openSUSE Security Update: Security update for fish3
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0096-1
Rating: important
References: #1197139
Cross-References: CVE-2022-20001
CVSS scores:
CVE-2022-20001 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-20001 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for fish3 fixes the following issues:
- CVE-2022-20001: Navigating to a compromised git repository may lead to
arbitrary code execution (bsc#1197139)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-96=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64):
fish3-3.3.1-bp153.2.10.1
fish3-devel-3.3.1-bp153.2.10.1
References:
https://www.suse.com/security/cve/CVE-2022-20001.htmlhttps://bugzilla.suse.com/1197139
openSUSE Security Update: Security update for python2-numpy
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:1064-1
Rating: moderate
References: #1193907 #1193911 #1193913
Cross-References: CVE-2021-33430 CVE-2021-41495 CVE-2021-41496
CVSS scores:
CVE-2021-33430 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33430 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-41495 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-41495 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-41496 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-41496 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for python2-numpy fixes the following issues:
- CVE-2021-33430: Fixed buffer overflow that could lead to DoS in
PyArray_NewFromDescr_int function of ctors.c (bsc#1193913).
- CVE-2021-41496: Fixed buffer overflow that could lead to DoS in
array_from_pyobj function of fortranobject.c (bsc#1193907).
- CVE-2021-41495: Fixed Null Pointer Dereference in numpy.sort due to
missing return value validation (bsc#1193911).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1064=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
python2-numpy-1.16.5-150200.3.5.1
python2-numpy-debuginfo-1.16.5-150200.3.5.1
python2-numpy-debugsource-1.16.5-150200.3.5.1
python2-numpy-devel-1.16.5-150200.3.5.1
- openSUSE Leap 15.3 (aarch64 ppc64le x86_64):
python-numpy_1_16_5-gnu-hpc-debugsource-1.16.5-150200.3.5.1
python2-numpy-gnu-hpc-1.16.5-150200.3.5.1
python2-numpy-gnu-hpc-devel-1.16.5-150200.3.5.1
python2-numpy_1_16_5-gnu-hpc-1.16.5-150200.3.5.1
python2-numpy_1_16_5-gnu-hpc-debuginfo-1.16.5-150200.3.5.1
python2-numpy_1_16_5-gnu-hpc-devel-1.16.5-150200.3.5.1
References:
https://www.suse.com/security/cve/CVE-2021-33430.htmlhttps://www.suse.com/security/cve/CVE-2021-41495.htmlhttps://www.suse.com/security/cve/CVE-2021-41496.htmlhttps://bugzilla.suse.com/1193907https://bugzilla.suse.com/1193911https://bugzilla.suse.com/1193913
openSUSE Security Update: Security update for kernel-firmware
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:1065-1
Rating: important
References: #1186938 #1188662 #1192953 #1195786 #1196333
Cross-References: CVE-2021-0066 CVE-2021-0071 CVE-2021-0072
CVE-2021-0076 CVE-2021-0161 CVE-2021-0164
CVE-2021-0165 CVE-2021-0166 CVE-2021-0168
CVE-2021-0170 CVE-2021-0172 CVE-2021-0173
CVE-2021-0174 CVE-2021-0175 CVE-2021-0176
CVE-2021-0183 CVE-2021-33139 CVE-2021-33155
CVSS scores:
CVE-2021-0066 (NVD) : 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0066 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0071 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0072 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-0072 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-0076 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0076 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0161 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0161 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0164 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0164 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0165 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0165 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0166 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0168 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0168 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0170 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-0170 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-0172 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0172 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0173 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0173 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0174 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0174 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0175 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0175 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0176 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0176 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0183 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0183 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33139 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33139 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33155 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33155 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes 18 vulnerabilities is now available.
Description:
This update for kernel-firmware fixes the following issues:
Update Intel Wireless firmware for 9xxx (INTEL-SA-00539, bsc#1196333):
CVE-2021-0161: Improper input validation in firmware for Intel
PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow a privileged user to
potentially enable escalation of privilege via local access.
CVE-2021-0164: Improper access control in firmware for Intel
PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow an unauthenticated user
to potentially enable escalation of privilege via local access.
CVE-2021-0165: Improper input validation in firmware for Intel
PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow an unauthenticated user
to potentially enable denial of service via adjacent access.
CVE-2021-0066: Improper input validation in firmware for Intel
PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow an unauthenticated user
to potentially enable escalation of privilege via local access.
