fixed: - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route" (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe" (git-fixes). - ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe" (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe" (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573) - Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes). - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: remove unused function (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support (git-fixes). - KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1 (git-fixes). - KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT) (git-fixes). - KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when apicv is globally disabled (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes). - KVM: s390: Fix handle_sske page fault handling (git-fixes). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes). - KVM: s390: get rid of register asm usage (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: s390: reduce number of IO pins to 1 (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - NFS: Refactor nfs_instantiate() for dentry referencing callers (bsc#1204215). - NFSv3: use nfs_add_or_obtain() to create and reference inodes (bsc#1204215). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Fix typo (bsc#1204446). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Support for create interrupt v3 (bsc#1204446). - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - RDMA/core/sa_query: Remove unused argument (git-fixes) - RDMA/hns: Fix spelling mistakes of original (git-fixes) - RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes) - RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes) - RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes) - RDMA/rxe: Fix memory leak in error path code (git-fixes) - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - USB: serial: option: remove old LARA-R6 PID. - Xen/gntdev: do not ignore kernel unmapping error (git-fixes). - add another bug reference to some hyperv changes (bsc#1205617). - arm/xen: Do not probe xenbus as part of an early initcall (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes) - arm64: dts: juno: Add thermal critical trip points (git-fixes) - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - blk-crypto: fix check for too-large dun_bytes (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (git-fixes). - block: Add a helper to validate the block size (git-fixes). - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1204328). - block: ataflop: fix breakage introduced at blk-mq refactoring (git-fixes). - block: ataflop: more blk-mq refactoring fixes (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: limit request dispatch loop duration (git-fixes). - block: nbd: add sanity check for first_minor (git-fixes). - block: use "unsigned long" for blk_validate_block_size() (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989). - ceph: do not access the kiocb after aio requests (bsc#1205984). - ceph: fix fscache invalidation (bsc#1205985). - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205988). - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1205986). - ceph: request Fw caps before updating the mtime in ceph_write_iter (bsc#1205987). - cifs: skip extra NULL byte in filenames (bsc#1204791). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm verity fec: fix misaligned RS roots IO (git-fixes). - dm writecache: fix writing beyond end of underlying device when shrinking (git-fixes). - dm writecache: return the exact table values that were set (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix request-based DM to not bounce through indirect dm_submit_bio (git-fixes). - dm: remove special-casing of bio-based immutable singleton target on NVMe (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes). - drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes). - drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes). - drivers: hv: Fix missing error code in vmbus_connect() (git-fixes). - drivers: hv: vmbus: Fix call msleep using < 20ms (git-fixes). - drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes). - drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes). - drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes). - drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205330). - fuse: fix readdir cache race (bsc#1205329). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv: hyperv.h: Remove unused inline functions (git-fixes). - hv_netvsc: Add a comment clarifying batching logic (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes). - hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Validate number of allocated sub-channels (git-fixes). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - iwlwifi: dbg: disable ini debug in 9000 family and below (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: remove new member of usbip_device (git-fixes). - kabi: fix transport_add_device change (git-fixes). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes). - loop: Check for overflow while configuring loop (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md: Replace snprintf with scnprintf (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: vim2m: initialize the media device earlier (git-fixes). - media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - nbd: Fix use-after-free in pid_show (git-fixes). - nbd: fix possible overflow for 'first_minor' in nbd_dev_add() (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - nbd: handle device refs for DESTROY_ON_DISCONNECT properly (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes). - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nfsd: set the server_scope during service startup (bsc#1203746). - null_blk: Fail zone append to conventional zones (git-fixes). - null_blk: synchronization fix for zoned device (git-fixes). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: Add MAC passthrough support to new device (git-fixes). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - r8152: use new helper tcp_v6_gso_csum_prep (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - rndis_host: increase sleep time in the query-response loop (git-fixes). - rtc: mt6397: fix alarm register overwrite (git-fixes). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - s390/cpcmd: fix inline assembly register clobbering (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/disassembler: increase ebpf disasm buffer size (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205428 LTC#200501). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203144 LTC#199881). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes). - s390/ptrace: return -ENOSYS when invalid syscall is supplied (git-fixes). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390/vtime: fix inline assembly clobber list (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - s390/zcrypt: fix zcard and zqueue hot-unplug memleak (git-fixes). - s390: Remove arch_has_random, arch_has_random_seed (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (git-fixes). - s390: fix nospec table alignments (git-fixes). - s390: mark __cpacf_query() as __always_inline (git-fixes). - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes). - scsi: drivers: base: Propagate errors through the transport component (git-fixes). - scsi: drivers: base: Support atomic version of attribute_container_device_trigger (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729 bsc#1204810 ltc#200162). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake "unsolicted" -> "unsolicited" (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes). - scsi: storvsc: Miscellaneous code cleanups (git-fixes). - scsi: storvsc: Parameterize number hardware queues (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes). - scsi: storvsc: Update error logging (git-fixes). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - staging: greybus: light: fix a couple double frees (git-fixes). - swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Fix null pointer exception (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup. - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - usbip: add sysfs_lock to synchronize sysfs code paths (git-fixes). - usbip: stub-dev synchronize sysfs code paths (git-fixes). - usbip: stub_dev: remake locking for kABI (git-fixes). - usbip: synchronize event handler with sysfs code paths (git-fixes). - usbip: usbip_event: use global lock (git-fixes). - usbip: vudc synchronize sysfs code paths (git-fixes). - usbip: vudc_sysfs: use global lock (git-fixes). - use __netdev_notify_peers in hyperv (git-fixes). - v3 of "PCI: hv: Only reuse existing IRTE allocation for Multi-MSI" - v3 of "PCI: hv: Only reuse existing IRTE allocation for Multi-MSI" (bsc#1200845) - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - vmlinux.lds.h: Fix placement of '.data..decrypted' section (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (bsc#1204967). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery (git-fixes). - x86/xen: Distribute switch variables for initialization (git-fixes). - x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes). - xen-blkback: prevent premature module unload (git-fixes). - xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes). - xen/balloon: fix balloon kthread freezing (git-fixes). - xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes). - xen/balloon: fix cancelled balloon action (git-fixes). - xen/balloon: use a kernel thread instead a workqueue (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/gntdev: Prevent leaking grants (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen/privcmd: Corrected error handling path (git-fixes). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes). - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status (git-fixes). - xen: Fix XenStore initialisation for XS_LOCAL (git-fixes). - xen: Fix event channel callback via INTX/GSI (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xenbus: req->body should be updated before req->state (git-fixes). - xenbus: req->err should be updated before req->state (git-fixes). - xfs: Lower CIL flush limit for large logs (git-fixes). - xfs: Throttle commits on delayed background CIL push (git-fixes). - xfs: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - xfs: check owner of dir3 blocks (git-fixes). - xfs: factor common AIL item deletion code (git-fixes). - xfs: open code insert range extent split helper (git-fixes). - xfs: rework collapse range into an atomic operation (git-fixes). - xfs: rework insert range into an atomic operation (git-fixes). - xfs: tail updates only need to occur when LSN changes (git-fixes). - xfs: trylock underlying buffer on dquot flush (git-fixes). - xfs: xfs_buf_corruption_error should take __this_address (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4503=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-4503=1 Package List: - openSUSE Leap 15.3 (x86_64): cluster-md-kmp-azure-5.3.18-150300.38.88.1 cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.88.1 dlm-kmp-azure-5.3.18-150300.38.88.1 dlm-kmp-azure-debuginfo-5.3.18-150300.38.88.1 gfs2-kmp-azure-5.3.18-150300.38.88.1 gfs2-kmp-azure-debuginfo-5.3.18-150300.38.88.1 kernel-azure-5.3.18-150300.38.88.1 kernel-azure-debuginfo-5.3.18-150300.38.88.1 kernel-azure-debugsource-5.3.18-150300.38.88.1 kernel-azure-devel-5.3.18-150300.38.88.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.88.1 kernel-azure-extra-5.3.18-150300.38.88.1 kernel-azure-extra-debuginfo-5.3.18-150300.38.88.1 kernel-azure-livepatch-devel-5.3.18-150300.38.88.1 kernel-azure-optional-5.3.18-150300.38.88.1 kernel-azure-optional-debuginfo-5.3.18-150300.38.88.1 kernel-syms-azure-5.3.18-150300.38.88.1 kselftests-kmp-azure-5.3.18-150300.38.88.1 kselftests-kmp-azure-debuginfo-5.3.18-150300.38.88.1 ocfs2-kmp-azure-5.3.18-150300.38.88.1 ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.88.1 reiserfs-kmp-azure-5.3.18-150300.38.88.1 reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.88.1 - openSUSE Leap 15.3 (noarch): kernel-devel-azure-5.3.18-150300.38.88.1 kernel-source-azure-5.3.18-150300.38.88.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64): kernel-azure-5.3.18-150300.38.88.1 kernel-azure-debuginfo-5.3.18-150300.38.88.1 kernel-azure-debugsource-5.3.18-150300.38.88.1 kernel-azure-devel-5.3.18-150300.38.88.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.88.1 kernel-syms-azure-5.3.18-150300.38.88.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): kernel-devel-azure-5.3.18-150300.38.88.1 kernel-source-azure-5.3.18-150300.38.88.1 References: https://www.suse.com/security/cve/CVE-2022-2602.html https://www.suse.com/security/cve/CVE-2022-28693.html https://www.suse.com/security/cve/CVE-2022-3567.html https://www.suse.com/security/cve/CVE-2022-3628.html https://www.suse.com/security/cve/CVE-2022-3635.html https://www.suse.com/security/cve/CVE-2022-3707.html https://www.suse.com/security/cve/CVE-2022-3903.html https://www.suse.com/security/cve/CVE-2022-4095.html https://www.suse.com/security/cve/CVE-2022-4129.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-41850.html https://www.suse.com/security/cve/CVE-2022-41858.html https://www.suse.com/security/cve/CVE-2022-42895.html https://www.suse.com/security/cve/CVE-2022-42896.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://www.suse.com/security/cve/CVE-2022-45934.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1184350 https://bugzilla.suse.com/1189297 https://bugzilla.suse.com/1192761 https://bugzilla.suse.com/1200845 https://bugzilla.suse.com/1201455 https://bugzilla.suse.com/1203144 https://bugzilla.suse.com/1203746 https://bugzilla.suse.com/1203960 https://bugzilla.suse.com/1204017 https://bugzilla.suse.com/1204142 https://bugzilla.suse.com/1204215 https://bugzilla.suse.com/1204228 https://bugzilla.suse.com/1204241 https://bugzilla.suse.com/1204328 https://bugzilla.suse.com/1204446 https://bugzilla.suse.com/1204636 https://bugzilla.suse.com/1204693 https://bugzilla.suse.com/1204780 https://bugzilla.suse.com/1204791 https://bugzilla.suse.com/1204810 https://bugzilla.suse.com/1204827 https://bugzilla.suse.com/1204850 https://bugzilla.suse.com/1204868 https://bugzilla.suse.com/1204934 https://bugzilla.suse.com/1204957 https://bugzilla.suse.com/1204963 https://bugzilla.suse.com/1204967 https://bugzilla.suse.com/1205220 https://bugzilla.suse.com/1205264 https://bugzilla.suse.com/1205329 https://bugzilla.suse.com/1205330 https://bugzilla.suse.com/1205428 https://bugzilla.suse.com/1205514 https://bugzilla.suse.com/1205567 https://bugzilla.suse.com/1205617 https://bugzilla.suse.com/1205671 https://bugzilla.suse.com/1205700 https://bugzilla.suse.com/1205705 https://bugzilla.suse.com/1205709 https://bugzilla.suse.com/1205753 https://bugzilla.suse.com/1205984 https://bugzilla.suse.com/1205985 https://bugzilla.suse.com/1205986 https://bugzilla.suse.com/1205987 https://bugzilla.suse.com/1205988 https://bugzilla.suse.com/1205989 https://bugzilla.suse.com/1206207

