openSUSE Security Announce
Threads by month
- ----- 2025 -----
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
March 2022
- 1 participants
- 105 discussions
openSUSE-SU-2022:0755-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 08 Mar '22
by opensuse-security@opensuse.org 08 Mar '22
08 Mar '22
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0755-1
Rating: important
References: #1089644 #1154353 #1156395 #1157038 #1157923
#1176447 #1176940 #1178134 #1181147 #1181588
#1183872 #1187716 #1188404 #1189126 #1190812
#1190972 #1191580 #1191655 #1191741 #1192210
#1192483 #1193096 #1193233 #1193243 #1193787
#1194163 #1194967 #1195012 #1195081 #1195142
#1195352 #1195378 #1195476 #1195477 #1195478
#1195479 #1195480 #1195481 #1195482 #1195506
#1195516 #1195543 #1195668 #1195701 #1195798
#1195799 #1195823 #1195908 #1195928 #1195947
#1195957 #1195995 #1196195 #1196235 #1196339
#1196400 #1196403 #1196516 #1196584 #1196601
#1196612 #1196776 SLE-20807 SLE-22135 SLE-22494
Cross-References: CVE-2022-0001 CVE-2022-0002 CVE-2022-0492
CVE-2022-0516 CVE-2022-0847 CVE-2022-25375
CVSS scores:
CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-0492 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-0516 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-0847 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-25375 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-25375 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves 6 vulnerabilities, contains three
features and has 56 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive
various security and bugfixes.
Transient execution side-channel attacks attacking the Branch History
Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch
History Injection" are now mitigated.
The following security bugs were fixed:
- CVE-2022-0847: Fixed a vulnerability were a local attackers could
overwrite data in arbitrary (read-only) files (bsc#1196584).
- CVE-2022-0001: Fixed Branch History Injection vulnerability
(bsc#1191580).
- CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability
(bsc#1191580).
- CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the
RNDIS_MSG_SET command. Attackers can obtain sensitive information from
kernel memory (bsc#1196235).
- CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390
allows kernel memory read/write (bsc#1195516).
- CVE-2022-0492: Fixed a privilege escalation related to cgroups v1
release_agent feature, which allowed bypassing namespace isolation
unexpectedly (bsc#1195543).
The following non-security bugs were fixed:
- ACPI/IORT: Check node revision for PMCG resources (git-fixes).
- ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570
ALC1220 quirks (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes).
- ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after
reboot from Windows (git-fixes).
- ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master
(newer chipset) (git-fixes).
- ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes).
- ALSA: hda: Fix regression on forced probe mask option (git-fixes).
- ALSA: usb-audio: Correct quirk for VF0770 (git-fixes).
- ALSA: usb-audio: initialize variables that could ignore errors
(git-fixes).
- ASoC: Revert "ASoC: mediatek: Check for error clk pointer" (git-fixes).
- ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name
(git-fixes).
- ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes).
- ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes).
- ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw()
(git-fixes).
- ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range()
(git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
(git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
(git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
(git-fixes).
- ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period
bytes (git-fixes).
- Align s390 NVME target options with other architectures (bsc#1188404,
jsc#SLE-22494).
- Bluetooth: refactor malicious adv data check (git-fixes).
- EDAC/xgene: Fix deferred probing (bsc#1178134).
- HID:Add support for UGTABLET WP5540 (git-fixes).
- IB/cm: Avoid a loop when device has 255 ports (git-fixes)
- IB/cma: Do not send IGMP leaves for sendonly Multicast groups
(git-fixes).
- IB/hfi1: Fix AIP early init panic (jsc#SLE-13208).
- IB/hfi1: Fix error return code in parse_platform_config() (git-fixes)
- IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes)
- IB/isert: Fix a use after free in isert_connect_request (git-fixes)
- IB/mlx4: Separate tunnel and wire bufs parameters (git-fixes)
- IB/mlx5: Add missing error code (git-fixes)
- IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex (git-fixes)
- IB/mlx5: Fix error unwinding when set_has_smi_cap fails (git-fixes)
- IB/mlx5: Return appropriate error code instead of ENOMEM (git-fixes)
- IB/umad: Return EIO in case of when device disassociated (git-fixes)
- IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes)
- Input: wm97xx: Simplify resource management (git-fixes).
- KVM: remember position in kvm->vcpus array (bsc#1190972 LTC#194674).
- NFS: Ensure the server had an up to date ctime before renaming
(git-fixes).
- NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957).
- NFSv4: Handle case where the lookup of a directory fails (git-fixes).
- NFSv4: nfs_atomic_open() can race when looking up a non-regular file
(git-fixes).
- PM: hibernate: Remove register_nosave_region_late() (git-fixes).
- PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes).
- PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes).
- RDMA/addr: Be strict with gid size (git-fixes)
- RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes)
- RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal()
(git-fixes)
- RDMA/bnxt_re: Set queue pair state when being queried (git-fixes)
- RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait
(git-fixes)
- RDMA/cma: Use correct address when leaving multicast group (bsc#1181147).
- RDMA/core: Always release restrack object (git-fixes)
- RDMA/core: Do not access cm_id after its destruction (git-fixes)
- RDMA/core: Do not indicate device ready when device enablement fails
(git-fixes)
- RDMA/core: Fix corrupted SL on passive side (git-fixes)
- RDMA/core: Unify RoCE check and re-factor code (git-fixes)
- RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening
server (git-fixes)
- RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes)
- RDMA/cxgb4: Validate the number of CQEs (git-fixes)
- RDMA/cxgb4: add missing qpid increment (git-fixes)
- RDMA/cxgb4: check for ipv6 address properly while destroying listener
(git-fixes)
- RDMA/hns: Add a check for current state before modifying QP (git-fixes)
- RDMA/hns: Remove the portn field in UD SQ WQE (git-fixes)
- RDMA/hns: Remove unnecessary access right set during INIT2INIT
(git-fixes)
- RDMA/i40iw: Address an mmap handler exploit in i40iw (git-fixes)
- RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes)
- RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr()
(git-fixes)
- RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes)
- RDMA/mlx5: Fix query DCT via DEVX (git-fixes)
- RDMA/mlx5: Fix type warning of sizeof in __mlx5_ib_alloc_counters()
(git-fixes)
- RDMA/mlx5: Fix wrong free of blue flame register on error (git-fixes)
- RDMA/mlx5: Issue FW command to destroy SRQ on reentry (git-fixes)
- RDMA/mlx5: Recover from fatal event in dual port mode (git-fixes)
- RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (git-fixes)
- RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd()
(git-fixes)
- RDMA/rxe: Clear all QP fields if creation failed (git-fixes)
- RDMA/rxe: Compute PSN windows correctly (git-fixes)
- RDMA/rxe: Correct skb on loopback path (git-fixes)
- RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes)
- RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes)
- RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes)
- RDMA/rxe: Remove useless code in rxe_recv.c (git-fixes)
- RDMA/siw: Fix a use after free in siw_alloc_mr (git-fixes)
- RDMA/siw: Fix calculation of tx_valid_cpus size (git-fixes)
- RDMA/siw: Fix handling of zero-sized Read and Receive Queues. (git-fixes)
- RDMA/siw: Properly check send and receive CQ pointers (git-fixes)
- RDMA/siw: Release xarray entry (git-fixes)
- RDMA/ucma: Protect mc during concurrent multicast leaves (bsc#1181147).
- RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes)
- RDMA/uverbs: Fix a NULL vs IS_ERR() bug (git-fixes)
- RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes)
- RMDA/sw: Do not allow drivers using dma_virt_ops on highmem configs
(git-fixes)
- USB: core: Fix hang in usb_kill_urb by adding memory barriers
(git-fixes).
- USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
(git-fixes).
- USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes).
- USB: serial: cp210x: add NCR Retail IO box id (git-fixes).
- USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
(git-fixes).
- USB: serial: mos7840: fix probe error handling (git-fixes).
- USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes).
- USB: serial: option: add ZTE MF286D modem (git-fixes).
- ata: libata-core: Disable TRIM on M88V29 (git-fixes).
- ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes).
- blk-cgroup: fix missing put device in error path from blkg_conf_pref()
(bsc#1195481).
- blk-mq: always allow reserved allocation in hctx_may_queue (bsc#1193787).
- blk-mq: avoid to iterate over stale request (bsc#1193787).
- blk-mq: clear stale request in tags->rq before freeing one request pool
(bsc#1193787).
- blk-mq: clearing flush request reference in tags->rqs (bsc#1193787).
- blk-mq: do not grab rq's refcount in blk_mq_check_expired() (bsc#1193787
git-fixes).