CVE-2021-0166: Exposure of Sensitive Information to an Unauthorized Actor
in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may
allow a privileged user to potentially enable escalation of privilege via
local access. CVE-2021-0168: Improper input validation in firmware for
some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a
privileged user to potentially enable escalation of privilege via local
access. CVE-2021-0170: Exposure of Sensitive Information to an
Unauthorized Actor in firmware for some Intel PROSet/Wireless Wi-Fi and
some Killer Wi-Fi may allow an authenticated user to potentially enable
information disclosure via local access. CVE-2021-0172: Improper input
validation in firmware for some Intel PROSet/Wireless Wi-Fi and some
Killer Wi-Fi may allow an unauthenticated user to potentially enable
denial of service via adjacent access. CVE-2021-0173: Improper Validation
of Consistency within input in firmware for some Intel PROSet/Wireless
Wi-Fi and some Killer Wi-Fi may allow a unauthenticated user to
potentially enable denial of service via adjacent access. CVE-2021-0174:
Improper Use of Validation Framework in firmware for some Intel
PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a unauthenticated
user to potentially enable denial of service via adjacent access.
CVE-2021-0175: Improper Validation of Specified Index, Position, or Offset
in Input in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer
Wi-Fi may allow an unauthenticated user to potentially enable denial of
service via adjacent access. CVE-2021-0076: Improper Validation of
Specified Index, Position, or Offset in Input in firmware for some Intel
PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a privileged user to
potentially enable denial of service via local access. CVE-2021-0176:
Improper input validation in firmware for some Intel PROSet/Wireless Wi-Fi
and some Killer Wi-Fi may allow a privileged user to potentially enable
denial of service via local access. CVE-2021-0183: Improper Validation of
Specified Index, Position, or Offset in Input in software for some Intel
PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow an unauthenticated
user to potentially enable denial of service via adjacent access.
CVE-2021-0072: Improper input validation in firmware for some Intel
PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a privileged user to
potentially enable information disclosure via local access. CVE-2021-0071:
Improper input validation in firmware for some Intel PROSet/Wireless WiFi
in UEFI may allow an unauthenticated user to potentially enable escalation
of privilege via adjacent access.
Update Intel Bluetooth firmware (INTEL-SA-00604,bsc#1195786):
- CVE-2021-33139: Improper conditions check in firmware for some Intel
Wireless Bluetooth and Killer Bluetooth products before may allow an
authenticated user to potentially enable denial of service via adjacent
access.
- CVE-2021-33155: Improper input validation in firmware for some Intel
Wireless Bluetooth and Killer Bluetooth products before may allow an
authenticated user to potentially enable denial of service via adjacent
access.
Bug fixes:
- Updated the AMD SEV firmware (bsc#1186938)
- Reduced the LZMA2 dictionary size (bsc#1188662)
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1065=1
Package List:
- openSUSE Leap 15.3 (noarch):
kernel-firmware-20210208-150300.4.7.1
kernel-firmware-all-20210208-150300.4.7.1
kernel-firmware-amdgpu-20210208-150300.4.7.1
kernel-firmware-ath10k-20210208-150300.4.7.1
kernel-firmware-ath11k-20210208-150300.4.7.1
kernel-firmware-atheros-20210208-150300.4.7.1
kernel-firmware-bluetooth-20210208-150300.4.7.1
kernel-firmware-bnx2-20210208-150300.4.7.1
kernel-firmware-brcm-20210208-150300.4.7.1
kernel-firmware-chelsio-20210208-150300.4.7.1
kernel-firmware-dpaa2-20210208-150300.4.7.1
kernel-firmware-i915-20210208-150300.4.7.1
kernel-firmware-intel-20210208-150300.4.7.1
kernel-firmware-iwlwifi-20210208-150300.4.7.1
kernel-firmware-liquidio-20210208-150300.4.7.1
kernel-firmware-marvell-20210208-150300.4.7.1
kernel-firmware-media-20210208-150300.4.7.1
kernel-firmware-mediatek-20210208-150300.4.7.1
kernel-firmware-mellanox-20210208-150300.4.7.1
kernel-firmware-mwifiex-20210208-150300.4.7.1
kernel-firmware-network-20210208-150300.4.7.1
kernel-firmware-nfp-20210208-150300.4.7.1
kernel-firmware-nvidia-20210208-150300.4.7.1
kernel-firmware-platform-20210208-150300.4.7.1
kernel-firmware-prestera-20210208-150300.4.7.1
kernel-firmware-qlogic-20210208-150300.4.7.1
kernel-firmware-radeon-20210208-150300.4.7.1
kernel-firmware-realtek-20210208-150300.4.7.1
kernel-firmware-serial-20210208-150300.4.7.1
kernel-firmware-sound-20210208-150300.4.7.1