1 0

openSUSE-SU-2022:10244-1: important: Security update for chromium
by opensuse-security＠opensuse.org 15 Dec '22

15 Dec '22

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10244-1 Rating: important References: #1205433 Cross-References: CVE-2022-4436 CVE-2022-4437 CVE-2022-4438 CVE-2022-4439 CVE-2022-4440 Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Update to version 108.0.5359.124 (boo#1206403): - CVE-2022-4436: Use after free in Blink Media - CVE-2022-4437: Use after free in Mojo IPC - CVE-2022-4438: Use after free in Blink Frames - CVE-2022-4439: Use after free in Aura - CVE-2022-4440: Use after free in Profiles Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10244=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 x86_64): chromedriver-108.0.5359.124-bp154.2.55.1 chromium-108.0.5359.124-bp154.2.55.1 References: https://www.suse.com/security/cve/CVE-2022-4436.html https://www.suse.com/security/cve/CVE-2022-4437.html https://www.suse.com/security/cve/CVE-2022-4438.html https://www.suse.com/security/cve/CVE-2022-4439.html https://www.suse.com/security/cve/CVE-2022-4440.html https://bugzilla.suse.com/1205433

1 0

SUSE-SU-2022:4501-1: important: Security update for ceph
by opensuse-security＠opensuse.org 15 Dec '22

15 Dec '22

SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4501-1 Rating: important References: #1178073 #1194131 #1194353 #1194875 #1195359 #1196044 #1196785 #1196938 #1200064 #1200553 SES-2515 SLE-24710 SLE-24711 Cross-References: CVE-2021-3979 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves one vulnerability, contains three features and has 9 fixes is now available. Description: This update for ceph fixes the following issues: ceph was updated to the Pacific release (16.2.9-536-g41a9f9a5573): + (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR + (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979) + (bsc#1200064,) Remove last vestiges of docker.io image paths + (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname + (bsc#1196785) cephadm: avoid crashing on expected non-zero exit + (jsc#SES-2515) High-availability NFS export + (bsc#1194875) [SES7P] include/buffer: include <memory> + cephadm: update image paths to registry.suse.com + cephadm: use snmp-notifier image from registry.suse.de + cephadm: infer the default container image during pull + mgr/cephadm: try to get FQDN for inventory address + (bsc#1194875) common: fix FTBFS due to dout & need_dynamic on GCC-12 + (bsc#1196938) cephadm: preserve authorized_keys file during upgrade + Update Prometheus Container image paths (pr #459) + mgr/dashboard: Fix documentation URL (pr #456) + mgr/dashboard: Adapt downstream branded navigation page (pr #454) + Update prometheus-server version + (bsc#1194353) Downstream branding breaks dashboard npm build + (bsc#1178073) mgr/dashboard: fix downstream NFS doc links Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4501=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4501=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4501=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4501=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4501=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): ceph-debugsource-16.2.9.536+g41a9f9a5573-150300.6.3.1 libfmt8-8.0.1-150300.7.5.1 libfmt8-debuginfo-8.0.1-150300.7.5.1 librados2-16.2.9.536+g41a9f9a5573-150300.6.3.1 librados2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 librbd1-16.2.9.536+g41a9f9a5573-150300.6.3.1 librbd1-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ceph-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-base-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-base-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-common-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-common-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-debugsource-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-fuse-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-fuse-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-immutable-object-cache-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-immutable-object-cache-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-mds-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-mds-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-mgr-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-mgr-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-mon-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-mon-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-osd-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-osd-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-radosgw-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-radosgw-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 cephfs-shell-16.2.9.536+g41a9f9a5573-150300.6.3.1 libcephfs-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1 libcephfs2-16.2.9.536+g41a9f9a5573-150300.6.3.1 libcephfs2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 libfmt8-8.0.1-150300.7.5.1 libfmt8-debuginfo-8.0.1-150300.7.5.1 librados-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1 librados-devel-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 librados2-16.2.9.536+g41a9f9a5573-150300.6.3.1 librados2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 libradospp-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1 librbd-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1 librbd1-16.2.9.536+g41a9f9a5573-150300.6.3.1 librbd1-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 librgw-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1 librgw2-16.2.9.536+g41a9f9a5573-150300.6.3.1 librgw2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-ceph-argparse-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-ceph-common-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-cephfs-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-cephfs-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-rados-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-rados-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-rbd-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-rbd-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-rgw-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-rgw-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 rados-objclass-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1 rbd-fuse-16.2.9.536+g41a9f9a5573-150300.6.3.1 rbd-fuse-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 rbd-mirror-16.2.9.536+g41a9f9a5573-150300.6.3.1 rbd-mirror-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 rbd-nbd-16.2.9.536+g41a9f9a5573-150300.6.3.1 rbd-nbd-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 - openSUSE Leap 15.3 (noarch): ceph-grafana-dashboards-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-mgr-cephadm-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-mgr-dashboard-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-mgr-diskprediction-local-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-mgr-k8sevents-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-mgr-modules-core-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-mgr-rook-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-prometheus-alerts-16.2.9.536+g41a9f9a5573-150300.6.3.1 cephadm-16.2.9.536+g41a9f9a5573-150300.6.3.1 - openSUSE Leap 15.3 (x86_64): ceph-test-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-test-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-test-debugsource-16.2.9.536+g41a9f9a5573-150300.6.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): ceph-common-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-common-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-debugsource-16.2.9.536+g41a9f9a5573-150300.6.3.1 fmt-debugsource-8.0.1-150300.7.5.1 libcephfs-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1 libcephfs2-16.2.9.536+g41a9f9a5573-150300.6.3.1 libcephfs2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 libfmt8-8.0.1-150300.7.5.1 libfmt8-debuginfo-8.0.1-150300.7.5.1 librados-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1 librados-devel-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 librados2-16.2.9.536+g41a9f9a5573-150300.6.3.1 librados2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 libradospp-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1 librbd-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1 librbd1-16.2.9.536+g41a9f9a5573-150300.6.3.1 librbd1-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 librgw-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1 librgw2-16.2.9.536+g41a9f9a5573-150300.6.3.1 librgw2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-ceph-argparse-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-ceph-common-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-cephfs-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-cephfs-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-rados-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-rados-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-rbd-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-rbd-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-rgw-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-rgw-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 rados-objclass-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1 rbd-nbd-16.2.9.536+g41a9f9a5573-150300.6.3.1 rbd-nbd-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64): ceph-debugsource-16.2.9.536+g41a9f9a5573-150300.6.3.1 libfmt8-8.0.1-150300.7.5.1 libfmt8-debuginfo-8.0.1-150300.7.5.1 librados2-16.2.9.536+g41a9f9a5573-150300.6.3.1 librados2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 librbd1-16.2.9.536+g41a9f9a5573-150300.6.3.1 librbd1-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 x86_64): ceph-debugsource-16.2.9.536+g41a9f9a5573-150300.6.3.1 libfmt8-8.0.1-150300.7.5.1 libfmt8-debuginfo-8.0.1-150300.7.5.1 librados2-16.2.9.536+g41a9f9a5573-150300.6.3.1 librados2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 librbd1-16.2.9.536+g41a9f9a5573-150300.6.3.1 librbd1-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 References: https://www.suse.com/security/cve/CVE-2021-3979.html https://bugzilla.suse.com/1178073 https://bugzilla.suse.com/1194131 https://bugzilla.suse.com/1194353 https://bugzilla.suse.com/1194875 https://bugzilla.suse.com/1195359 https://bugzilla.suse.com/1196044 https://bugzilla.suse.com/1196785 https://bugzilla.suse.com/1196938 https://bugzilla.suse.com/1200064 https://bugzilla.suse.com/1200553