- blk-mq: fix is_flush_rq (bsc#1193787 git-fixes).
- blk-mq: fix kernel panic during iterating over flush request
(bsc#1193787 git-fixes).
- blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter
(bsc#1193787).
- blk-mq: introduce blk_mq_set_request_complete (git-fixes).
- blk-mq: mark flush request as IDLE in flush_end_io() (bsc#1193787).
- blk-tag: Hide spin_lock (bsc#1193787).
- block: avoid double io accounting for flush request (bsc#1193787).
- block: do not send a rezise udev event for hidden block device
(bsc#1193096).
- block: mark flush request as IDLE when it is really finished
(bsc#1193787).
- bonding: pair enable_port with slave_arr_updates (git-fixes).
- bpf: Adjust BTF log size limit (git-fixes).
- bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD) (git-fixes).
- btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).
- btrfs: check worker before need_preemptive_reclaim (bsc#1196195).
- btrfs: do not do preemptive flushing if the majority is global rsv
(bsc#1196195).
- btrfs: do not include the global rsv size in the preemptive used amount
(bsc#1196195).
- btrfs: handle preemptive delalloc flushing slightly differently
(bsc#1196195).
- btrfs: make sure SB_I_VERSION does not get unset by remount
(bsc#1192210).
- btrfs: only clamp the first time we have to start flushing (bsc#1196195).
- btrfs: only ignore delalloc if delalloc is much smaller than ordered
(bsc#1196195).
- btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195).
- btrfs: take into account global rsv in need_preemptive_reclaim
(bsc#1196195).
- btrfs: use the global rsv size in the preemptive thresh calculation
(bsc#1196195).
- ceph: properly put ceph_string reference after async create attempt
(bsc#1195798).
- ceph: set pool_ns in new inode layout for async creates (bsc#1195799).
- dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes).
- drm/amdgpu: fix logic inversion in check (git-fixes).
- drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes).
- drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes).
- drm/i915/opregion: check port number bounds for SWSCI display power
state (git-fixes).
- drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes).
- drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes).
- drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV
(git-fixes).
- drm/msm/dsi: Fix missing put_device() call in dsi_get_phy (git-fixes).
- drm/nouveau: fix off by one in BIOS boundary checking (git-fixes).
- drm/panel: simple: Assign data from panel_dpi_probe() correctly
(git-fixes).
- drm/radeon: Fix backlight control on iMac 12,1 (git-fixes).
- drm/rockchip: dw_hdmi: Do not leave clock enabled in error case
(git-fixes).
- drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes).
- drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes).
- drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer
(git-fixes).
- ext4: check for inconsistent extents between index and leaf block
(bsc#1194163 bsc#1196339).
- ext4: check for out-of-order index extents in
ext4_valid_extent_entries() (bsc#1194163 bsc#1196339).
- ext4: fix an use-after-free issue about data=journal writeback mode
(bsc#1195482).
- ext4: make sure quota gets properly shutdown on error (bsc#1195480).
- ext4: prevent partial update of the extent blocks (bsc#1194163
bsc#1196339).
- fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195479).
- fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478).
- gve: Add RX context (bsc#1191655).
- gve: Add a jumbo-frame device option (bsc#1191655).
- gve: Add consumed counts to ethtool stats (bsc#1191655).
- gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655).
- gve: Correct order of processing device options (bsc#1191655).
- gve: Fix GFP flags when allocing pages (git-fixes).
- gve: Fix off by one in gve_tx_timeout() (bsc#1191655).
- gve: Implement packet continuation for RX (bsc#1191655).
- gve: Implement suspend/resume/shutdown (bsc#1191655).
- gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655).
- gve: Recording rx queue before sending to napi (bsc#1191655).
- gve: Recover from queue stall due to missed IRQ (bsc#1191655).
- gve: Update gve_free_queue_page_list signature (bsc#1191655).
- gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655).
- gve: fix for null pointer dereference (bsc#1191655).
- gve: fix the wrong AdminQ buffer queue index check (bsc#1176940).
- gve: fix unmatched u64_stats_update_end() (bsc#1191655).
- gve: remove memory barrier around seqno (bsc#1191655).
- i2c: brcmstb: fix support for DSL and CM variants (git-fixes).
- i40e: Fix for failed to init adminq while VF reset (git-fixes).
- i40e: Fix issue when maximum queues is exceeded (git-fixes).
- i40e: Fix queues reservation for XDP (git-fixes).
- i40e: Increase delay to 1 s after global EMP reset (git-fixes).
- i40e: fix unsigned stat widths (git-fixes).
- i40iw: Add support to make destroy QP synchronous (git-fixes)
- ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391).
- ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391).
- ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391).
- ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391).
- ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668
ltc#195811).
- ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391).
- ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391).
- ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391).
- ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391).
- ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815).
- ice: fix IPIP and SIT TSO offload (git-fixes).
- ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878).
- ima: Allow template selection with ima_template[_fmt]= after ima_hash=
(git-fixes).
- ima: Do not print policy rule with inactive LSM labels (git-fixes).
- ima: Remove ima_policy file before directory (git-fixes).
- integrity: Make function integrity_add_key() static (git-fixes).
- integrity: check the return value of audit_log_start() (git-fixes).
- integrity: double check iint_cache was initialized (git-fixes).
- iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes).
- iommu/amd: Remove useless irq affinity notifier (git-fixes).
- iommu/amd: Restore GA log/tail pointer on host resume (git-fixes).
- iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume
(git-fixes).
- iommu/amd: X2apic mode: re-enable after resume (git-fixes).
- iommu/amd: X2apic mode: setup the INTX registers on mask/unmask
(git-fixes).
- iommu/io-pgtable-arm-v7s: Add error handle for page table allocation
failure (git-fixes).
- iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes).
- iommu/iova: Fix race between FQ timeout and teardown (git-fixes).
- iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()
(git-fixes).
- iwlwifi: fix use-after-free (git-fixes).
- iwlwifi: pcie: fix locking when "HW not ready" (git-fixes).
- iwlwifi: pcie: gen2: fix locking when "HW not ready" (git-fixes).
- ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes).
- kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972
LTC#194674).
- kABI: Fix kABI for AMD IOMMU driver (git-fixes).
- kabi: Hide changes to s390/AP structures (jsc#SLE-20807).
- lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584).
- libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes).
- md/raid5: fix oops during stripe resizing (bsc#1181588).
- misc: fastrpc: avoid double fput() on failed usercopy (git-fixes).
- mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes).
- mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes).
- mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes).
- mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe()
(git-fixes).
- net/ibmvnic: Cleanup workaround doing an EOI after partition migration
(bsc#1089644 ltc#166495 ltc#165544 git-fixes).
- net/mlx5e: Fix handling of wrong devices during bond netevent
(jsc#SLE-15172).
- net: macb: Align the dma and coherent dma masks (git-fixes).
- net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (bsc#1176447).
- net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs
(git-fixes).
- net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible
PHYs (git-fixes).
- net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes).
- net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes).
- nfp: flower: fix ida_idx not being released (bsc#1154353).
- nfsd: allow delegation state ids to be revoked and then freed
(bsc#1192483).
- nfsd: allow lock state ids to be revoked and then freed (bsc#1192483).
- nfsd: allow open state ids to be revoked and then freed (bsc#1192483).
- nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483).
- nfsd: prepare for supporting admin-revocation of state (bsc#1192483).
- nvme-core: use list_add_tail_rcu instead of list_add_tail for
nvme_init_ns_head (git-fixes).
- nvme-fabrics: avoid double completions in nvmf_fail_nonready_command
(git-fixes).
- nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts()
(bsc#1195012).
- nvme-fabrics: ignore invalid fast_io_fail_tmo values (git-fixes).
- nvme-fabrics: remove superfluous nvmf_host_put in nvmf_parse_options
(git-fixes).
- nvme-multipath: fix ANA state updates when a namespace is not present
(git-fixes).
- nvme-tcp: fix data digest pointer calculation (git-fixes).
- nvme-tcp: fix incorrect h2cdata pdu offset accounting (git-fixes).
- nvme-tcp: fix memory leak when freeing a queue (git-fixes).
- nvme-tcp: fix possible use-after-completion (git-fixes).
- nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (git-fixes).
- nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info
(git-fixes).
- nvme: do not return an error from nvme_configure_metadata (git-fixes).
- nvme: fix use after free when disconnecting a reconnecting ctrl
(git-fixes).
- nvme: introduce a nvme_host_path_error helper (git-fixes).