kernel-firmware-ti-20210208-150300.4.7.1
kernel-firmware-ueagle-20210208-150300.4.7.1
kernel-firmware-usb-network-20210208-150300.4.7.1
ucode-amd-20210208-150300.4.7.1
References:
https://www.suse.com/security/cve/CVE-2021-0066.htmlhttps://www.suse.com/security/cve/CVE-2021-0071.htmlhttps://www.suse.com/security/cve/CVE-2021-0072.htmlhttps://www.suse.com/security/cve/CVE-2021-0076.htmlhttps://www.suse.com/security/cve/CVE-2021-0161.htmlhttps://www.suse.com/security/cve/CVE-2021-0164.htmlhttps://www.suse.com/security/cve/CVE-2021-0165.htmlhttps://www.suse.com/security/cve/CVE-2021-0166.htmlhttps://www.suse.com/security/cve/CVE-2021-0168.htmlhttps://www.suse.com/security/cve/CVE-2021-0170.htmlhttps://www.suse.com/security/cve/CVE-2021-0172.htmlhttps://www.suse.com/security/cve/CVE-2021-0173.htmlhttps://www.suse.com/security/cve/CVE-2021-0174.htmlhttps://www.suse.com/security/cve/CVE-2021-0175.htmlhttps://www.suse.com/security/cve/CVE-2021-0176.htmlhttps://www.suse.com/security/cve/CVE-2021-0183.htmlhttps://www.suse.com/security/cve/CVE-2021-33139.htmlhttps://www.suse.com/security/cve/CVE-2021-33155.htmlhttps://bugzilla.suse.com/1186938https://bugzilla.suse.com/1188662https://bugzilla.suse.com/1192953https://bugzilla.suse.com/1195786https://bugzilla.suse.com/1196333
openSUSE Security Update: Security update for icingaweb2
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0097-1
Rating: important
References: #1196911 #1196913
Cross-References: CVE-2022-24714 CVE-2022-24715
CVSS scores:
CVE-2022-24714 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2022-24715 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-24715 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for icingaweb2 fixes the following issues:
icingaweb2 was updated to 2.8.6
This is a security release.
* Security Fixes
- CVE-2022-24715: SSH resources allow arbitrary code execution for
authenticated users (GHSA-v9mv-h52f-7g63 boo#1196911)
- CVE-2022-24714: Unwanted disclosure of hosts and related data, linked to
decommissioned services (GHSA-qcmg-vr56-x9wf boo#1196913)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-97=1
Package List:
- openSUSE Backports SLE-15-SP3 (noarch):
icingacli-2.8.6-bp153.2.3.1
icingaweb2-2.8.6-bp153.2.3.1
icingaweb2-common-2.8.6-bp153.2.3.1
icingaweb2-vendor-HTMLPurifier-2.8.6-bp153.2.3.1
icingaweb2-vendor-JShrink-2.8.6-bp153.2.3.1
icingaweb2-vendor-Parsedown-2.8.6-bp153.2.3.1
icingaweb2-vendor-dompdf-2.8.6-bp153.2.3.1
icingaweb2-vendor-lessphp-2.8.6-bp153.2.3.1
icingaweb2-vendor-zf1-2.8.6-bp153.2.3.1
php-Icinga-2.8.6-bp153.2.3.1
References:
https://www.suse.com/security/cve/CVE-2022-24714.htmlhttps://www.suse.com/security/cve/CVE-2022-24715.htmlhttps://bugzilla.suse.com/1196911https://bugzilla.suse.com/1196913
openSUSE Security Update: Security update for abcm2ps
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0100-1
Rating: moderate
References: #1197355
Cross-References: CVE-2021-32434 CVE-2021-32435 CVE-2021-32436
CVSS scores:
CVE-2021-32434 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-32435 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-32436 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for abcm2ps fixes the following issues:
Update to 8.14.13:
* fix: don't start/stop slurs above/below decorations
* fix: crash when too many notes in a grace note sequence (#102)
* fix: crash when too big value in M: (#103)
* fix: loop or crash when too big width of y (space) (#104)
* fix: bad font definition with SVG output when spaces in font name
* fix: bad check of note length again (#106)
* fix: handle %%staffscale at the global level (#108)
* fix: bad vertical offset of lyrics when mysic line starts with empty
staves
Update to 8.14.12:
Fixes:
* crash when "%%break 1" and no measure bar in the tune
* crash when duplicated voice ending on %%staves with repeat variant
* crash when voice duplication with symbols without width
* crash or bad output when null value in %%scale
* problem when only bars in 2 voices followed %%staves of the second voice
only
* crash when tuplet error in grace note sequence
* crash when grace note with empty tuplet
* crash when many broken rhythms after a single grace note
* access outside the deco array when error in U:
* crash when !xstem! with no note in the previous voice
* crash on tuplet without any note/rest
* crash when grace notes at end of line and voice overlay
* crash when !trem2! at start of a grace note sequence
* crash when wrong duration in 2 voice overlays and bad ties
* crash when accidental without a note at start of line after K:
(CVE-2021-32435)
* array overflow when wrong duration in voice overlay (CVE-2021-32434,
CVE-2021-32436)