1 0

SUSE-SU-2022:4488-1: moderate: Security update for apache2-mod_wsgi
by opensuse-security＠opensuse.org 14 Dec '22

14 Dec '22

SUSE Security Update: Security update for apache2-mod_wsgi ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4488-1 Rating: moderate References: #1201634 Cross-References: CVE-2022-2255 CVSS scores: CVE-2022-2255 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-2255 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2-mod_wsgi fixes the following issues: - CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass. (bsc#1201634) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4488=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4488=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4488=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4488=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-4488=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-4488=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-4488=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-4488=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-4488=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-4488=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-python3-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debugsource-4.5.18-150000.4.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-4.5.18-150000.4.6.1 apache2-mod_wsgi-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-debugsource-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debugsource-4.5.18-150000.4.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-python3-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debugsource-4.5.18-150000.4.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-python3-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debugsource-4.5.18-150000.4.6.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-python3-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debugsource-4.5.18-150000.4.6.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-python3-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debugsource-4.5.18-150000.4.6.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-python3-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debugsource-4.5.18-150000.4.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-4.5.18-150000.4.6.1 apache2-mod_wsgi-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-debugsource-4.5.18-150000.4.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-4.5.18-150000.4.6.1 apache2-mod_wsgi-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-debugsource-4.5.18-150000.4.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-4.5.18-150000.4.6.1 apache2-mod_wsgi-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-debugsource-4.5.18-150000.4.6.1 References: https://www.suse.com/security/cve/CVE-2022-2255.html https://bugzilla.suse.com/1201634

1 0

SUSE-SU-2022:4479-1: important: Security update for xorg-x11-server
by opensuse-security＠opensuse.org 14 Dec '22

14 Dec '22

SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4479-1 Rating: important References: #1205874 #1205875 #1205876 #1205877 #1205878 #1205879 #1206017 Cross-References: CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 CVSS scores: CVE-2022-4283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-46340 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-46341 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-46342 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-46343 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2022-46344 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874) - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877) - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879) - CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878) - CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876) - CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017) - Xi: return an error from XI property changes if verification failed (bsc#1205875) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4479=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4479=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4479=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150400.38.13.1 xorg-x11-server-debuginfo-1.20.3-150400.38.13.1 xorg-x11-server-debugsource-1.20.3-150400.38.13.1 xorg-x11-server-extra-1.20.3-150400.38.13.1 xorg-x11-server-extra-debuginfo-1.20.3-150400.38.13.1 xorg-x11-server-sdk-1.20.3-150400.38.13.1 xorg-x11-server-source-1.20.3-150400.38.13.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-150400.38.13.1 xorg-x11-server-debugsource-1.20.3-150400.38.13.1 xorg-x11-server-sdk-1.20.3-150400.38.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150400.38.13.1 xorg-x11-server-debuginfo-1.20.3-150400.38.13.1 xorg-x11-server-debugsource-1.20.3-150400.38.13.1 xorg-x11-server-extra-1.20.3-150400.38.13.1 xorg-x11-server-extra-debuginfo-1.20.3-150400.38.13.1 References: https://www.suse.com/security/cve/CVE-2022-4283.html https://www.suse.com/security/cve/CVE-2022-46340.html https://www.suse.com/security/cve/CVE-2022-46341.html https://www.suse.com/security/cve/CVE-2022-46342.html https://www.suse.com/security/cve/CVE-2022-46343.html https://www.suse.com/security/cve/CVE-2022-46344.html https://bugzilla.suse.com/1205874 https://bugzilla.suse.com/1205875 https://bugzilla.suse.com/1205876 https://bugzilla.suse.com/1205877 https://bugzilla.suse.com/1205878 https://bugzilla.suse.com/1205879 https://bugzilla.suse.com/1206017

1 0

SUSE-SU-2022:4480-1: important: Security update for xorg-x11-server
by opensuse-security＠opensuse.org 14 Dec '22

14 Dec '22

SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4480-1 Rating: important References: #1205874 #1205875 #1205876 #1205877 #1205878 #1205879 #1206017 Cross-References: CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 CVSS scores: CVE-2022-4283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-46340 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-46341 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-46342 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-46343 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2022-46344 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874) - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877) - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879) - CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878) - CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876) - CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017) - Xi: return an error from XI property changes if verification failed (bsc#1205875) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4480=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4480=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4480=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4480=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4480=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-4480=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-4480=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4480=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4480=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4480=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4480=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4480=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4480=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4480=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4480=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-wayland-1.20.3-150200.22.5.63.1 xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.63.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.63.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-sdk-1.20.3-150200.22.5.63.1 xorg-x11-server-source-1.20.3-150200.22.5.63.1 xorg-x11-server-wayland-1.20.3-150200.22.5.63.1 xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.63.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.63.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-sdk-1.20.3-150200.22.5.63.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): xorg-x11-server-1.20.3-150200.22.5.63.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-sdk-1.20.3-150200.22.5.63.1 - SUSE Manager Proxy 4.1 (x86_64): xorg-x11-server-1.20.3-150200.22.5.63.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-sdk-1.20.3-150200.22.5.63.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-wayland-1.20.3-150200.22.5.63.1 xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.63.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-wayland-1.20.3-150200.22.5.63.1 xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.63.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): xorg-x11-server-1.20.3-150200.22.5.63.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-sdk-1.20.3-150200.22.5.63.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.63.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-sdk-1.20.3-150200.22.5.63.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): xorg-x11-server-1.20.3-150200.22.5.63.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-sdk-1.20.3-150200.22.5.63.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-sdk-1.20.3-150200.22.5.63.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.63.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.63.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): xorg-x11-server-1.20.3-150200.22.5.63.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-sdk-1.20.3-150200.22.5.63.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): xorg-x11-server-1.20.3-150200.22.5.63.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-sdk-1.20.3-150200.22.5.63.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): xorg-x11-server-1.20.3-150200.22.5.63.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-sdk-1.20.3-150200.22.5.63.1 References: https://www.suse.com/security/cve/CVE-2022-4283.html https://www.suse.com/security/cve/CVE-2022-46340.html https://www.suse.com/security/cve/CVE-2022-46341.html https://www.suse.com/security/cve/CVE-2022-46342.html https://www.suse.com/security/cve/CVE-2022-46343.html https://www.suse.com/security/cve/CVE-2022-46344.html https://bugzilla.suse.com/1205874 https://bugzilla.suse.com/1205875 https://bugzilla.suse.com/1205876 https://bugzilla.suse.com/1205877 https://bugzilla.suse.com/1205878 https://bugzilla.suse.com/1205879 https://bugzilla.suse.com/1206017

1 0

SUSE-SU-2022:4487-1: important: Security update for xwayland
by opensuse-security＠opensuse.org 14 Dec '22

14 Dec '22

SUSE Security Update: Security update for xwayland ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4487-1 Rating: important References: #1205874 #1205875 #1205876 #1205877 #1205878 #1205879 #1206017 Cross-References: CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 CVSS scores: CVE-2022-4283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-46340 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-46341 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-46342 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-46343 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2022-46344 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for xwayland fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874) - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879) - CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876) - CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878) - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877) - CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4487=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-4487=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): xwayland-21.1.4-150400.3.6.1 xwayland-debuginfo-21.1.4-150400.3.6.1 xwayland-debugsource-21.1.4-150400.3.6.1 xwayland-devel-21.1.4-150400.3.6.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): xwayland-21.1.4-150400.3.6.1 xwayland-debuginfo-21.1.4-150400.3.6.1 xwayland-debugsource-21.1.4-150400.3.6.1 References: https://www.suse.com/security/cve/CVE-2022-4283.html https://www.suse.com/security/cve/CVE-2022-46340.html https://www.suse.com/security/cve/CVE-2022-46341.html https://www.suse.com/security/cve/CVE-2022-46342.html https://www.suse.com/security/cve/CVE-2022-46343.html https://www.suse.com/security/cve/CVE-2022-46344.html https://bugzilla.suse.com/1205874 https://bugzilla.suse.com/1205875 https://bugzilla.suse.com/1205876 https://bugzilla.suse.com/1205877 https://bugzilla.suse.com/1205878 https://bugzilla.suse.com/1205879 https://bugzilla.suse.com/1206017

1 0

SUSE-SU-2022:4478-1: moderate: Security update for capnproto
by opensuse-security＠opensuse.org 14 Dec '22

14 Dec '22

SUSE Security Update: Security update for capnproto ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4478-1 Rating: moderate References: #1205968 Cross-References: CVE-2022-46149 CVSS scores: CVE-2022-46149 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2022-46149 (SUSE): 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for capnproto fixes the following issues: - CVE-2022-46149: Fixed out of bounds read when handling a list of lists (bsc#1205968). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4478=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4478=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): capnproto-0.9.1-150400.3.4.1 capnproto-debuginfo-0.9.1-150400.3.4.1 capnproto-debugsource-0.9.1-150400.3.4.1 libcapnp-0_9-0.9.1-150400.3.4.1 libcapnp-0_9-debuginfo-0.9.1-150400.3.4.1 libcapnp-devel-0.9.1-150400.3.4.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): capnproto-debuginfo-0.9.1-150400.3.4.1 capnproto-debugsource-0.9.1-150400.3.4.1 libcapnp-0_9-0.9.1-150400.3.4.1 libcapnp-0_9-debuginfo-0.9.1-150400.3.4.1 References: https://www.suse.com/security/cve/CVE-2022-46149.html https://bugzilla.suse.com/1205968