- nvme: let namespace probing continue for unsupported features
(git-fixes).
- nvme: refactor ns->ctrl by request (git-fixes).
- pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured
line (git-fixes).
- pinctrl: intel: fix unexpected interrupt (git-fixes).
- powerpc/64: Move paca allocation later in boot (bsc#1190812).
- powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038
bsc#1157923 ltc#182612 git-fixes).
- powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only
if PMI is pending (bsc#1156395).
- powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for
persistent memory" (bsc#1195995 ltc#196394).
- powerpc/pseries: read the lpar name from the firmware (bsc#1187716
ltc#193451).
- powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812).
- powerpc: add link stack flush mitigation status in debugfs (bsc#1157038
bsc#1157923 ltc#182612 git-fixes).
- rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev
(git-fixes).
- rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev
(git-fixes).
- s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807).
- s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (git-fixes).
- s390/bpf: Fix optimizing out zero-extensions (git-fixes).
- s390/cio: make ccw_device_dma_* more robust (bsc#1193243 LTC#195549).
- s390/cio: verify the driver availability for path_event call
(bsc#1195928 LTC#196418).
- s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195081
LTC#196088).
- s390/cpumf: Support for CPU Measurement Sampling Facility LS bit
(bsc#1195081 LTC#196088).
- s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233
LTC#195540).
- s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967
LTC#196028).
- s390/protvirt: fix error return code in uv_info_init() (jsc#SLE-22135).
- s390/sclp: fix Secure-IPL facility detection (bsc#1191741 LTC#194816).
- s390/uv: add prot virt guest/host indication files (jsc#SLE-22135).
- s390/uv: fix prot virt host indication compilation (jsc#SLE-22135).
- scripts/dtc: only append to HOST_EXTRACFLAGS instead of overwriting
(git-fixes).
- scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h
(bsc#1195506).
- scsi: core: Add limitless cmd retry support (bsc#1195506).
- scsi: core: No retries on abort success (bsc#1195506).
- scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506).
- scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506).
- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
- scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823).
- scsi: qla2xxx: Add marginal path handling support (bsc#1195506).
- scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of
NVMe queues (bsc#1195823).
- scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823).
- scsi: qla2xxx: Add retry for exec firmware (bsc#1195823).
- scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823).
- scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX
adapters (bsc#1195823).
- scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823).
- scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823).
- scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823).
- scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823).
- scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823).
- scsi: qla2xxx: Fix warning for missing error code (bsc#1195823).
- scsi: qla2xxx: Fix warning message due to adisc being flushed
(bsc#1195823).
- scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823).
- scsi: qla2xxx: Implement ref count for SRB (bsc#1195823).
- scsi: qla2xxx: Refactor asynchronous command initialization
(bsc#1195823).
- scsi: qla2xxx: Remove a declaration (bsc#1195823).
- scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t
(bsc#1195823).
- scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823).
- scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
(bsc#1195823).
- scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823).
- scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1195823).
- scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823).
- scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823).
- scsi: qla2xxx: edif: Replace list_for_each_safe with
list_for_each_entry_safe (bsc#1195823).
- scsi: qla2xxx: edif: Tweak trace message (bsc#1195823).
- scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL
(bsc#1195506).
- scsi: scsi_transport_fc: Add store capability to rport port_state in
sysfs (bsc#1195506).
- scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286).
- scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP
devices (bsc#1195378 LTC#196244).
- scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL
(bsc#1195506).
- spi: bcm-qspi: check for valid cs before applying chip select
(git-fixes).
- spi: mediatek: Avoid NULL pointer crash in interrupt (git-fixes).
- spi: meson-spicc: add IRQ check in meson_spicc_probe (git-fixes).
- staging/fbtft: Fix backlight (git-fixes).
- staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes).
- tracing: Do not inc err_log entry count if entry allocation fails
(git-fixes).
- tracing: Dump stacktrace trigger to the corresponding instance
(git-fixes).
- tracing: Fix smatch warning for null glob in event_hist_trigger_parse()
(git-fixes).
- tracing: Have traceon and traceoff trigger honor the instance
(git-fixes).
- tracing: Propagate is_signed to expression (git-fixes).
- tty: Add support for Brainboxes UC cards (git-fixes).
- udf: Fix NULL ptr deref when converting from inline format (bsc#1195476).
- udf: Restore i_lenAlloc when inode expansion fails (bsc#1195477).
- usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
(git-fixes).
- usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes).
- usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend
(git-fixes).
- usb: dwc3: do not set gadget->is_otg flag (git-fixes).
- usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes).
- usb: f_fs: Fix use-after-free for epfile (git-fixes).
- usb: gadget: f_uac2: Define specific wTerminalType (git-fixes).
- usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes).
- usb: gadget: s3c: remove unused 'udc' variable (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition
(git-fixes).
- usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe()
(git-fixes).
- usb: ulpi: Call of_node_put correctly (git-fixes).
- usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes).
- xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP
(git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-755=1
Package List:
- openSUSE Leap 15.3 (x86_64):
cluster-md-kmp-azure-5.3.18-150300.38.47.1
cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.47.1
dlm-kmp-azure-5.3.18-150300.38.47.1
dlm-kmp-azure-debuginfo-5.3.18-150300.38.47.1
gfs2-kmp-azure-5.3.18-150300.38.47.1
gfs2-kmp-azure-debuginfo-5.3.18-150300.38.47.1
kernel-azure-5.3.18-150300.38.47.1
kernel-azure-debuginfo-5.3.18-150300.38.47.1
kernel-azure-debugsource-5.3.18-150300.38.47.1
kernel-azure-devel-5.3.18-150300.38.47.1
kernel-azure-devel-debuginfo-5.3.18-150300.38.47.1
kernel-azure-extra-5.3.18-150300.38.47.1
kernel-azure-extra-debuginfo-5.3.18-150300.38.47.1
kernel-azure-livepatch-devel-5.3.18-150300.38.47.1
kernel-azure-optional-5.3.18-150300.38.47.1
kernel-azure-optional-debuginfo-5.3.18-150300.38.47.1
kernel-syms-azure-5.3.18-150300.38.47.1
kselftests-kmp-azure-5.3.18-150300.38.47.1
kselftests-kmp-azure-debuginfo-5.3.18-150300.38.47.1
ocfs2-kmp-azure-5.3.18-150300.38.47.1
ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.47.1
reiserfs-kmp-azure-5.3.18-150300.38.47.1
reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.47.1
- openSUSE Leap 15.3 (noarch):
kernel-devel-azure-5.3.18-150300.38.47.1
kernel-source-azure-5.3.18-150300.38.47.1
References:
https://www.suse.com/security/cve/CVE-2022-0001.html
https://www.suse.com/security/cve/CVE-2022-0002.html
https://www.suse.com/security/cve/CVE-2022-0492.html
https://www.suse.com/security/cve/CVE-2022-0516.html
https://www.suse.com/security/cve/CVE-2022-0847.html
https://www.suse.com/security/cve/CVE-2022-25375.html
https://bugzilla.suse.com/1089644
https://bugzilla.suse.com/1154353
https://bugzilla.suse.com/1156395
https://bugzilla.suse.com/1157038
https://bugzilla.suse.com/1157923
https://bugzilla.suse.com/1176447
https://bugzilla.suse.com/1176940
https://bugzilla.suse.com/1178134
https://bugzilla.suse.com/1181147
https://bugzilla.suse.com/1181588
https://bugzilla.suse.com/1183872
https://bugzilla.suse.com/1187716
https://bugzilla.suse.com/1188404
https://bugzilla.suse.com/1189126
https://bugzilla.suse.com/1190812
https://bugzilla.suse.com/1190972
https://bugzilla.suse.com/1191580
https://bugzilla.suse.com/1191655
https://bugzilla.suse.com/1191741
https://bugzilla.suse.com/1192210
https://bugzilla.suse.com/1192483
https://bugzilla.suse.com/1193096
https://bugzilla.suse.com/1193233
https://bugzilla.suse.com/1193243
https://bugzilla.suse.com/1193787
https://bugzilla.suse.com/1194163
https://bugzilla.suse.com/1194967
https://bugzilla.suse.com/1195012
https://bugzilla.suse.com/1195081
https://bugzilla.suse.com/1195142
https://bugzilla.suse.com/1195352
https://bugzilla.suse.com/1195378
https://bugzilla.suse.com/1195476
https://bugzilla.suse.com/1195477
https://bugzilla.suse.com/1195478
https://bugzilla.suse.com/1195479
https://bugzilla.suse.com/1195480
https://bugzilla.suse.com/1195481
https://bugzilla.suse.com/1195482
https://bugzilla.suse.com/1195506
https://bugzilla.suse.com/1195516
https://bugzilla.suse.com/1195543
https://bugzilla.suse.com/1195668
https://bugzilla.suse.com/1195701
https://bugzilla.suse.com/1195798
https://bugzilla.suse.com/1195799
https://bugzilla.suse.com/1195823
https://bugzilla.suse.com/1195908
https://bugzilla.suse.com/1195928
https://bugzilla.suse.com/1195947
https://bugzilla.suse.com/1195957
https://bugzilla.suse.com/1195995
https://bugzilla.suse.com/1196195
https://bugzilla.suse.com/1196235
https://bugzilla.suse.com/1196339
https://bugzilla.suse.com/1196400
https://bugzilla.suse.com/1196403
https://bugzilla.suse.com/1196516
https://bugzilla.suse.com/1196584
https://bugzilla.suse.com/1196601
https://bugzilla.suse.com/1196612
https://bugzilla.suse.com/1196776
1
0
openSUSE-SU-2022:0760-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 08 Mar '22
by opensuse-security@opensuse.org 08 Mar '22
08 Mar '22
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0760-1
Rating: important
References: #1089644 #1154353 #1157038 #1157923 #1176447
#1176940 #1178134 #1181147 #1181588 #1183872
#1187716 #1188404 #1189126 #1190812 #1190972
#1191580 #1191655 #1191741 #1192210 #1192483
#1193096 #1193233 #1193243 #1193787 #1194163
#1194967 #1195012 #1195081 #1195286 #1195352
#1195378 #1195506 #1195516 #1195543 #1195668
#1195701 #1195798 #1195799 #1195823 #1195908
#1195928 #1195947 #1195957 #1195995 #1196195
#1196235 #1196339 #1196373 #1196400 #1196403
#1196516 #1196584 #1196585 #1196601 #1196612
#1196776 SLE-20807 SLE-22135 SLE-22494
Cross-References: CVE-2022-0001 CVE-2022-0002 CVE-2022-0492
CVE-2022-0516 CVE-2022-0847 CVE-2022-25375
CVSS scores:
CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-0492 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-0516 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-0847 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-25375 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-25375 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 6 vulnerabilities, contains three
features and has 50 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security and bugfixes.