* loss of left margin after first page since previous commit
* no respect of %%leftmargin with -E or -g
* bad placement of chord symbols when in a music line with only invisible
rests
Syntax:
* Accept and remove one or two '%'s at start of all %%beginxxx lines
Generation:
* Move the CSS from XHTML to SVG
Update to 8.14.11:
* fix: error "'staffwidth' too small" when generating sample3.abc
Update to 8.14.10:
* fix: bad glyph when defined by SVG containing 'v' in
* fix: bad check of note length since commit 191fa55
* fix: memory corruption when error in %%staves/%%score
* fix: crash when too big note duration
* fix: crash when staff width too small
Update to 8.14.9:
* fix: bad natural accidental when %%MIDI temperamentequal
Update to 8.14.8:
* fix: no respect the width in %%staffbreak
* fix: don't draw a staff when only %%staffbreak inside
* fix: bad repeat bracket when continued on next line, line starting by a
bar
* fix: bad tuplet bracket again when at end of a voice overlay sequence
* fix: bad tuplet bracket when at end of a voice overlay sequence
* handle '%%MIDI temperamentequal '
* accept '^1' and '_1' as microtone accidentals
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-100=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64):
abcm2ps-8.14.13-bp153.2.3.1
References:
https://www.suse.com/security/cve/CVE-2021-32434.htmlhttps://www.suse.com/security/cve/CVE-2021-32435.htmlhttps://www.suse.com/security/cve/CVE-2021-32436.htmlhttps://bugzilla.suse.com/1197355
openSUSE Security Update: Security update for nextcloud
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0098-1
Rating: moderate
References: #1196905 #1196908 #1196952
Cross-References: CVE-2021-41239 CVE-2021-41241 CVE-2021-41741
CVSS scores:
CVE-2021-41239 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2021-41239 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2021-41241 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2021-41241 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for nextcloud fixes the following issues:
nextcloud was updated to 21.0.9:
- CVE-2021-41239 (CWE-200): user enumeration setting not obeyed in User
Status API (boo#1196905)
- CVE-2021-41241 (CWE-863): groupfolders advanced permissions is not
obeyed for subfolders (boo#1196908)
- CVE-2021-41741 (CWE-400): High memory usage for generating preview of
broken image (boo#1196952)
- For more changes see https://nextcloud.com/changelog/#21-0-9
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-98=1
Package List:
- openSUSE Backports SLE-15-SP3 (noarch):
nextcloud-21.0.9-bp153.2.12.1
nextcloud-apache-21.0.9-bp153.2.12.1
References:
https://www.suse.com/security/cve/CVE-2021-41239.htmlhttps://www.suse.com/security/cve/CVE-2021-41241.htmlhttps://www.suse.com/security/cve/CVE-2021-41741.htmlhttps://bugzilla.suse.com/1196905https://bugzilla.suse.com/1196908https://bugzilla.suse.com/1196952
openSUSE Security Update: Security update for openSUSE-build-key
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0095-1
Rating: moderate
References: #1197293
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for openSUSE-build-key fixes the following issues:
- Disabled the SLE11 build key as SLE11 is EOL now, also key was 1024bit
RSA (removed gpg-pubkey-307e3d54-5aaa90a5.asc) Also obsolete old build
key.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-2022-95=1
Package List:
- openSUSE Leap 15.3 (noarch):
openSUSE-build-key-1.0-lp153.4.8.1
References:
https://bugzilla.suse.com/1197293
openSUSE Security Update: Security update for salt
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:1059-1
Rating: important
References: #1197417
Cross-References: CVE-2022-22934 CVE-2022-22935 CVE-2022-22936
CVE-2022-22941
CVSS scores:
CVE-2022-22934 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22935 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-22936 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-22941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for salt fixes the following issues:
- CVE-2022-22935: Sign authentication replies to prevent MiTM (bsc#1197417)
- CVE-2022-22934: Sign pillar data to prevent MiTM attacks. (bsc#1197417)
- CVE-2022-22936: Prevent job and fileserver replays (bsc#1197417)
- CVE-2022-22941: Fixed targeting bug, especially visible when using
syndic and user auth. (bsc#1197417)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1059=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
python3-salt-3002.2-150300.53.10.1
salt-3002.2-150300.53.10.1
salt-api-3002.2-150300.53.10.1
salt-cloud-3002.2-150300.53.10.1
salt-doc-3002.2-150300.53.10.1
salt-master-3002.2-150300.53.10.1
salt-minion-3002.2-150300.53.10.1
salt-proxy-3002.2-150300.53.10.1