1 0

SUSE-SU-2022:4462-1: important: Security update for MozillaFirefox
by opensuse-security＠opensuse.org 13 Dec '22

13 Dec '22

SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4462-1 Rating: important References: #1206242 Cross-References: CVE-2022-46872 CVE-2022-46874 CVE-2022-46875 CVE-2022-46878 CVE-2022-46880 CVE-2022-46881 CVE-2022-46882 Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 102.6.0 ESR (bsc#1206242): - CVE-2022-46880: Use-after-free in WebGL - CVE-2022-46872: Arbitrary file read from a compromised content process - CVE-2022-46881: Memory corruption in WebGL - CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions - CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS - CVE-2022-46882: Use-after-free in WebGL - CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4462=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4462=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4462=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4462=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4462=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4462=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4462=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4462=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4462=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4462=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4462=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4462=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4462=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-branding-upstream-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-devel-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-branding-upstream-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-devel-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-devel-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-devel-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 - SUSE Manager Proxy 4.1 (x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-devel-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-devel-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-devel-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-devel-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le x86_64): MozillaFirefox-devel-102.6.0-150200.152.70.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le x86_64): MozillaFirefox-devel-102.6.0-150200.152.70.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-devel-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-devel-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-devel-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 References: https://www.suse.com/security/cve/CVE-2022-46872.html https://www.suse.com/security/cve/CVE-2022-46874.html https://www.suse.com/security/cve/CVE-2022-46875.html https://www.suse.com/security/cve/CVE-2022-46878.html https://www.suse.com/security/cve/CVE-2022-46880.html https://www.suse.com/security/cve/CVE-2022-46881.html https://www.suse.com/security/cve/CVE-2022-46882.html https://bugzilla.suse.com/1206242

1 0

SUSE-SU-2022:4463-1: important: Security update for containerd
by opensuse-security＠opensuse.org 13 Dec '22

13 Dec '22

SUSE Security Update: Security update for containerd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4463-1 Rating: important References: #1197284 #1206065 #1206235 Cross-References: CVE-2022-23471 CVE-2022-27191 CVSS scores: CVE-2022-23471 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-23471 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-27191 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27191 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for containerd fixes the following issues: Update to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065). Also includes the following fix: - CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4463=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4463=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4463=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4463=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4463=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4463=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4463=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4463=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4463=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4463=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4463=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4463=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4463=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4463=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4463=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4463=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-4463=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-4463=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4463=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4463=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4463=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4463=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4463=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4463=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4463=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4463=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4463=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4463=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4463=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): containerd-1.6.12-150000.79.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): containerd-1.6.12-150000.79.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Manager Proxy 4.1 (x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): containerd-1.6.12-150000.79.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): containerd-1.6.12-150000.79.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): containerd-1.6.12-150000.79.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE CaaS Platform 4.0 (x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 References: https://www.suse.com/security/cve/CVE-2022-23471.html https://www.suse.com/security/cve/CVE-2022-27191.html https://bugzilla.suse.com/1197284 https://bugzilla.suse.com/1206065 https://bugzilla.suse.com/1206235

1 0

SUSE-SU-2022:4205-2: moderate: Security update for net-snmp
by opensuse-security＠opensuse.org 13 Dec '22

13 Dec '22

SUSE Security Update: Security update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4205-2 Rating: moderate References: #1201103 SLE-11203 Cross-References: CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24808 CVE-2022-24809 CVE-2022-24810 Affected Products: SUSE Linux Enterprise Micro 5.3 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities, contains one feature is now available. Description: This update for net-snmp fixes the following issues: Updated to version 5.9.3 (bsc#1201103, jsc#SLE-11203): - CVE-2022-24805: Fixed a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB that can cause an out-of-bounds memory access. - CVE-2022-24809: Fixed a malformed OID in a GET-NEXT to the nsVacmAccessTable that can cause a NULL pointer dereference. - CVE-2022-24806: Fixed an improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously. - CVE-2022-24807: Fixed a malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. - CVE-2022-24808: Fixed a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference. - CVE-2022-24810: Fixed a malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4205=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4205=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): libsnmp40-5.9.3-150300.15.3.1 libsnmp40-debuginfo-5.9.3-150300.15.3.1 net-snmp-debuginfo-5.9.3-150300.15.3.1 net-snmp-debugsource-5.9.3-150300.15.3.1 snmp-mibs-5.9.3-150300.15.3.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libsnmp40-5.9.3-150300.15.3.1 libsnmp40-debuginfo-5.9.3-150300.15.3.1 net-snmp-debuginfo-5.9.3-150300.15.3.1 net-snmp-debugsource-5.9.3-150300.15.3.1 snmp-mibs-5.9.3-150300.15.3.1 References: https://www.suse.com/security/cve/CVE-2022-24805.html https://www.suse.com/security/cve/CVE-2022-24806.html https://www.suse.com/security/cve/CVE-2022-24807.html https://www.suse.com/security/cve/CVE-2022-24808.html https://www.suse.com/security/cve/CVE-2022-24809.html https://www.suse.com/security/cve/CVE-2022-24810.html https://bugzilla.suse.com/1201103

1 0

SUSE-SU-2022:4457-1: moderate: Security update for libtpms
by opensuse-security＠opensuse.org 13 Dec '22

13 Dec '22

SUSE Security Update: Security update for libtpms ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4457-1 Rating: moderate References: #1187767 #1204556 Cross-References: CVE-2021-3623 CVSS scores: CVE-2021-3623 (NVD) : 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2021-3623 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libtpms fixes the following issues: - CVE-2021-3623: Fixed out-of-bounds access when trying to resume the state of the vTPM (bsc#1187767) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4457=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4457=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4457=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4457=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4457=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4457=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4457=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4457=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4457=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): libtpms-debugsource-0.8.2-150300.3.6.1 libtpms0-0.8.2-150300.3.6.1 libtpms0-debuginfo-0.8.2-150300.3.6.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): libtpms-debugsource-0.8.2-150300.3.6.1 libtpms0-0.8.2-150300.3.6.1 libtpms0-debuginfo-0.8.2-150300.3.6.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libtpms-debugsource-0.8.2-150300.3.6.1 libtpms-devel-0.8.2-150300.3.6.1 libtpms0-0.8.2-150300.3.6.1 libtpms0-debuginfo-0.8.2-150300.3.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libtpms-debugsource-0.8.2-150300.3.6.1 libtpms-devel-0.8.2-150300.3.6.1 libtpms0-0.8.2-150300.3.6.1 libtpms0-debuginfo-0.8.2-150300.3.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libtpms-debugsource-0.8.2-150300.3.6.1 libtpms-devel-0.8.2-150300.3.6.1 libtpms0-0.8.2-150300.3.6.1 libtpms0-debuginfo-0.8.2-150300.3.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libtpms-debugsource-0.8.2-150300.3.6.1 libtpms-devel-0.8.2-150300.3.6.1 libtpms0-0.8.2-150300.3.6.1 libtpms0-debuginfo-0.8.2-150300.3.6.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libtpms-debugsource-0.8.2-150300.3.6.1 libtpms0-0.8.2-150300.3.6.1 libtpms0-debuginfo-0.8.2-150300.3.6.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libtpms-debugsource-0.8.2-150300.3.6.1 libtpms0-0.8.2-150300.3.6.1 libtpms0-debuginfo-0.8.2-150300.3.6.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libtpms-debugsource-0.8.2-150300.3.6.1 libtpms0-0.8.2-150300.3.6.1 libtpms0-debuginfo-0.8.2-150300.3.6.1 References: https://www.suse.com/security/cve/CVE-2021-3623.html https://bugzilla.suse.com/1187767 https://bugzilla.suse.com/1204556

1 0

SUSE-SU-2022:4452-1: moderate: Security update for java-1_8_0-openjdk
by opensuse-security＠opensuse.org 13 Dec '22

13 Dec '22

SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4452-1 Rating: moderate References: #1204471 #1204472 #1204473 #1204475 Cross-References: CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVSS scores: CVE-2022-21619 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21619 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21624 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21624 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21626 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21626 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21628 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21628 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u352 (icedtea-3.25.0): - CVE-2022-21619,CVE-2022-21624: Fixed difficult to exploit vulnerability allows unauthenticated attacker with network access and can cause unauthorized update, insert or delete access via multiple protocols (bsc#1204473,bsc#1204475). - CVE-2022-21626: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to cause partial denial of service (bsc#1204471). - CVE-2022-21628: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to cause partial denial of service (bsc#1204472). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4452=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4452=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4452=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4452=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4452=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4452=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4452=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4452=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4452=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4452=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4452=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4452=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-4452=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-4452=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4452=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4452=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-accessibility-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-src-1.8.0.352-150000.3.73.1 - openSUSE Leap 15.4 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.352-150000.3.73.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-accessibility-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-src-1.8.0.352-150000.3.73.1 - openSUSE Leap 15.3 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.352-150000.3.73.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Manager Proxy 4.1 (x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE CaaS Platform 4.0 (x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 References: https://www.suse.com/security/cve/CVE-2022-21619.html https://www.suse.com/security/cve/CVE-2022-21624.html https://www.suse.com/security/cve/CVE-2022-21626.html https://www.suse.com/security/cve/CVE-2022-21628.html https://bugzilla.suse.com/1204471 https://bugzilla.suse.com/1204472 https://bugzilla.suse.com/1204473 https://bugzilla.suse.com/1204475