Transient execution side-channel attacks attacking the Branch History
Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch
History Injection" are now mitigated.
The following security bugs were fixed:
- CVE-2022-0001: Fixed Branch History Injection vulnerability
(bsc#1191580).
- CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability
(bsc#1191580).
- CVE-2022-0847: Fixed a vulnerability were a local attackers could
overwrite data in arbitrary (read-only) files (bsc#1196584).
- CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the
RNDIS_MSG_SET command. Attackers can obtain sensitive information from
kernel memory (bnc#1196235 ).
- CVE-2022-0492: Fixed a privilege escalation related to cgroups v1
release_agent feature, which allowed bypassing namespace isolation
unexpectedly (bsc#1195543).
- CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390
allows kernel memory read/write (bsc#1195516).
The following non-security bugs were fixed:
- ACPI/IORT: Check node revision for PMCG resources (git-fixes).
- ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570
ALC1220 quirks (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes).
- ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after
reboot from Windows (git-fixes).
- ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master
(newer chipset) (git-fixes).
- ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes).
- ALSA: hda: Fix regression on forced probe mask option (git-fixes).
- ASoC: Revert "ASoC: mediatek: Check for error clk pointer" (git-fixes).
- ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw()
(git-fixes).
- ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range()
(git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
(git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
(git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
(git-fixes).
- Align s390 NVME target options with other architectures (bsc#1188404,
jsc#SLE-22494).
- Drop PCI xgene patch that caused a regression for mxl4 (bsc#1195352)
- EDAC/xgene: Fix deferred probing (bsc#1178134).
- HID:Add support for UGTABLET WP5540 (git-fixes).
- IB/cma: Do not send IGMP leaves for sendonly Multicast groups
(git-fixes).
- IB/hfi1: Fix AIP early init panic (jsc#SLE-13208).
- KVM: remember position in kvm->vcpus array (bsc#1190972 LTC#194674).
- NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957).
- PM: hibernate: Remove register_nosave_region_late() (git-fixes).
- PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes).
- RDMA/cma: Use correct address when leaving multicast group (bsc#1181147).
- RDMA/core: Always release restrack object (git-fixes)
- RDMA/cxgb4: check for ipv6 address properly while destroying listener
(git-fixes)
- RDMA/siw: Release xarray entry (git-fixes)
- RDMA/ucma: Protect mc during concurrent multicast leaves (bsc#1181147).
- USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
(git-fixes).
- USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes).
- USB: serial: cp210x: add NCR Retail IO box id (git-fixes).
- USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
(git-fixes).
- USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes).
- USB: serial: option: add ZTE MF286D modem (git-fixes).
- ata: libata-core: Disable TRIM on M88V29 (git-fixes).
- ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes).
- blk-mq: always allow reserved allocation in hctx_may_queue (bsc#1193787).
- blk-mq: avoid to iterate over stale request (bsc#1193787).
- blk-mq: clear stale request in tags->rq before freeing one request pool
(bsc#1193787).
- blk-mq: clearing flush request reference in tags->rqs (bsc#1193787).
- blk-mq: do not grab rq's refcount in blk_mq_check_expired() (bsc#1193787
git-fixes).
- blk-mq: fix is_flush_rq (bsc#1193787 git-fixes).
- blk-mq: fix kernel panic during iterating over flush request
(bsc#1193787 git-fixes).
- blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter
(bsc#1193787).
- blk-mq: mark flush request as IDLE in flush_end_io() (bsc#1193787).
- blk-tag: Hide spin_lock (bsc#1193787).
- block: avoid double io accounting for flush request (bsc#1193787).
- block: do not send a rezise udev event for hidden block device
(bsc#1193096).
- block: mark flush request as IDLE when it is really finished
(bsc#1193787).
- bonding: pair enable_port with slave_arr_updates (git-fixes).
- bpf: Adjust BTF log size limit (git-fixes).
- bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD) (git-fixes).
- btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).
- btrfs: check worker before need_preemptive_reclaim (bsc#1196195).
- btrfs: do not do preemptive flushing if the majority is global rsv
(bsc#1196195).
- btrfs: do not include the global rsv size in the preemptive used amount
(bsc#1196195).
- btrfs: handle preemptive delalloc flushing slightly differently
(bsc#1196195).
- btrfs: make sure SB_I_VERSION does not get unset by remount
(bsc#1192210).
- btrfs: only clamp the first time we have to start flushing (bsc#1196195).
- btrfs: only ignore delalloc if delalloc is much smaller than ordered
(bsc#1196195).
- btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195).
- btrfs: take into account global rsv in need_preemptive_reclaim
(bsc#1196195).
- btrfs: use the global rsv size in the preemptive thresh calculation
(bsc#1196195).
- ceph: properly put ceph_string reference after async create attempt
(bsc#1195798).
- ceph: set pool_ns in new inode layout for async creates (bsc#1195799).
- drm/amdgpu: fix logic inversion in check (git-fixes).
- drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes).
- drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes).
- drm/i915/opregion: check port number bounds for SWSCI display power
state (git-fixes).
- drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes).
- drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV
(git-fixes).
- drm/panel: simple: Assign data from panel_dpi_probe() correctly
(git-fixes).
- drm/radeon: Fix backlight control on iMac 12,1 (git-fixes).
- drm/rockchip: dw_hdmi: Do not leave clock enabled in error case
(git-fixes).
- drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes).
- drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes).
- drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer
(git-fixes).
- ext4: check for inconsistent extents between index and leaf block
(bsc#1194163 bsc#1196339).
- ext4: check for out-of-order index extents in
ext4_valid_extent_entries() (bsc#1194163 bsc#1196339).
- ext4: prevent partial update of the extent blocks (bsc#1194163
bsc#1196339).
- gve: Add RX context (bsc#1191655).
- gve: Add a jumbo-frame device option (bsc#1191655).
- gve: Add consumed counts to ethtool stats (bsc#1191655).
- gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655).
- gve: Correct order of processing device options (bsc#1191655).
- gve: Fix GFP flags when allocing pages (git-fixes).
- gve: Fix off by one in gve_tx_timeout() (bsc#1191655).
- gve: Implement packet continuation for RX (bsc#1191655).
- gve: Implement suspend/resume/shutdown (bsc#1191655).
- gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655).
- gve: Recording rx queue before sending to napi (bsc#1191655).
- gve: Recover from queue stall due to missed IRQ (bsc#1191655).
- gve: Update gve_free_queue_page_list signature (bsc#1191655).
- gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655).
- gve: fix for null pointer dereference (bsc#1191655).
- gve: fix the wrong AdminQ buffer queue index check (bsc#1176940).
- gve: fix unmatched u64_stats_update_end() (bsc#1191655).
- gve: remove memory barrier around seqno (bsc#1191655).
- i2c: brcmstb: fix support for DSL and CM variants (git-fixes).
- i40e: Fix for failed to init adminq while VF reset (git-fixes).
- i40e: Fix issue when maximum queues is exceeded (git-fixes).
- i40e: Fix queues reservation for XDP (git-fixes).
- i40e: Increase delay to 1 s after global EMP reset (git-fixes).
- i40e: fix unsigned stat widths (git-fixes).
- ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391).
- ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391).
- ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391).
- ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391).
- ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668
ltc#195811).
- ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391).
- ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391).
- ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391).
- ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391).
- ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815).
- ice: fix IPIP and SIT TSO offload (git-fixes).
- ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878).
- ima: Allow template selection with ima_template[_fmt]= after ima_hash=
(git-fixes).
- ima: Do not print policy rule with inactive LSM labels (git-fixes).
- ima: Remove ima_policy file before directory (git-fixes).
- integrity: Make function integrity_add_key() static (git-fixes).
- integrity: check the return value of audit_log_start() (git-fixes).
- integrity: double check iint_cache was initialized (git-fixes).
- iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes).
- iommu/amd: Remove useless irq affinity notifier (git-fixes).
- iommu/amd: Restore GA log/tail pointer on host resume (git-fixes).
- iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume
(git-fixes).
- iommu/amd: X2apic mode: re-enable after resume (git-fixes).
- iommu/amd: X2apic mode: setup the INTX registers on mask/unmask
(git-fixes).
- iommu/io-pgtable-arm-v7s: Add error handle for page table allocation
failure (git-fixes).
- iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes).
- iommu/iova: Fix race between FQ timeout and teardown (git-fixes).
- iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()
(git-fixes).
- iwlwifi: fix use-after-free (git-fixes).
- iwlwifi: pcie: fix locking when "HW not ready" (git-fixes).
- iwlwifi: pcie: gen2: fix locking when "HW not ready" (git-fixes).
- ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes).
- kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972
LTC#194674).
- kABI: Fix kABI for AMD IOMMU driver (git-fixes).
- kabi: Hide changes to s390/AP structures (jsc#SLE-20807).
- lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584).
- libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes).
- md/raid5: fix oops during stripe resizing (bsc#1181588).
- misc: fastrpc: avoid double fput() on failed usercopy (git-fixes).
- mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes).
- mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes).
- mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes).
- mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe()
(git-fixes).
- net/ibmvnic: Cleanup workaround doing an EOI after partition migration
(bsc#1089644 ltc#166495 ltc#165544 git-fixes).
- net/mlx5e: Fix handling of wrong devices during bond netevent
(jsc#SLE-15172).
- net: macb: Align the dma and coherent dma masks (git-fixes).
- net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (bsc#1176447).
- net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs
(git-fixes).
- net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible
PHYs (git-fixes).
- net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes).
- net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes).
- nfp: flower: fix ida_idx not being released (bsc#1154353).
- nfsd: allow delegation state ids to be revoked and then freed
(bsc#1192483).
- nfsd: allow lock state ids to be revoked and then freed (bsc#1192483).
- nfsd: allow open state ids to be revoked and then freed (bsc#1192483).
- nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483).
- nfsd: prepare for supporting admin-revocation of state (bsc#1192483).
- nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts()
(bsc#1195012).
- nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info
(git-fixes).
- nvme: do not return an error from nvme_configure_metadata (git-fixes).
- nvme: let namespace probing continue for unsupported features
(git-fixes).
- powerpc/64: Move paca allocation later in boot (bsc#1190812).
- powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038
bsc#1157923 ltc#182612 git-fixes).
- powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for
persistent memory" (bsc#1195995 ltc#196394).
- powerpc/pseries: read the lpar name from the firmware (bsc#1187716
ltc#193451).
- powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812).
- powerpc: add link stack flush mitigation status in debugfs (bsc#1157038
bsc#1157923 ltc#182612 git-fixes).
- s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807).
- s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (git-fixes).
- s390/bpf: Fix optimizing out zero-extensions (git-fixes).
- s390/cio: make ccw_device_dma_* more robust (bsc#1193243 LTC#195549).
- s390/cio: verify the driver availability for path_event call
(bsc#1195928 LTC#196418).
- s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195081
LTC#196088).
- s390/cpumf: Support for CPU Measurement Sampling Facility LS bit
(bsc#1195081 LTC#196088).
- s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233
LTC#195540).
- s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967
LTC#196028).
- s390/protvirt: fix error return code in uv_info_init() (jsc#SLE-22135).
- s390/sclp: fix Secure-IPL facility detection (bsc#1191741 LTC#194816).
- s390/uv: add prot virt guest/host indication files (jsc#SLE-22135).
- s390/uv: fix prot virt host indication compilation (jsc#SLE-22135).
- scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h
(bsc#1195506).
- scsi: core: Add limitless cmd retry support (bsc#1195506).
- scsi: core: No retries on abort success (bsc#1195506).
- scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506).
- scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506).
- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
- scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823).
- scsi: qla2xxx: Add marginal path handling support (bsc#1195506).
- scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of
NVMe queues (bsc#1195823).
- scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823).
- scsi: qla2xxx: Add retry for exec firmware (bsc#1195823).
- scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823).
- scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX
adapters (bsc#1195823).
- scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823).
- scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823).
- scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823).
- scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823).
- scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823).
- scsi: qla2xxx: Fix warning for missing error code (bsc#1195823).
- scsi: qla2xxx: Fix warning message due to adisc being flushed
(bsc#1195823).
- scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823).
- scsi: qla2xxx: Implement ref count for SRB (bsc#1195823).
- scsi: qla2xxx: Refactor asynchronous command initialization
(bsc#1195823).
- scsi: qla2xxx: Remove a declaration (bsc#1195823).
- scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t
(bsc#1195823).
- scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823).
- scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
(bsc#1195823).
- scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823).
- scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1195823).
- scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823).
- scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823).
- scsi: qla2xxx: edif: Replace list_for_each_safe with
list_for_each_entry_safe (bsc#1195823).
- scsi: qla2xxx: edif: Tweak trace message (bsc#1195823).
- scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL
(bsc#1195506).
- scsi: scsi_transport_fc: Add store capability to rport port_state in
sysfs (bsc#1195506).
- scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286).
- scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP
devices (bsc#1195378 LTC#196244).
- scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL
(bsc#1195506).
- staging/fbtft: Fix backlight (git-fixes).
- staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes).
- tracing: Do not inc err_log entry count if entry allocation fails
(git-fixes).
- tracing: Dump stacktrace trigger to the corresponding instance
(git-fixes).
- tracing: Fix smatch warning for null glob in event_hist_trigger_parse()
(git-fixes).
- tracing: Have traceon and traceoff trigger honor the instance
(git-fixes).
- tracing: Propagate is_signed to expression (git-fixes).
- usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes).
- usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend
(git-fixes).
- usb: dwc3: do not set gadget->is_otg flag (git-fixes).
- usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes).
- usb: f_fs: Fix use-after-free for epfile (git-fixes).
- usb: gadget: f_uac2: Define specific wTerminalType (git-fixes).
- usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes).
- usb: gadget: s3c: remove unused 'udc' variable (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition
(git-fixes).
- usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe()
(git-fixes).
- usb: ulpi: Call of_node_put correctly (git-fixes).
- usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-760=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-760=1
Package List:
- openSUSE Leap 15.4 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-150300.59.54.1
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.54.1
dlm-kmp-preempt-5.3.18-150300.59.54.1
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.54.1
gfs2-kmp-preempt-5.3.18-150300.59.54.1
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.54.1
kernel-preempt-5.3.18-150300.59.54.1
kernel-preempt-debuginfo-5.3.18-150300.59.54.1
kernel-preempt-debugsource-5.3.18-150300.59.54.1
kernel-preempt-devel-5.3.18-150300.59.54.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.54.1
kernel-preempt-extra-5.3.18-150300.59.54.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.54.1
kernel-preempt-livepatch-devel-5.3.18-150300.59.54.1
kernel-preempt-optional-5.3.18-150300.59.54.1
kernel-preempt-optional-debuginfo-5.3.18-150300.59.54.1
kselftests-kmp-preempt-5.3.18-150300.59.54.1
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.54.1
ocfs2-kmp-preempt-5.3.18-150300.59.54.1
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.54.1
reiserfs-kmp-preempt-5.3.18-150300.59.54.1
reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.54.1
- openSUSE Leap 15.4 (aarch64):
dtb-al-5.3.18-150300.59.54.1
dtb-zte-5.3.18-150300.59.54.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-150300.59.54.1
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.54.1
dlm-kmp-default-5.3.18-150300.59.54.1
dlm-kmp-default-debuginfo-5.3.18-150300.59.54.1
gfs2-kmp-default-5.3.18-150300.59.54.1
gfs2-kmp-default-debuginfo-5.3.18-150300.59.54.1
kernel-default-5.3.18-150300.59.54.1
kernel-default-base-5.3.18-150300.59.54.1.150300.18.35.3
kernel-default-base-rebuild-5.3.18-150300.59.54.1.150300.18.35.3
kernel-default-debuginfo-5.3.18-150300.59.54.1
kernel-default-debugsource-5.3.18-150300.59.54.1
kernel-default-devel-5.3.18-150300.59.54.1
kernel-default-devel-debuginfo-5.3.18-150300.59.54.1
kernel-default-extra-5.3.18-150300.59.54.1
kernel-default-extra-debuginfo-5.3.18-150300.59.54.1
kernel-default-livepatch-5.3.18-150300.59.54.1
kernel-default-livepatch-devel-5.3.18-150300.59.54.1
kernel-default-optional-5.3.18-150300.59.54.1
kernel-default-optional-debuginfo-5.3.18-150300.59.54.1
kernel-obs-build-5.3.18-150300.59.54.1
kernel-obs-build-debugsource-5.3.18-150300.59.54.1
kernel-obs-qa-5.3.18-150300.59.54.1
kernel-syms-5.3.18-150300.59.54.1
kselftests-kmp-default-5.3.18-150300.59.54.1
kselftests-kmp-default-debuginfo-5.3.18-150300.59.54.1
ocfs2-kmp-default-5.3.18-150300.59.54.1
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.54.1
reiserfs-kmp-default-5.3.18-150300.59.54.1
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.54.1
- openSUSE Leap 15.3 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-150300.59.54.1
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.54.1
dlm-kmp-preempt-5.3.18-150300.59.54.1
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.54.1
gfs2-kmp-preempt-5.3.18-150300.59.54.1
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.54.1
kernel-preempt-5.3.18-150300.59.54.1
kernel-preempt-debuginfo-5.3.18-150300.59.54.1
kernel-preempt-debugsource-5.3.18-150300.59.54.1
kernel-preempt-devel-5.3.18-150300.59.54.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.54.1
kernel-preempt-extra-5.3.18-150300.59.54.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.54.1
kernel-preempt-livepatch-devel-5.3.18-150300.59.54.1
kernel-preempt-optional-5.3.18-150300.59.54.1
kernel-preempt-optional-debuginfo-5.3.18-150300.59.54.1
kselftests-kmp-preempt-5.3.18-150300.59.54.1
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.54.1
ocfs2-kmp-preempt-5.3.18-150300.59.54.1
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.54.1
reiserfs-kmp-preempt-5.3.18-150300.59.54.1
reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.54.1
- openSUSE Leap 15.3 (ppc64le x86_64):
kernel-debug-5.3.18-150300.59.54.1
kernel-debug-debuginfo-5.3.18-150300.59.54.1
kernel-debug-debugsource-5.3.18-150300.59.54.1
kernel-debug-devel-5.3.18-150300.59.54.1
kernel-debug-devel-debuginfo-5.3.18-150300.59.54.1
kernel-debug-livepatch-devel-5.3.18-150300.59.54.1
kernel-kvmsmall-5.3.18-150300.59.54.1
kernel-kvmsmall-debuginfo-5.3.18-150300.59.54.1
kernel-kvmsmall-debugsource-5.3.18-150300.59.54.1
kernel-kvmsmall-devel-5.3.18-150300.59.54.1
kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.54.1
kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.54.1
- openSUSE Leap 15.3 (aarch64):
cluster-md-kmp-64kb-5.3.18-150300.59.54.1
cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.54.1
dlm-kmp-64kb-5.3.18-150300.59.54.1
dlm-kmp-64kb-debuginfo-5.3.18-150300.59.54.1
dtb-al-5.3.18-150300.59.54.1
dtb-allwinner-5.3.18-150300.59.54.1
dtb-altera-5.3.18-150300.59.54.1
dtb-amd-5.3.18-150300.59.54.1
dtb-amlogic-5.3.18-150300.59.54.1
dtb-apm-5.3.18-150300.59.54.1
dtb-arm-5.3.18-150300.59.54.1
dtb-broadcom-5.3.18-150300.59.54.1
dtb-cavium-5.3.18-150300.59.54.1
dtb-exynos-5.3.18-150300.59.54.1
dtb-freescale-5.3.18-150300.59.54.1
dtb-hisilicon-5.3.18-150300.59.54.1
dtb-lg-5.3.18-150300.59.54.1
dtb-marvell-5.3.18-150300.59.54.1
dtb-mediatek-5.3.18-150300.59.54.1
dtb-nvidia-5.3.18-150300.59.54.1
dtb-qcom-5.3.18-150300.59.54.1
dtb-renesas-5.3.18-150300.59.54.1
dtb-rockchip-5.3.18-150300.59.54.1
dtb-socionext-5.3.18-150300.59.54.1
dtb-sprd-5.3.18-150300.59.54.1
dtb-xilinx-5.3.18-150300.59.54.1
dtb-zte-5.3.18-150300.59.54.1
gfs2-kmp-64kb-5.3.18-150300.59.54.1
gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.54.1
kernel-64kb-5.3.18-150300.59.54.1
kernel-64kb-debuginfo-5.3.18-150300.59.54.1
kernel-64kb-debugsource-5.3.18-150300.59.54.1
kernel-64kb-devel-5.3.18-150300.59.54.1
kernel-64kb-devel-debuginfo-5.3.18-150300.59.54.1
kernel-64kb-extra-5.3.18-150300.59.54.1
kernel-64kb-extra-debuginfo-5.3.18-150300.59.54.1
kernel-64kb-livepatch-devel-5.3.18-150300.59.54.1
kernel-64kb-optional-5.3.18-150300.59.54.1
kernel-64kb-optional-debuginfo-5.3.18-150300.59.54.1
kselftests-kmp-64kb-5.3.18-150300.59.54.1
kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.54.1
ocfs2-kmp-64kb-5.3.18-150300.59.54.1
ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.54.1
reiserfs-kmp-64kb-5.3.18-150300.59.54.1
reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.54.1
- openSUSE Leap 15.3 (noarch):
kernel-devel-5.3.18-150300.59.54.1
kernel-docs-5.3.18-150300.59.54.1
kernel-docs-html-5.3.18-150300.59.54.1
kernel-macros-5.3.18-150300.59.54.1
kernel-source-5.3.18-150300.59.54.1
kernel-source-vanilla-5.3.18-150300.59.54.1
- openSUSE Leap 15.3 (s390x):
kernel-zfcpdump-5.3.18-150300.59.54.1
kernel-zfcpdump-debuginfo-5.3.18-150300.59.54.1
kernel-zfcpdump-debugsource-5.3.18-150300.59.54.1
References:
https://www.suse.com/security/cve/CVE-2022-0001.html
https://www.suse.com/security/cve/CVE-2022-0002.html
https://www.suse.com/security/cve/CVE-2022-0492.html
https://www.suse.com/security/cve/CVE-2022-0516.html
https://www.suse.com/security/cve/CVE-2022-0847.html
https://www.suse.com/security/cve/CVE-2022-25375.html
https://bugzilla.suse.com/1089644
https://bugzilla.suse.com/1154353
https://bugzilla.suse.com/1157038
https://bugzilla.suse.com/1157923
https://bugzilla.suse.com/1176447
https://bugzilla.suse.com/1176940
https://bugzilla.suse.com/1178134
https://bugzilla.suse.com/1181147
https://bugzilla.suse.com/1181588
https://bugzilla.suse.com/1183872
https://bugzilla.suse.com/1187716
https://bugzilla.suse.com/1188404
https://bugzilla.suse.com/1189126
https://bugzilla.suse.com/1190812
https://bugzilla.suse.com/1190972
https://bugzilla.suse.com/1191580
https://bugzilla.suse.com/1191655
https://bugzilla.suse.com/1191741
https://bugzilla.suse.com/1192210
https://bugzilla.suse.com/1192483
https://bugzilla.suse.com/1193096
https://bugzilla.suse.com/1193233
https://bugzilla.suse.com/1193243
https://bugzilla.suse.com/1193787
https://bugzilla.suse.com/1194163
https://bugzilla.suse.com/1194967
https://bugzilla.suse.com/1195012
https://bugzilla.suse.com/1195081
https://bugzilla.suse.com/1195286
https://bugzilla.suse.com/1195352
https://bugzilla.suse.com/1195378
https://bugzilla.suse.com/1195506
https://bugzilla.suse.com/1195516
https://bugzilla.suse.com/1195543
https://bugzilla.suse.com/1195668
https://bugzilla.suse.com/1195701
https://bugzilla.suse.com/1195798
https://bugzilla.suse.com/1195799
https://bugzilla.suse.com/1195823
https://bugzilla.suse.com/1195908
https://bugzilla.suse.com/1195928
https://bugzilla.suse.com/1195947
https://bugzilla.suse.com/1195957
https://bugzilla.suse.com/1195995
https://bugzilla.suse.com/1196195
https://bugzilla.suse.com/1196235
https://bugzilla.suse.com/1196339
https://bugzilla.suse.com/1196373
https://bugzilla.suse.com/1196400
https://bugzilla.suse.com/1196403
https://bugzilla.suse.com/1196516
https://bugzilla.suse.com/1196584
https://bugzilla.suse.com/1196585
https://bugzilla.suse.com/1196601
https://bugzilla.suse.com/1196612
https://bugzilla.suse.com/1196776
1
0
openSUSE-SU-2022:0743-1: important: Security update for cyrus-sasl
by opensuse-security@opensuse.org 08 Mar '22
by opensuse-security@opensuse.org 08 Mar '22
08 Mar '22
openSUSE Security Update: Security update for cyrus-sasl
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0743-1
Rating: important
References: #1194265 #1196036
Cross-References: CVE-2022-24407
CVSS scores:
CVE-2022-24407 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-24407 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for cyrus-sasl fixes the following issues:
- CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in
plugins/sql.c (bsc#1196036).