salt-ssh-3002.2-150300.53.10.1
salt-standalone-formulas-configuration-3002.2-150300.53.10.1
salt-syndic-3002.2-150300.53.10.1
salt-transactional-update-3002.2-150300.53.10.1
- openSUSE Leap 15.3 (noarch):
salt-bash-completion-3002.2-150300.53.10.1
salt-fish-completion-3002.2-150300.53.10.1
salt-zsh-completion-3002.2-150300.53.10.1
References:
https://www.suse.com/security/cve/CVE-2022-22934.htmlhttps://www.suse.com/security/cve/CVE-2022-22935.htmlhttps://www.suse.com/security/cve/CVE-2022-22936.htmlhttps://www.suse.com/security/cve/CVE-2022-22941.htmlhttps://bugzilla.suse.com/1197417
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:1037-1
Rating: important
References: #1176447 #1176774 #1178134 #1179439 #1181147
#1191428 #1192273 #1193731 #1193787 #1193864
#1194463 #1194516 #1195211 #1195254 #1195403
#1195612 #1195897 #1195905 #1195939 #1195949
#1195987 #1196079 #1196095 #1196132 #1196155
#1196299 #1196301 #1196433 #1196468 #1196472
#1196627 #1196723 #1196779 #1196830 #1196836
#1196866 #1196868
Cross-References: CVE-2021-0920 CVE-2021-39657 CVE-2021-44879
CVE-2022-0487 CVE-2022-0617 CVE-2022-0644
CVE-2022-24448 CVE-2022-24958 CVE-2022-24959
CVE-2022-25258 CVE-2022-25636 CVE-2022-26490
CVSS scores:
CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2021-44879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-44879 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0487 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-0487 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-0617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-0617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-0644 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-24448 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2022-24448 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-24958 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-24958 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-24959 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-24959 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-25258 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-25258 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-25636 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-25636 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26490 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves 12 vulnerabilities and has 25 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2022-25636: Fixed an issue which allowed a local users to gain
privileges because of a heap out-of-bounds write in nf_dup_netdev.c,
related to nf_tables_offload (bsc#1196299).
- CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An
attacker with adjacent NFC access could trigger crash the system or
corrupt system memory (bsc#1196830).
- CVE-2022-0487: A use-after-free vulnerability was found in
rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c
(bsc#1194516).
- CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY
flag, and tries to open a regular file, nfs_atomic_open() performs a
regular lookup. If a regular file is found, ENOTDIR should have occured,
but the server instead returned uninitialized data in the file
descriptor (bsc#1195612).
- CVE-2022-0617: Fixed a null pointer dereference in UDF file system
functionality. A local user could crash the system by triggering
udf_file_write_iter() via a malicious UDF image. (bsc#1196079)
- CVE-2022-0644: Fixed a denial of service by a local user. A assertion
failure could be triggered in kernel_read_file_from_fd(). (bsc#1196155)
- CVE-2022-25258: The USB Gadget subsystem lacked certain validation of
interface OS descriptor requests, which could have lead to memory
corruption (bsc#1196096).
- CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf
release (bsc#1195905).
- CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in
drivers/net/hamradio/yam.c (bsc#1195897).
- CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were
not considered, which lead to a move_data_page NULL pointer dereference
(bsc#1195987).
- CVE-2021-0920: Fixed a local privilege escalation due to a
use-after-free vulnerability in unix_scm_to_skb of af_unix (bsc#1193731).
- CVE-2021-39657: Fixed an information leak in the Universal Flash Storage
subsystem (bsc#1193864).
The following non-security bugs were fixed:
- ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes).
- ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions
(git-fixes).
- ARM: Fix kgdb breakpoint for Thumb2 (git-fixes).
- ASoC: cs4265: Fix the duplicated control name (git-fixes).
- ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
(git-fixes).
- ASoC: rt5668: do not block workqueue if card is unbound (git-fixes).