1 0

SUSE-SU-2022:4453-1: important: Security update for wireshark
by opensuse-security＠opensuse.org 13 Dec '22

13 Dec '22

SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4453-1 Rating: important References: #1204822 #1206189 #1206190 Cross-References: CVE-2022-3725 CVSS scores: CVE-2022-3725 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3725 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for wireshark fixes the following issues: Update to version 3.6.10: - CVE-2022-3725: OPUS dissector crash (bsc#1204822). - Multiple dissector infinite loops (bsc#1206189). - Kafka dissector memory exhaustion (bsc#1206190). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4453=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4453=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4453=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4453=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4453=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4453=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4453=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4453=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4453=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4453=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4453=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4453=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4453=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4453=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4453=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4453=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4453=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4453=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4453=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4453=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4453=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4453=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4453=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4453=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4453=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Manager Proxy 4.1 (x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE CaaS Platform 4.0 (x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 References: https://www.suse.com/security/cve/CVE-2022-3725.html https://bugzilla.suse.com/1204822 https://bugzilla.suse.com/1206189 https://bugzilla.suse.com/1206190

1 0

SUSE-SU-2022:4437-1: important: Security update for SUSE Manager Client Tools
by opensuse-security＠opensuse.org 13 Dec '22

13 Dec '22

SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4437-1 Rating: important References: #1188571 #1189520 #1192383 #1192763 #1193492 #1193686 #1199810 #1201535 #1201539 #1202945 #1203283 #1203596 #1203597 #1203599 PED-2145 Cross-References: CVE-2021-36222 CVE-2021-3711 CVE-2021-41174 CVE-2021-41244 CVE-2021-43798 CVE-2021-43813 CVE-2021-43815 CVE-2022-29170 CVE-2022-31097 CVE-2022-31107 CVE-2022-35957 CVE-2022-36062 CVSS scores: CVE-2021-36222 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-36222 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3711 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3711 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-41174 (NVD) : 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N CVE-2021-41174 (SUSE): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N CVE-2021-41244 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-41244 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-43798 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-43798 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-43813 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43813 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43815 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43815 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-29170 (NVD) : 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N CVE-2022-29170 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L CVE-2022-31097 (NVD) : 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N CVE-2022-31097 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N CVE-2022-31107 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L CVE-2022-35957 (NVD) : 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-35957 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-36062 (NVD) : 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N CVE-2022-36062 (SUSE): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Tools 15 SUSE Manager Tools for SLE Micro 5 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 12 vulnerabilities, contains one feature and has two fixes is now available. Description: This update fixes the following issues: dracut-saltboot: - Update to version 0.1.1665997480.587fa10 * Add dependencies on xz and gzip to support compressed images golang-github-boynux-squid_exporter: - Exclude s390 architecture - Enhanced to build on Enterprise Linux 8. grafana: - Version update from 8.3.10 to 8.5.13 (jsc#PED-2145) - Security fixes: * CVE-2022-36062: (bsc#1203596) * CVE-2022-35957: (bsc#1203597) * CVE-2022-31107: (bsc#1201539) * CVE-2022-31097: (bsc#1201535) * CVE-2022-29170: (bsc#1199810) * CVE-2021-43813, CVE-2021-43815: (bsc#1193686) * CVE-2021-43798: (bsc#1193492) * CVE-2021-41244: (bsc#1192763) * CVE-2021-41174: (bsc#1192383) * CVE-2021-3711: (bsc#1189520) * CVE-2021-36222: (bsc#1188571) - Features and enhancements: * AccessControl: Disable user remove and user update roles when they do not have the permissions * AccessControl: Provisioning for teams * Alerting: Add custom grouping to Alert Panel * Alerting: Add safeguard for migrations that might cause dataloss * Alerting: AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled * Alerting: Grafana uses > instead of >= when checking the For duration * Alerting: Move slow queries in the scheduler to another goroutine * Alerting: Remove disabled flag for data source when migrating alerts * Alerting: Show notification tab of legacy alerting only to editor * Alerting: Update migration to migrate only alerts that belon to existing org\dashboard * Alerting: Use expanded labels in dashboard annotations * Alerting: Use time.Ticker instead of alerting.Ticker in ngalert * Analytics: Add user id tracking to google analytics * Angular: Add AngularJS plugin support deprecation plan to docs site * API: Add usage stats preview endpoint * API: Extract OpenAPI specification from source code using go-swagger * Auth: implement auto_sign_up for auth.jwt * Azure monitor Logs: Optimize data fetching in resource picker * Azure Monitor Logs: Order subscriptions in resource picker by name * Azure Monitor: Include datasource ref when interpolating variables. * AzureMonitor: Add support for not equals and startsWith operators when creating Azure Metrics dimension filters. * AzureMonitor: Do not quote variables when a custom "All" variable option is used * AzureMonitor: Filter list of resources by resourceType * AzureMonitor: Update allowed namespaces * BarChart: color by field, x time field, bar radius, label skipping * Chore: Implement OpenTelemetry in Grafana * Cloud Monitoring: Adds metric type to Metric drop down options * CloudMonitor: Correctly encode default project response * CloudWatch: Add all ElastiCache Redis Metrics * CloudWatch: Add Data Lifecycle Manager metrics and dimension * CloudWatch: Add Missing Elasticache Host-level metrics * CloudWatch: Add multi-value template variable support for log group names in logs query builder * CloudWatch: Add new AWS/ES metrics. #43034, @sunker * Cloudwatch: Add support for AWS/PrivateLink* metrics and dimensions * Cloudwatch: Add support for new AWS/RDS EBS* metrics * Cloudwatch: Add syntax highlighting and autocomplete for "Metric Search" * Cloudwatch: Add template variable query function for listing log groups * Configuration: Add ability to customize okta login button name and icon * Elasticsearch: Add deprecation notice for < 7.10 versions. * Explore: Support custom display label for exemplar links for Prometheus datasource * Hotkeys: Make time range absolute/permanent * InfluxDB: Use backend for influxDB by default via feature toggle * Legend: Use correct unit for percent and count calculations * Logs: Escape windows newline into single newline * Loki: Add unpack to autocomplete suggestions * Loki: Use millisecond steps in Grafana 8.5.x. * Playlists: Enable sharing direct links to playlists * Plugins: Allow using both Function and Class components for app plugins * Plugins: Expose emotion/react to plugins to prevent load failures * Plugins: Introduce HTTP 207 Multi Status response to api/ds/query * Rendering: Add support for renderer token * Setting: Support configuring feature toggles with bools instead of just passing an array * SQLStore: Prevent concurrent migrations * SSE: Add Mode to drop NaN/Inf/Null in Reduction operations * Tempo: Switch out Select with AsyncSelect component to get loading state in Tempo Search * TimeSeries: Add migration for Graph panel's transform series override * TimeSeries: Add support for negative Y and constant transform * TimeSeries: Preserve null/undefined values when performing negative y transform * Traces: Filter by service/span name and operation in Tempo and Jaeger * Transformations: Add 'JSON' field type to ConvertFieldTypeTransformer * Transformations: Add an All Unique Values Reducer * Transformers: avoid error when the ExtractFields source field is missing - Breaking changes: * For a data source query made via /api/ds/query: + If the DatasourceQueryMultiStatus feature is enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is now '207 Multi Status' instead of '400 Bad gateway' + If the DatasourceQueryMultiStatus feature is not enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is '400 BadRequest' (no breaking change) * For a proxied request, e.g. Grafana's datasource or plugin proxy: + If the request is cancelled, e.g. from the browser/by the client, the HTTP status code is now '499 Client closed' request instead of 502 Bad gateway If the request times out, e.g. takes longer time than allowed, the HTTP status code is now '504 Gateway timeout' instead of '502 Bad gateway'. + The change in behavior is that negative-valued series are now stacked downwards from 0 (in their own stacks), rather than downwards from the top of the positive stacks. We now automatically group stacks by Draw style, Line interpolation, and Bar alignment, making it impossible to stack bars on top of lines, or smooth lines on top of stepped lines + The meaning of the default data source has now changed from being a persisted property in a panel. Before when you selected the default data source for a panel and later changed the default data source to another data source it would change all panels who were configured to use the default data source. From now on the default data source is just the default for new panels and changing the default will not impact any currently saved dashboards + The Tooltip component provided by @grafana/ui is no longer automatically interactive (that is you can hover onto it and click a link or select text). It will from now on by default close automatically when you mouse out from the trigger element. To make tooltips behave like before set the new interactive property to true. - Deprecations: * /api/tsdb/query API has been deprecated, please use /api/ds/query instead * AngularJS plugin support is now in a deprecated state. The documentation site has an article with more details on why, when, and how - Bug fixes: * Alerting: Add contact points provisioning API * Alerting: add field for custom slack endpoint * Alerting: Add resolved count to notification title when both firing and resolved present * Alerting: Alert rule should wait For duration when execution error state is Alerting * Alerting: Allow disabling override timings for notification policies * Alerting: Allow serving images from custom url path * Alerting: Apply Custom Headers to datasource queries * Alerting: Classic conditions can now display multiple values * Alerting: correctly show all alerts in a folder * Alerting: Display query from grafana-managed alert rules on /api/v1/rules * Alerting: Do not overwrite existing alert rule condition * Alerting: Enhance support for arbitrary group names in managed alerts * Alerting: Fix access to alerts for viewer with editor permissions when RBAC is disabled * Alerting: Fix anonymous access to alerting * Alerting: Fix migrations by making send_alerts_to field nullable * Alerting: Fix RBAC actions for notification policies * Alerting: Fix use of > instead of >= when checking the For duration * Alerting: Remove double quotes from matchers * API: Include userId, orgId, uname in request logging middleware * Auth: Guarantee consistency of signed SigV4 headers * Azure Monitor : Adding json formatting of error messages in Panel Header Corner and Inspect Error Tab * Azure Monitor: Add 2 more Curated Dashboards for VM Insights * Azure Monitor: Bug Fix for incorrect variable cascading for template variables * Azure Monitor: Fix space character encoding for metrics query link to Azure Portal * Azure Monitor: Fixes broken log queries that use workspace * Azure Monitor: Small bug fixes for Resource Picker * AzureAd Oauth: Fix strictMode to reject users without an assigned role * AzureMonitor: Fixes metric definition for Azure Storage queue/file/blob/table resources * Cloudwatch : Fixed reseting metric name when changing namespace in Metric Query * CloudWatch: Added missing MemoryDB Namespace metrics * CloudWatch: Fix MetricName resetting on Namespace change. * Cloudwatch: Fix template variables in variable queries. * CloudWatch: Fix variable query tag migration * CloudWatch: Handle new error codes for MetricInsights * CloudWatch: List all metrics properly in SQL autocomplete * CloudWatch: Prevent log groups from being removed on query change * CloudWatch: Remove error message when using multi-valued template vars in region field * CloudWatch: Run query on blur in logs query field * CloudWatch: Use default http client from aws-sdk-go * Dashboard: Fix dashboard update permission check * Dashboard: Fixes random scrolling on time range change * Dashboard: Template variables are now correctly persisted when clicking breadcrumb links * DashboardExport: Fix exporting and importing dashboards where query data source ended up as incorrect * DashboardPage: Remember scroll position when coming back panel edit / view panel * Dashboards: Fixes repeating by row and no refresh * Dashboards: Show changes in save dialog * DataSource: Default data source is no longer a persisted state but just the default data source for new panels * DataSourcePlugin API: Allow queries import when changing data source type * Elasticsearch: Respect maxConcurrentShardRequests datasource setting * Explore: Allow users to save Explore state to a new panel in a new dashboard * Explore: Avoid locking timepicker when range is inverted. * Explore: Fix closing split pane when logs panel is used * Explore: Prevent direct access to explore if disabled via feature toggle * Explore: Remove return to panel button * FileUpload: clicking the Upload file button now opens their modal correctly * Gauge: Fixes blank viz when data link exists and orientation was horizontal * GrafanaUI: Fix color of links in error Tooltips in light theme * Histogram Panel: Take decimal into consideration * InfluxDB: Fixes invalid no data alerts. #48295, @yesoreyeram * Instrumentation: Fix HTTP request instrumentation of authentication failures * Instrumentation: Make backend plugin metrics endpoints available with optional authentication * Instrumentation: Proxy status code correction and various improvements * LibraryPanels: Fix library panels not connecting properly in imported dashboards * LibraryPanels: Prevent long descriptions and names from obscuring the delete button * Logger: Use specified format for file logger * Logging: Introduce feature toggle to activate gokit/log format * Logs: Handle missing fields in dataframes better * Loki: Improve unpack parser handling * ManageDashboards: Fix error when deleting all dashboards from folder view * Middleware: Fix IPv6 host parsing in CSRF check * Navigation: Prevent navbar briefly showing on login * NewsPanel: Add support for Atom feeds. #45390, @kaydelaney * OAuth: Fix parsing of ID token if header contains non-string value * Panel Edit: Options search now works correctly when a logarithmic scale option is set * Panel Edit: Visualization search now works correctly with special characters * Plugins Catalog: Fix styling of hyperlinks * Plugins: Add deprecation notice for /api/tsdb/query endpoint * Plugins: Adding support for traceID field to accept variables * Plugins: Ensure catching all appropriate 4xx api/ds/query scenarios * Postgres: Return tables with hyphenated schemes * PostgreSQL: __unixEpochGroup to support arithmetic expression as argument * Profile/Help: Expose option to disable profile section and help menu * Prometheus: Enable new visual query builder by default * Provisioning: Fix duplicate validation when multiple organizations have been configured inserted * RBAC: Fix Anonymous Editors missing dashboard controls * RolePicker: Fix menu position on smaller screens * SAML: Allow disabling of SAML signups * Search: Sort results correctly when using postgres * Security: Fixes minor code scanning security warnings in old vendored javascript libs * Table panel: Fix horizontal scrolling when pagination is enabled * Table panel: Show datalinks for cell display modes JSON View and Gauge derivates * Table: Fix filter crashes table * Table: New pagination option * TablePanel: Add cell inspect option * TablePanel: Do not prefix columns with frame name if multipleframes and override active * TagsInput: Fix tags remove button accessibility issues * Tempo / Trace Viewer: Support Span Links in Trace Viewer * Tempo: Download span references in data inspector * Tempo: Separate trace to logs and loki search datasource config * TextPanel: Sanitize after markdown has been rendered to html * TimeRange: Fixes updating time range from url and browser history * TimeSeries: Fix detection & rendering of sparse datapoints * Timeseries: Fix outside range stale state * TimeSeries: Properly stack series with missing datapoints * TimeSeries: Sort tooltip values based on raw values * Tooltip: Fix links not legible in Tooltips when using light theme * Tooltip: Sort decimals using standard numeric compare * Trace View: Show number of child spans * Transformations: Support escaped characters in key-value pair parsing * Transforms: Labels to fields, fix label picker layout * Variables: Ensure variables in query params are correctly recognised * Variables: Fix crash when changing query variable datasource * Variables: Fixes issue with data source variables not updating queries with variable * Visualizations: Stack negative-valued series downwards - Plugin development fixes: * Card: Increase clickable area when meta items are present. * ClipboardButton: Use a fallback when the Clipboard API is unavailable * Loki: Fix operator description propup from being shortened. * OAuth: Add setting to skip org assignment for external users * Tooltips: Make tooltips non interactive by default * Tracing: Add option to map tag names to log label names in trace to logs settings prometheus-blackbox_exporter: - Add requirement for go1.18 (bsc#1203599) spacecmd: - Version 4.3.16-1 * Fix dict_keys not supporting indexing in systems_setconfigchannelorger * Improve Proxy FQDN hint message * Added a warning message for traditional stack deprecation * Stop always showing help for valid proxy_container_config calls * Remove "Undefined return code" from debug messages (bsc#1203283) spacewalk-client-tools: - Version 4.3.13-1 * Update translation strings uyuni-proxy-systemd-services: - Version 4.3.7-1 * Expose /etc/sysconfig/proxy variables to container services (bsc#1202945) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4437=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4437=1 - SUSE Manager Tools for SLE Micro 5: zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2022-4437=1 - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-4437=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-4437=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-4437=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): golang-github-boynux-squid_exporter-1.6-150000.1.9.1 golang-github-boynux-squid_exporter-debuginfo-1.6-150000.1.9.1 golang-github-prometheus-promu-0.13.0-150000.3.9.1 prometheus-blackbox_exporter-0.19.0-150000.1.14.3 wire-0.5.0-150000.1.9.3 wire-debuginfo-0.5.0-150000.1.9.3 - openSUSE Leap 15.4 (noarch): dracut-saltboot-0.1.1665997480.587fa10-150000.1.41.1 spacecmd-4.3.16-150000.3.89.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): golang-github-boynux-squid_exporter-1.6-150000.1.9.1 golang-github-boynux-squid_exporter-debuginfo-1.6-150000.1.9.1 golang-github-prometheus-promu-0.13.0-150000.3.9.1 - openSUSE Leap 15.3 (noarch): dracut-saltboot-0.1.1665997480.587fa10-150000.1.41.1 spacecmd-4.3.16-150000.3.89.1 - SUSE Manager Tools for SLE Micro 5 (aarch64 s390x x86_64): prometheus-blackbox_exporter-0.19.0-150000.1.14.3 - SUSE Manager Tools for SLE Micro 5 (noarch): dracut-saltboot-0.1.1665997480.587fa10-150000.1.41.1 uyuni-proxy-systemd-services-4.3.7-150000.1.9.3 - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-boynux-squid_exporter-1.6-150000.1.9.1 golang-github-boynux-squid_exporter-debuginfo-1.6-150000.1.9.1 grafana-8.5.13-150000.1.36.3 grafana-debuginfo-8.5.13-150000.1.36.3 prometheus-blackbox_exporter-0.19.0-150000.1.14.3 - SUSE Manager Tools 15 (noarch): dracut-saltboot-0.1.1665997480.587fa10-150000.1.41.1 python3-spacewalk-check-4.3.13-150000.3.71.3 python3-spacewalk-client-setup-4.3.13-150000.3.71.3 python3-spacewalk-client-tools-4.3.13-150000.3.71.3 spacecmd-4.3.16-150000.3.89.1 spacewalk-check-4.3.13-150000.3.71.3 spacewalk-client-setup-4.3.13-150000.3.71.3 spacewalk-client-tools-4.3.13-150000.3.71.3 uyuni-proxy-systemd-services-4.3.7-150000.1.9.3 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64): golang-github-boynux-squid_exporter-1.6-150000.1.9.1 golang-github-boynux-squid_exporter-debuginfo-1.6-150000.1.9.1 prometheus-blackbox_exporter-0.19.0-150000.1.14.3 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): golang-github-boynux-squid_exporter-1.6-150000.1.9.1 golang-github-boynux-squid_exporter-debuginfo-1.6-150000.1.9.1 prometheus-blackbox_exporter-0.19.0-150000.1.14.3 References: https://www.suse.com/security/cve/CVE-2021-36222.html https://www.suse.com/security/cve/CVE-2021-3711.html https://www.suse.com/security/cve/CVE-2021-41174.html https://www.suse.com/security/cve/CVE-2021-41244.html https://www.suse.com/security/cve/CVE-2021-43798.html https://www.suse.com/security/cve/CVE-2021-43813.html https://www.suse.com/security/cve/CVE-2021-43815.html https://www.suse.com/security/cve/CVE-2022-29170.html https://www.suse.com/security/cve/CVE-2022-31097.html https://www.suse.com/security/cve/CVE-2022-31107.html https://www.suse.com/security/cve/CVE-2022-35957.html https://www.suse.com/security/cve/CVE-2022-36062.html https://bugzilla.suse.com/1188571 https://bugzilla.suse.com/1189520 https://bugzilla.suse.com/1192383 https://bugzilla.suse.com/1192763 https://bugzilla.suse.com/1193492 https://bugzilla.suse.com/1193686 https://bugzilla.suse.com/1199810 https://bugzilla.suse.com/1201535 https://bugzilla.suse.com/1201539 https://bugzilla.suse.com/1202945 https://bugzilla.suse.com/1203283 https://bugzilla.suse.com/1203596 https://bugzilla.suse.com/1203597 https://bugzilla.suse.com/1203599