The following non-security bugs were fixed:
- postfix: sasl authentication with password fails (bsc#1194265).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-743=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-743=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
cyrus-sasl-2.1.27-150300.4.6.1
cyrus-sasl-bdb-2.1.27-150300.4.6.1
cyrus-sasl-bdb-crammd5-2.1.27-150300.4.6.1
cyrus-sasl-bdb-crammd5-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-bdb-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-bdb-debugsource-2.1.27-150300.4.6.1
cyrus-sasl-bdb-devel-2.1.27-150300.4.6.1
cyrus-sasl-bdb-digestmd5-2.1.27-150300.4.6.1
cyrus-sasl-bdb-digestmd5-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-bdb-gs2-2.1.27-150300.4.6.1
cyrus-sasl-bdb-gs2-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-bdb-gssapi-2.1.27-150300.4.6.1
cyrus-sasl-bdb-gssapi-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-bdb-ntlm-2.1.27-150300.4.6.1
cyrus-sasl-bdb-ntlm-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-bdb-otp-2.1.27-150300.4.6.1
cyrus-sasl-bdb-otp-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-bdb-plain-2.1.27-150300.4.6.1
cyrus-sasl-bdb-plain-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-bdb-scram-2.1.27-150300.4.6.1
cyrus-sasl-bdb-scram-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-crammd5-2.1.27-150300.4.6.1
cyrus-sasl-crammd5-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-debugsource-2.1.27-150300.4.6.1
cyrus-sasl-devel-2.1.27-150300.4.6.1
cyrus-sasl-digestmd5-2.1.27-150300.4.6.1
cyrus-sasl-digestmd5-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-gs2-2.1.27-150300.4.6.1
cyrus-sasl-gs2-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-gssapi-2.1.27-150300.4.6.1
cyrus-sasl-gssapi-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-ldap-auxprop-2.1.27-150300.4.6.1
cyrus-sasl-ldap-auxprop-bdb-2.1.27-150300.4.6.1
cyrus-sasl-ldap-auxprop-bdb-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-ldap-auxprop-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-ntlm-2.1.27-150300.4.6.1
cyrus-sasl-ntlm-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-otp-2.1.27-150300.4.6.1
cyrus-sasl-otp-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-plain-2.1.27-150300.4.6.1
cyrus-sasl-plain-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-saslauthd-2.1.27-150300.4.6.1
cyrus-sasl-saslauthd-bdb-2.1.27-150300.4.6.1
cyrus-sasl-saslauthd-bdb-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-saslauthd-bdb-debugsource-2.1.27-150300.4.6.1
cyrus-sasl-saslauthd-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-saslauthd-debugsource-2.1.27-150300.4.6.1
cyrus-sasl-scram-2.1.27-150300.4.6.1
cyrus-sasl-scram-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-sqlauxprop-2.1.27-150300.4.6.1
cyrus-sasl-sqlauxprop-bdb-2.1.27-150300.4.6.1
cyrus-sasl-sqlauxprop-bdb-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-sqlauxprop-debuginfo-2.1.27-150300.4.6.1
libsasl2-3-2.1.27-150300.4.6.1
libsasl2-3-debuginfo-2.1.27-150300.4.6.1
- openSUSE Leap 15.4 (x86_64):
cyrus-sasl-32bit-2.1.27-150300.4.6.1
cyrus-sasl-32bit-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-crammd5-32bit-2.1.27-150300.4.6.1
cyrus-sasl-crammd5-32bit-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-devel-32bit-2.1.27-150300.4.6.1
cyrus-sasl-digestmd5-32bit-2.1.27-150300.4.6.1
cyrus-sasl-digestmd5-32bit-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-gssapi-32bit-2.1.27-150300.4.6.1
cyrus-sasl-gssapi-32bit-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-ldap-auxprop-32bit-2.1.27-150300.4.6.1
cyrus-sasl-ldap-auxprop-32bit-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-otp-32bit-2.1.27-150300.4.6.1
cyrus-sasl-otp-32bit-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-plain-32bit-2.1.27-150300.4.6.1
cyrus-sasl-plain-32bit-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-sqlauxprop-32bit-2.1.27-150300.4.6.1
cyrus-sasl-sqlauxprop-32bit-debuginfo-2.1.27-150300.4.6.1
libsasl2-3-32bit-2.1.27-150300.4.6.1
libsasl2-3-32bit-debuginfo-2.1.27-150300.4.6.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
cyrus-sasl-2.1.27-150300.4.6.1
cyrus-sasl-bdb-2.1.27-150300.4.6.1
cyrus-sasl-bdb-crammd5-2.1.27-150300.4.6.1
cyrus-sasl-bdb-crammd5-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-bdb-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-bdb-debugsource-2.1.27-150300.4.6.1
cyrus-sasl-bdb-devel-2.1.27-150300.4.6.1
cyrus-sasl-bdb-digestmd5-2.1.27-150300.4.6.1
cyrus-sasl-bdb-digestmd5-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-bdb-gs2-2.1.27-150300.4.6.1
cyrus-sasl-bdb-gs2-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-bdb-gssapi-2.1.27-150300.4.6.1
cyrus-sasl-bdb-gssapi-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-bdb-ntlm-2.1.27-150300.4.6.1
cyrus-sasl-bdb-ntlm-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-bdb-otp-2.1.27-150300.4.6.1
cyrus-sasl-bdb-otp-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-bdb-plain-2.1.27-150300.4.6.1
cyrus-sasl-bdb-plain-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-bdb-scram-2.1.27-150300.4.6.1
cyrus-sasl-bdb-scram-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-crammd5-2.1.27-150300.4.6.1
cyrus-sasl-crammd5-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-debugsource-2.1.27-150300.4.6.1
cyrus-sasl-devel-2.1.27-150300.4.6.1
cyrus-sasl-digestmd5-2.1.27-150300.4.6.1
cyrus-sasl-digestmd5-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-gs2-2.1.27-150300.4.6.1
cyrus-sasl-gs2-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-gssapi-2.1.27-150300.4.6.1
cyrus-sasl-gssapi-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-ldap-auxprop-2.1.27-150300.4.6.1
cyrus-sasl-ldap-auxprop-bdb-2.1.27-150300.4.6.1
cyrus-sasl-ldap-auxprop-bdb-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-ldap-auxprop-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-ntlm-2.1.27-150300.4.6.1
cyrus-sasl-ntlm-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-otp-2.1.27-150300.4.6.1
cyrus-sasl-otp-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-plain-2.1.27-150300.4.6.1
cyrus-sasl-plain-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-saslauthd-2.1.27-150300.4.6.1
cyrus-sasl-saslauthd-bdb-2.1.27-150300.4.6.1
cyrus-sasl-saslauthd-bdb-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-saslauthd-bdb-debugsource-2.1.27-150300.4.6.1
cyrus-sasl-saslauthd-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-saslauthd-debugsource-2.1.27-150300.4.6.1
cyrus-sasl-scram-2.1.27-150300.4.6.1
cyrus-sasl-scram-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-sqlauxprop-2.1.27-150300.4.6.1