- ASoC: rt5682: do not block workqueue if card is unbound (git-fixes).
- Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE
(bsc#1196779).
- EDAC/altera: Fix deferred probing (bsc#1178134).
- HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes).
- HID: add mapping for KEY_DICTATE (git-fixes).
- Hand over the maintainership to SLE15-SP3 maintainers
- IB/hfi1: Correct guard on eager buffer deallocation (git-fixes).
- IB/hfi1: Fix early init panic (git-fixes).
- IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes).
- IB/hfi1: Insure use of smp_processor_id() is preempt disabled
(git-fixes).
- IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes).
- Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes).
- Input: elan_i2c - fix regulator enable count imbalance after
suspend/resume (git-fixes).
- Input: elan_i2c - move regulator_[en|dis]able() out of
elan_[en|dis]able_power() (git-fixes).
- RDMA/bnxt_re: Scan the whole bitmap when checking if "disabling RCFW
with pending cmd-bit" (git-fixes).
- RDMA/cma: Do not change route.addr.src_addr outside state checks
(bsc#1181147).
- RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty
entry (git-fixes).
- RDMA/cma: Remove open coding of overflow checking for private_data_len
(git-fixes).
- RDMA/core: Do not infoleak GRH fields (git-fixes).
- RDMA/core: Let ib_find_gid() continue search even after empty entry
(git-fixes).
- RDMA/cxgb4: Set queue pair state when being queried (git-fixes).
- RDMA/hns: Validate the pkey index (git-fixes).
- RDMA/ib_srp: Fix a deadlock (git-fixes).
- RDMA/mlx4: Do not continue event handler after memory allocation failure
(git-fixes).
- RDMA/rtrs-clt: Fix possible double free in error case (jsc#SLE-15176).
- RDMA/rxe: Fix a typo in opcode name (git-fixes).
- RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes).
- RDMA/uverbs: Check for null return of kmalloc_array (git-fixes).
- RDMA/uverbs: Remove the unnecessary assignment (git-fixes).
- Revert "USB: serial: ch341: add new Product ID for CH341A" (git-fixes).
- SUNRPC: avoid race between mod_timer() and del_timer_sync()
(bnc#1195403).
- USB: gadget: validate endpoint index for xilinx udc (git-fixes).
- USB: gadget: validate interface OS descriptor requests (git-fixes).
- USB: hub: Clean up use of port initialization schemes and retries
(git-fixes).
- USB: serial: option: add Telit LE910R1 compositions (git-fixes).
- USB: serial: option: add support for DW5829e (git-fixes).
- USB: zaurus: support another broken Zaurus (git-fixes).
- arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes).
- asix: fix uninit-value in asix_mdio_read() (git-fixes).
- ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes).
- batman-adv: Do not expect inter-netns unique iflink indices (git-fixes).
- batman-adv: Request iflink once in batadv-on-batadv check (git-fixes).
- batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes).
- blk-mq: do not free tags if the tag_set is used by other device in queue
initialztion (bsc#1193787).
- bnxt_en: Fix active FEC reporting to ethtool (jsc#SLE-16649).
- bnxt_en: Fix incorrect multicast rx mask setting when not requested
(git-fixes).
- bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes).
- bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes).
- bonding: force carrier update when releasing slave (git-fixes).
- can: gs_usb: change active_channels's type from atomic_t to u8
(git-fixes).
- cgroup-v1: Correct privileges check in release_agent writes
(bsc#1196723).
- cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning (bsc#1196868).
- clk: jz4725b: fix mmc0 clock gating (git-fixes).
- cpufreq: schedutil: Use kobject release() method to free (git-fixes)
- cpuset: Fix the bug that subpart_cpus updated wrongly in
update_cpumask() (bsc#1196866).
- cputime, cpuacct: Include guest time in user time in (git-fixes)
- dma-direct: Fix potential NULL pointer dereference (bsc#1196472
ltc#192278).
- dma-mapping: Allow mixing bypass and mapped DMA operation (bsc#1196472
ltc#192278).
- dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes).
- drm/amdgpu: disable MMHUB PG for Picasso (git-fixes).
- drm/edid: Always set RGB444 (git-fixes).
- drm/i915/dg1: Wait for pcode/uncore handshake at startup (bsc#1195211).
- drm/i915/gen11+: Only load DRAM information from pcode (bsc#1195211).
- drm/i915: Nuke not needed members of dram_info (bsc#1195211).
- drm/i915: Remove memory frequency calculation (bsc#1195211).
- drm/i915: Rename is_16gb_dimm to wm_lv_0_adjust_needed (bsc#1195211).