1 0

SUSE-SU-2022:4428-1: important: Security update for grafana
by opensuse-security＠opensuse.org 13 Dec '22

13 Dec '22

SUSE Security Update: Security update for grafana ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4428-1 Rating: important References: #1188571 #1189520 #1192383 #1192763 #1193492 #1193686 #1199810 #1201535 #1201539 #1203596 #1203597 PED-2145 Cross-References: CVE-2021-36222 CVE-2021-3711 CVE-2021-41174 CVE-2021-41244 CVE-2021-43798 CVE-2021-43813 CVE-2021-43815 CVE-2022-29170 CVE-2022-31097 CVE-2022-31107 CVE-2022-35957 CVE-2022-36062 CVSS scores: CVE-2021-36222 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-36222 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3711 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3711 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-41174 (NVD) : 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N CVE-2021-41174 (SUSE): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N CVE-2021-41244 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-41244 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-43798 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-43798 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-43813 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43813 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43815 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43815 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-29170 (NVD) : 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N CVE-2022-29170 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L CVE-2022-31097 (NVD) : 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N CVE-2022-31097 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N CVE-2022-31107 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L CVE-2022-35957 (NVD) : 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-35957 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-36062 (NVD) : 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N CVE-2022-36062 (SUSE): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 12 vulnerabilities, contains one feature is now available. Description: This update for grafana fixes the following issues: Version update from 8.3.10 to 8.5.13 (jsc#PED-2145): - Security fixes: * CVE-2022-36062: (bsc#1203596) * CVE-2022-35957: (bsc#1203597) * CVE-2022-31107: (bsc#1201539) * CVE-2022-31097: (bsc#1201535) * CVE-2022-29170: (bsc#1199810) * CVE-2021-43813, CVE-2021-43815: (bsc#1193686) * CVE-2021-43798: (bsc#1193492) * CVE-2021-41244: (bsc#1192763) * CVE-2021-41174: (bsc#1192383) * CVE-2021-3711: (bsc#1189520) * CVE-2021-36222: (bsc#1188571) - Features and enhancements: * AccessControl: Disable user remove and user update roles when they do not have the permissions * AccessControl: Provisioning for teams * Alerting: Add custom grouping to Alert Panel * Alerting: Add safeguard for migrations that might cause dataloss * Alerting: AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled * Alerting: Grafana uses > instead of >= when checking the For duration * Alerting: Move slow queries in the scheduler to another goroutine * Alerting: Remove disabled flag for data source when migrating alerts * Alerting: Show notification tab of legacy alerting only to editor * Alerting: Update migration to migrate only alerts that belon to existing org\dashboard * Alerting: Use expanded labels in dashboard annotations * Alerting: Use time.Ticker instead of alerting.Ticker in ngalert * Analytics: Add user id tracking to google analytics * Angular: Add AngularJS plugin support deprecation plan to docs site * API: Add usage stats preview endpoint * API: Extract OpenAPI specification from source code using go-swagger * Auth: implement auto_sign_up for auth.jwt * Azure monitor Logs: Optimize data fetching in resource picker * Azure Monitor Logs: Order subscriptions in resource picker by name * Azure Monitor: Include datasource ref when interpolating variables. * AzureMonitor: Add support for not equals and startsWith operators when creating Azure Metrics dimension filters. * AzureMonitor: Do not quote variables when a custom "All" variable option is used * AzureMonitor: Filter list of resources by resourceType * AzureMonitor: Update allowed namespaces * BarChart: color by field, x time field, bar radius, label skipping * Chore: Implement OpenTelemetry in Grafana * Cloud Monitoring: Adds metric type to Metric drop down options * CloudMonitor: Correctly encode default project response * CloudWatch: Add all ElastiCache Redis Metrics * CloudWatch: Add Data Lifecycle Manager metrics and dimension * CloudWatch: Add Missing Elasticache Host-level metrics * CloudWatch: Add multi-value template variable support for log group names in logs query builder * CloudWatch: Add new AWS/ES metrics. #43034, @sunker * Cloudwatch: Add support for AWS/PrivateLink* metrics and dimensions * Cloudwatch: Add support for new AWS/RDS EBS* metrics * Cloudwatch: Add syntax highlighting and autocomplete for "Metric Search" * Cloudwatch: Add template variable query function for listing log groups * Configuration: Add ability to customize okta login button name and icon * Elasticsearch: Add deprecation notice for < 7.10 versions. * Explore: Support custom display label for exemplar links for Prometheus datasource * Hotkeys: Make time range absolute/permanent * InfluxDB: Use backend for influxDB by default via feature toggle * Legend: Use correct unit for percent and count calculations * Logs: Escape windows newline into single newline * Loki: Add unpack to autocomplete suggestions * Loki: Use millisecond steps in Grafana 8.5.x. * Playlists: Enable sharing direct links to playlists * Plugins: Allow using both Function and Class components for app plugins * Plugins: Expose emotion/react to plugins to prevent load failures * Plugins: Introduce HTTP 207 Multi Status response to api/ds/query * Rendering: Add support for renderer token * Setting: Support configuring feature toggles with bools instead of just passing an array * SQLStore: Prevent concurrent migrations * SSE: Add Mode to drop NaN/Inf/Null in Reduction operations * Tempo: Switch out Select with AsyncSelect component to get loading state in Tempo Search * TimeSeries: Add migration for Graph panel's transform series override * TimeSeries: Add support for negative Y and constant transform * TimeSeries: Preserve null/undefined values when performing negative y transform * Traces: Filter by service/span name and operation in Tempo and Jaeger * Transformations: Add 'JSON' field type to ConvertFieldTypeTransformer * Transformations: Add an All Unique Values Reducer * Transformers: avoid error when the ExtractFields source field is missing - Breaking changes: * For a data source query made via /api/ds/query: + If the DatasourceQueryMultiStatus feature is enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is now '207 Multi Status' instead of '400 Bad gateway' + If the DatasourceQueryMultiStatus feature is not enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is '400 BadRequest' (no breaking change) * For a proxied request, e.g. Grafana's datasource or plugin proxy: + If the request is cancelled, e.g. from the browser/by the client, the HTTP status code is now '499 Client closed' request instead of 502 Bad gateway If the request times out, e.g. takes longer time than allowed, the HTTP status code is now '504 Gateway timeout' instead of '502 Bad gateway'. + The change in behavior is that negative-valued series are now stacked downwards from 0 (in their own stacks), rather than downwards from the top of the positive stacks. We now automatically group stacks by Draw style, Line interpolation, and Bar alignment, making it impossible to stack bars on top of lines, or smooth lines on top of stepped lines + The meaning of the default data source has now changed from being a persisted property in a panel. Before when you selected the default data source for a panel and later changed the default data source to another data source it would change all panels who were configured to use the default data source. From now on the default data source is just the default for new panels and changing the default will not impact any currently saved dashboards + The Tooltip component provided by @grafana/ui is no longer automatically interactive (that is you can hover onto it and click a link or select text). It will from now on by default close automatically when you mouse out from the trigger element. To make tooltips behave like before set the new interactive property to true. - Deprecations: * /api/tsdb/query API has been deprecated, please use /api/ds/query instead * AngularJS plugin support is now in a deprecated state. The documentation site has an article with more details on why, when, and how - Bug fixes: * Alerting: Add contact points provisioning API * Alerting: add field for custom slack endpoint * Alerting: Add resolved count to notification title when both firing and resolved present * Alerting: Alert rule should wait For duration when execution error state is Alerting * Alerting: Allow disabling override timings for notification policies * Alerting: Allow serving images from custom url path * Alerting: Apply Custom Headers to datasource queries * Alerting: Classic conditions can now display multiple values * Alerting: correctly show all alerts in a folder * Alerting: Display query from grafana-managed alert rules on /api/v1/rules * Alerting: Do not overwrite existing alert rule condition * Alerting: Enhance support for arbitrary group names in managed alerts * Alerting: Fix access to alerts for viewer with editor permissions when RBAC is disabled * Alerting: Fix anonymous access to alerting * Alerting: Fix migrations by making send_alerts_to field nullable * Alerting: Fix RBAC actions for notification policies * Alerting: Fix use of > instead of >= when checking the For duration * Alerting: Remove double quotes from matchers * API: Include userId, orgId, uname in request logging middleware * Auth: Guarantee consistency of signed SigV4 headers * Azure Monitor : Adding json formatting of error messages in Panel Header Corner and Inspect Error Tab * Azure Monitor: Add 2 more Curated Dashboards for VM Insights * Azure Monitor: Bug Fix for incorrect variable cascading for template variables * Azure Monitor: Fix space character encoding for metrics query link to Azure Portal * Azure Monitor: Fixes broken log queries that use workspace * Azure Monitor: Small bug fixes for Resource Picker * AzureAd Oauth: Fix strictMode to reject users without an assigned role * AzureMonitor: Fixes metric definition for Azure Storage queue/file/blob/table resources * Cloudwatch : Fixed reseting metric name when changing namespace in Metric Query * CloudWatch: Added missing MemoryDB Namespace metrics * CloudWatch: Fix MetricName resetting on Namespace change. * Cloudwatch: Fix template variables in variable queries. * CloudWatch: Fix variable query tag migration * CloudWatch: Handle new error codes for MetricInsights * CloudWatch: List all metrics properly in SQL autocomplete * CloudWatch: Prevent log groups from being removed on query change * CloudWatch: Remove error message when using multi-valued template vars in region field * CloudWatch: Run query on blur in logs query field * CloudWatch: Use default http client from aws-sdk-go * Dashboard: Fix dashboard update permission check * Dashboard: Fixes random scrolling on time range change * Dashboard: Template variables are now correctly persisted when clicking breadcrumb links * DashboardExport: Fix exporting and importing dashboards where query data source ended up as incorrect * DashboardPage: Remember scroll position when coming back panel edit / view panel * Dashboards: Fixes repeating by row and no refresh * Dashboards: Show changes in save dialog * DataSource: Default data source is no longer a persisted state but just the default data source for new panels * DataSourcePlugin API: Allow queries import when changing data source type * Elasticsearch: Respect maxConcurrentShardRequests datasource setting * Explore: Allow users to save Explore state to a new panel in a new dashboard * Explore: Avoid locking timepicker when range is inverted. * Explore: Fix closing split pane when logs panel is used * Explore: Prevent direct access to explore if disabled via feature toggle * Explore: Remove return to panel button * FileUpload: clicking the Upload file button now opens their modal correctly * Gauge: Fixes blank viz when data link exists and orientation was horizontal * GrafanaUI: Fix color of links in error Tooltips in light theme * Histogram Panel: Take decimal into consideration * InfluxDB: Fixes invalid no data alerts. #48295, @yesoreyeram * Instrumentation: Fix HTTP request instrumentation of authentication failures * Instrumentation: Make backend plugin metrics endpoints available with optional authentication * Instrumentation: Proxy status code correction and various improvements * LibraryPanels: Fix library panels not connecting properly in imported dashboards * LibraryPanels: Prevent long descriptions and names from obscuring the delete button * Logger: Use specified format for file logger * Logging: Introduce feature toggle to activate gokit/log format * Logs: Handle missing fields in dataframes better * Loki: Improve unpack parser handling * ManageDashboards: Fix error when deleting all dashboards from folder view * Middleware: Fix IPv6 host parsing in CSRF check * Navigation: Prevent navbar briefly showing on login * NewsPanel: Add support for Atom feeds. #45390, @kaydelaney * OAuth: Fix parsing of ID token if header contains non-string value * Panel Edit: Options search now works correctly when a logarithmic scale option is set * Panel Edit: Visualization search now works correctly with special characters * Plugins Catalog: Fix styling of hyperlinks * Plugins: Add deprecation notice for /api/tsdb/query endpoint * Plugins: Adding support for traceID field to accept variables * Plugins: Ensure catching all appropriate 4xx api/ds/query scenarios * Postgres: Return tables with hyphenated schemes * PostgreSQL: __unixEpochGroup to support arithmetic expression as argument * Profile/Help: Expose option to disable profile section and help menu * Prometheus: Enable new visual query builder by default * Provisioning: Fix duplicate validation when multiple organizations have been configured inserted * RBAC: Fix Anonymous Editors missing dashboard controls * RolePicker: Fix menu position on smaller screens * SAML: Allow disabling of SAML signups * Search: Sort results correctly when using postgres * Security: Fixes minor code scanning security warnings in old vendored javascript libs * Table panel: Fix horizontal scrolling when pagination is enabled * Table panel: Show datalinks for cell display modes JSON View and Gauge derivates * Table: Fix filter crashes table * Table: New pagination option * TablePanel: Add cell inspect option * TablePanel: Do not prefix columns with frame name if multipleframes and override active * TagsInput: Fix tags remove button accessibility issues * Tempo / Trace Viewer: Support Span Links in Trace Viewer * Tempo: Download span references in data inspector * Tempo: Separate trace to logs and loki search datasource config * TextPanel: Sanitize after markdown has been rendered to html * TimeRange: Fixes updating time range from url and browser history * TimeSeries: Fix detection & rendering of sparse datapoints * Timeseries: Fix outside range stale state * TimeSeries: Properly stack series with missing datapoints * TimeSeries: Sort tooltip values based on raw values * Tooltip: Fix links not legible in Tooltips when using light theme * Tooltip: Sort decimals using standard numeric compare * Trace View: Show number of child spans * Transformations: Support escaped characters in key-value pair parsing * Transforms: Labels to fields, fix label picker layout * Variables: Ensure variables in query params are correctly recognised * Variables: Fix crash when changing query variable datasource * Variables: Fixes issue with data source variables not updating queries with variable * Visualizations: Stack negative-valued series downwards - Plugin development fixes: * Card: Increase clickable area when meta items are present. * ClipboardButton: Use a fallback when the Clipboard API is unavailable * Loki: Fix operator description propup from being shortened. * OAuth: Add setting to skip org assignment for external users * Tooltips: Make tooltips non interactive by default * Tracing: Add option to map tag names to log label names in trace to logs settings Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4428=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4428=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4428=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): grafana-8.5.13-150200.3.29.5 grafana-debuginfo-8.5.13-150200.3.29.5 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): grafana-8.5.13-150200.3.29.5 grafana-debuginfo-8.5.13-150200.3.29.5 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): grafana-8.5.13-150200.3.29.5 References: https://www.suse.com/security/cve/CVE-2021-36222.html https://www.suse.com/security/cve/CVE-2021-3711.html https://www.suse.com/security/cve/CVE-2021-41174.html https://www.suse.com/security/cve/CVE-2021-41244.html https://www.suse.com/security/cve/CVE-2021-43798.html https://www.suse.com/security/cve/CVE-2021-43813.html https://www.suse.com/security/cve/CVE-2021-43815.html https://www.suse.com/security/cve/CVE-2022-29170.html https://www.suse.com/security/cve/CVE-2022-31097.html https://www.suse.com/security/cve/CVE-2022-31107.html https://www.suse.com/security/cve/CVE-2022-35957.html https://www.suse.com/security/cve/CVE-2022-36062.html https://bugzilla.suse.com/1188571 https://bugzilla.suse.com/1189520 https://bugzilla.suse.com/1192383 https://bugzilla.suse.com/1192763 https://bugzilla.suse.com/1193492 https://bugzilla.suse.com/1193686 https://bugzilla.suse.com/1199810 https://bugzilla.suse.com/1201535 https://bugzilla.suse.com/1201539 https://bugzilla.suse.com/1203596 https://bugzilla.suse.com/1203597