- efivars: Respect "block" flag in efivar_entry_set_safe() (git-fixes).
- exfat: fix i_blocks for files truncated over 4 GiB (git-fixes).
- exfat: fix incorrect loading of i_blocks for large files (git-fixes).
- firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes).
- gpio: rockchip: Reset int_bothedge when changing trigger (git-fixes).
- gpio: tegra186: Fix chip_data type confusion (git-fixes).
- gtp: remove useless rcu_read_lock() (git-fixes).
- hamradio: fix macro redefine warning (git-fixes).
- i2c: bcm2835: Avoid clock stretching timeouts (git-fixes).
- iavf: Fix missing check for running netdev (git-fixes).
- ice: initialize local variable 'tlv' (jsc#SLE-12878).
- igc: igc_read_phy_reg_gpy: drop premature return (git-fixes).
- igc: igc_write_phy_reg_gpy: drop premature return (git-fixes).
- iio: Fix error handling for PM (git-fixes).
- iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits
(git-fixes).
- iio: adc: men_z188_adc: Fix a resource leak in an error handling path
(git-fixes).
- ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc()
(git-fixes).
- mac80211: fix forwarded mesh frames AC & queue selection (git-fixes).
- mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes).
- mac80211_hwsim: report NOACK frames in tx_status (git-fixes).
- mask out added spinlock in rndis_params (git-fixes).
- net/mlx5: Fix possible deadlock on rule deletion (git-fixes).
- net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes).
- net/mlx5: Update the list of the PCI supported devices (git-fixes).
- net/mlx5: Update the list of the PCI supported devices (git-fixes).
- net/mlx5e: Fix modify header actions memory leak (git-fixes).
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
(git-fixes).
- net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes).
- net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes).
- net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets
(jsc#SLE-15172).
- net/sched: act_ct: Fix flow table lookup after ct clear or switching
zones (jsc#SLE-15172).
- net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration
(git-fixes).
- net: ethernet: ti: cpsw: disable PTPv1 hw timestamping advertisement
(git-fixes).
- net: fix up skbs delta_truesize in UDP GRO frag_list (bsc#1176447).
- net: hns3: Clear the CMDQ registers before unmapping BAR region
(git-fixes).
- net: sfc: Replace in_interrupt() usage (git-fixes).
- net: tipc: validate domain record count on input (bsc#1195254).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
(git-fixes).
- netfilter: nf_tables: fix memory leak during stateful obj update
(bsc#1176447).
- netsec: ignore 'phy-mode' device property on ACPI systems (git-fixes).
- nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
(git-fixes).
- nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes).
- ntb: intel: fix port config status offset for SPR (git-fixes).
- nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787).
- nvme-rdma: fix possible use-after-free in transport error_recovery work
(git-fixes).
- nvme-tcp: fix possible use-after-free in transport error_recovery work
(git-fixes).
- nvme: fix a possible use-after-free in controller reset during load
(git-fixes).
- powerpc/dma: Fallback to dma_ops when persistent memory present
(bsc#1196472 ltc#192278). Update config files.
- powerpc/fadump: register for fadump as early as possible (bsc#1179439
ltc#190038).
- powerpc/mm: Remove dcache flush from memory remove (bsc#1196433
ltc#196449).
- powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449).
- powerpc/pseries/iommu: Fix window size for direct mapping with pmem
(bsc#1196472 ltc#192278).
- sched/core: Mitigate race (git-fixes)
- scsi: bnx2fc: Flush destroy_work queue before calling
bnx2fc_interface_put() (git-fixes).
- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes).
- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write()
(git-fixes).
- scsi: nsp_cs: Check of ioremap return value (git-fixes).
- scsi: qedf: Fix potential dereference of NULL pointer (git-fixes).
- scsi: smartpqi: Add PCI IDs (bsc#1196627).
- scsi: ufs: Fix race conditions related to driver data (git-fixes).
- selftests: mlxsw: tc_police_scale: Make test more robust (bsc#1176774).
- soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY)
(git-fixes).
- soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes).
- soc: fsl: qe: Check of ioremap return value (git-fixes).
- spi: spi-zynq-qspi: Fix a NULL pointer dereference in
zynq_qspi_exec_mem_op() (git-fixes).
- sr9700: sanity check for packet length (bsc#1196836).
- tracing: Fix return value of __setup handlers (git-fixes).
- tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes).
- tty: n_gsm: fix proper link termination after failed open (git-fixes).
- usb: dwc2: use well defined macros for power_down (git-fixes).
- usb: dwc3: gadget: Let the interrupt handler disable bottom halves
(git-fixes).
- usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes).
- usb: gadget: rndis: add spinlock for rndis response list (git-fixes).
- usb: hub: Fix usb enumeration issue due to address0 race (git-fixes).
- vrf: Fix fast path output packet handling with async Netfilter rules
(git-fixes).
- xhci: Prevent futile URB re-submissions due to incorrect return value
(git-fixes).
- xhci: re-initialize the HC during resume if HCE was set (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1037=1
Package List:
- openSUSE Leap 15.3 (x86_64):
cluster-md-kmp-azure-5.3.18-150300.38.50.1
cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.50.1
dlm-kmp-azure-5.3.18-150300.38.50.1
dlm-kmp-azure-debuginfo-5.3.18-150300.38.50.1
gfs2-kmp-azure-5.3.18-150300.38.50.1
gfs2-kmp-azure-debuginfo-5.3.18-150300.38.50.1
kernel-azure-5.3.18-150300.38.50.1
kernel-azure-debuginfo-5.3.18-150300.38.50.1
kernel-azure-debugsource-5.3.18-150300.38.50.1
kernel-azure-devel-5.3.18-150300.38.50.1
kernel-azure-devel-debuginfo-5.3.18-150300.38.50.1
kernel-azure-extra-5.3.18-150300.38.50.1
kernel-azure-extra-debuginfo-5.3.18-150300.38.50.1
kernel-azure-livepatch-devel-5.3.18-150300.38.50.1
kernel-azure-optional-5.3.18-150300.38.50.1
kernel-azure-optional-debuginfo-5.3.18-150300.38.50.1
kernel-syms-azure-5.3.18-150300.38.50.1
kselftests-kmp-azure-5.3.18-150300.38.50.1
kselftests-kmp-azure-debuginfo-5.3.18-150300.38.50.1
ocfs2-kmp-azure-5.3.18-150300.38.50.1
ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.50.1
reiserfs-kmp-azure-5.3.18-150300.38.50.1
reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.50.1
- openSUSE Leap 15.3 (noarch):
kernel-devel-azure-5.3.18-150300.38.50.1
kernel-source-azure-5.3.18-150300.38.50.1
References:
https://www.suse.com/security/cve/CVE-2021-0920.htmlhttps://www.suse.com/security/cve/CVE-2021-39657.htmlhttps://www.suse.com/security/cve/CVE-2021-44879.htmlhttps://www.suse.com/security/cve/CVE-2022-0487.htmlhttps://www.suse.com/security/cve/CVE-2022-0617.htmlhttps://www.suse.com/security/cve/CVE-2022-0644.htmlhttps://www.suse.com/security/cve/CVE-2022-24448.htmlhttps://www.suse.com/security/cve/CVE-2022-24958.htmlhttps://www.suse.com/security/cve/CVE-2022-24959.htmlhttps://www.suse.com/security/cve/CVE-2022-25258.htmlhttps://www.suse.com/security/cve/CVE-2022-25636.htmlhttps://www.suse.com/security/cve/CVE-2022-26490.htmlhttps://bugzilla.suse.com/1176447https://bugzilla.suse.com/1176774https://bugzilla.suse.com/1178134https://bugzilla.suse.com/1179439https://bugzilla.suse.com/1181147https://bugzilla.suse.com/1191428https://bugzilla.suse.com/1192273https://bugzilla.suse.com/1193731https://bugzilla.suse.com/1193787https://bugzilla.suse.com/1193864https://bugzilla.suse.com/1194463https://bugzilla.suse.com/1194516https://bugzilla.suse.com/1195211https://bugzilla.suse.com/1195254https://bugzilla.suse.com/1195403https://bugzilla.suse.com/1195612https://bugzilla.suse.com/1195897https://bugzilla.suse.com/1195905https://bugzilla.suse.com/1195939https://bugzilla.suse.com/1195949https://bugzilla.suse.com/1195987https://bugzilla.suse.com/1196079https://bugzilla.suse.com/1196095https://bugzilla.suse.com/1196132https://bugzilla.suse.com/1196155https://bugzilla.suse.com/1196299https://bugzilla.suse.com/1196301https://bugzilla.suse.com/1196433https://bugzilla.suse.com/1196468https://bugzilla.suse.com/1196472https://bugzilla.suse.com/1196627https://bugzilla.suse.com/1196723https://bugzilla.suse.com/1196779https://bugzilla.suse.com/1196830https://bugzilla.suse.com/1196836https://bugzilla.suse.com/1196866https://bugzilla.suse.com/1196868