1 0

SUSE-SU-2022:4411-1: important: Security update for tiff
by opensuse-security＠opensuse.org 13 Dec '22

13 Dec '22

SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4411-1 Rating: important References: #1204642 #1205422 Cross-References: CVE-2022-3570 CVE-2022-3598 CVSS scores: CVE-2022-3570 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3570 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3598 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3598 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for tiff fixes the following issues: - CVE-2022-3570: Fixed heap buffer overflows in tiffcrop.c (bsc#1205422). - CVE-2022-3598: Fixed out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c [bsc#1204642] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4411=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4411=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4411=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4411=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4411=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4411=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4411=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4411=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4411=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4411=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4411=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4411=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4411=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4411=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4411=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4411=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4411=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4411=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4411=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4411=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4411=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4411=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4411=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4411=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4411=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4411=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4411=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4411=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4411=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4411=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - openSUSE Leap 15.4 (x86_64): libtiff-devel-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - openSUSE Leap 15.3 (x86_64): libtiff-devel-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Manager Server 4.1 (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Manager Proxy 4.1 (x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): tiff-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): tiff-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Enterprise Storage 7 (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Enterprise Storage 6 (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE CaaS Platform 4.0 (x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 References: https://www.suse.com/security/cve/CVE-2022-3570.html https://www.suse.com/security/cve/CVE-2022-3598.html https://bugzilla.suse.com/1204642 https://bugzilla.suse.com/1205422

1 0

openSUSE-SU-2022:10242-1: moderate: Security update for python-slixmpp
by opensuse-security＠opensuse.org 11 Dec '22

11 Dec '22

openSUSE Security Update: Security update for python-slixmpp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10242-1 Rating: moderate References: #1205433 Cross-References: CVE-2022-45197 Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-slixmpp fixes the following issues: - CVE-2022-45197: Fixed certificate hostname validation (boo#1205433) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10242=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): python3-slixmpp-1.4.2-bp154.2.3.1 References: https://www.suse.com/security/cve/CVE-2022-45197.html https://bugzilla.suse.com/1205433

1 0