cyrus-sasl-sqlauxprop-bdb-2.1.27-150300.4.6.1
cyrus-sasl-sqlauxprop-bdb-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-sqlauxprop-debuginfo-2.1.27-150300.4.6.1
libsasl2-3-2.1.27-150300.4.6.1
libsasl2-3-debuginfo-2.1.27-150300.4.6.1
- openSUSE Leap 15.3 (x86_64):
cyrus-sasl-32bit-2.1.27-150300.4.6.1
cyrus-sasl-32bit-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-crammd5-32bit-2.1.27-150300.4.6.1
cyrus-sasl-crammd5-32bit-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-devel-32bit-2.1.27-150300.4.6.1
cyrus-sasl-digestmd5-32bit-2.1.27-150300.4.6.1
cyrus-sasl-digestmd5-32bit-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-gssapi-32bit-2.1.27-150300.4.6.1
cyrus-sasl-gssapi-32bit-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-ldap-auxprop-32bit-2.1.27-150300.4.6.1
cyrus-sasl-ldap-auxprop-32bit-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-otp-32bit-2.1.27-150300.4.6.1
cyrus-sasl-otp-32bit-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-plain-32bit-2.1.27-150300.4.6.1
cyrus-sasl-plain-32bit-debuginfo-2.1.27-150300.4.6.1
cyrus-sasl-sqlauxprop-32bit-2.1.27-150300.4.6.1
cyrus-sasl-sqlauxprop-32bit-debuginfo-2.1.27-150300.4.6.1
libsasl2-3-32bit-2.1.27-150300.4.6.1
libsasl2-3-32bit-debuginfo-2.1.27-150300.4.6.1
References:
https://www.suse.com/security/cve/CVE-2022-24407.html
https://bugzilla.suse.com/1194265
https://bugzilla.suse.com/1196036
1
0
openSUSE-SU-2022:0077-1: important: Security update for opera
by opensuse-security@opensuse.org 07 Mar '22
by opensuse-security@opensuse.org 07 Mar '22
07 Mar '22
openSUSE Security Update: Security update for opera
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0077-1
Rating: important
References:
Cross-References: CVE-2022-0603 CVE-2022-0604 CVE-2022-0605
CVE-2022-0606 CVE-2022-0607 CVE-2022-0608
CVE-2022-0609 CVE-2022-0610
Affected Products:
openSUSE Leap 15.3:NonFree
______________________________________________________________________________
An update that fixes 8 vulnerabilities is now available.
Description:
This update for opera fixes the following issues:
Opera was updated to 84.0.4316.21:
- CHR-8762 Update chromium on desktop-stable-98-4316 to 98.0.4758.102
- DNA-97333 ���Add a site��� label on start page tile barely visible
- DNA-97691 Opera 84 translations
- DNA-97767 Wrong string in FR
- DNA-97855 Crash at ScopedProfileKeepAlive::~ScopedProfileKeepAlive()
- DNA-97982 Enable #snap-upstream-implementation on all streams
- The update to chromium 98.0.4758.102 fixes following issues:
CVE-2022-0603, CVE-2022-0604, CVE-2022-0605, CVE-2022-0606,
CVE-2022-0607, CVE-2022-0608, CVE-2022-0609, CVE-2022-0610
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:NonFree:
zypper in -t patch openSUSE-2022-77=1
Package List:
- openSUSE Leap 15.3:NonFree (x86_64):
opera-84.0.4316.21-lp153.2.39.1
References:
https://www.suse.com/security/cve/CVE-2022-0603.html
https://www.suse.com/security/cve/CVE-2022-0604.html
https://www.suse.com/security/cve/CVE-2022-0605.html
https://www.suse.com/security/cve/CVE-2022-0606.html
https://www.suse.com/security/cve/CVE-2022-0607.html
https://www.suse.com/security/cve/CVE-2022-0608.html
https://www.suse.com/security/cve/CVE-2022-0609.html
https://www.suse.com/security/cve/CVE-2022-0610.html
1
0
openSUSE-SU-2022:0075-1: important: Security update for chromium
by opensuse-security@opensuse.org 07 Mar '22
by opensuse-security@opensuse.org 07 Mar '22
07 Mar '22
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0075-1
Rating: important
References: #1196641
Cross-References: CVE-2022-0789 CVE-2022-0790 CVE-2022-0791
CVE-2022-0792 CVE-2022-0793 CVE-2022-0794
CVE-2022-0795 CVE-2022-0796 CVE-2022-0797
CVE-2022-0798 CVE-2022-0799 CVE-2022-0800
CVE-2022-0801 CVE-2022-0802 CVE-2022-0803
CVE-2022-0804 CVE-2022-0805 CVE-2022-0806
CVE-2022-0807 CVE-2022-0808 CVE-2022-0809
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes 21 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium 99.0.4844.51 (boo#1196641)
* CVE-2022-0789: Heap buffer overflow in ANGLE
* CVE-2022-0790: Use after free in Cast UI
* CVE-2022-0791: Use after free in Omnibox
* CVE-2022-0792: Out of bounds read in ANGLE
* CVE-2022-0793: Use after free in Views
* CVE-2022-0794: Use after free in WebShare
* CVE-2022-0795: Type Confusion in Blink Layout
* CVE-2022-0796: Use after free in Media
* CVE-2022-0797: Out of bounds memory access in Mojo
* CVE-2022-0798: Use after free in MediaStream
* CVE-2022-0799: Insufficient policy enforcement in Installer
* CVE-2022-0800: Heap buffer overflow in Cast UI
* CVE-2022-0801: Inappropriate implementation in HTML parser
* CVE-2022-0802: Inappropriate implementation in Full screen mode
* CVE-2022-0803: Inappropriate implementation in Permissions
* CVE-2022-0804: Inappropriate implementation in Full screen mode
* CVE-2022-0805: Use after free in Browser Switcher
* CVE-2022-0806: Data leak in Canvas
* CVE-2022-0807: Inappropriate implementation in Autofill
* CVE-2022-0808: Use after free in Chrome OS Shell
* CVE-2022-0809: Out of bounds memory access in WebXR
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-75=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 x86_64):
chromedriver-99.0.4844.51-bp153.2.66.1
chromium-99.0.4844.51-bp153.2.66.1
References:
https://www.suse.com/security/cve/CVE-2022-0789.html
https://www.suse.com/security/cve/CVE-2022-0790.html
https://www.suse.com/security/cve/CVE-2022-0791.html
https://www.suse.com/security/cve/CVE-2022-0792.html
https://www.suse.com/security/cve/CVE-2022-0793.html
https://www.suse.com/security/cve/CVE-2022-0794.html
https://www.suse.com/security/cve/CVE-2022-0795.html
https://www.suse.com/security/cve/CVE-2022-0796.html
https://www.suse.com/security/cve/CVE-2022-0797.html
https://www.suse.com/security/cve/CVE-2022-0798.html
https://www.suse.com/security/cve/CVE-2022-0799.html
https://www.suse.com/security/cve/CVE-2022-0800.html
https://www.suse.com/security/cve/CVE-2022-0801.html
https://www.suse.com/security/cve/CVE-2022-0802.html
https://www.suse.com/security/cve/CVE-2022-0803.html
https://www.suse.com/security/cve/CVE-2022-0804.html
https://www.suse.com/security/cve/CVE-2022-0805.html
https://www.suse.com/security/cve/CVE-2022-0806.html
https://www.suse.com/security/cve/CVE-2022-0807.html
https://www.suse.com/security/cve/CVE-2022-0808.html
https://www.suse.com/security/cve/CVE-2022-0809.html
https://bugzilla.suse.com/1196641
1
0
openSUSE-SU-2022:0074-1: moderate: Security update for perl-App-cpanminus
by opensuse-security@opensuse.org 06 Mar '22
by opensuse-security@opensuse.org 06 Mar '22
06 Mar '22
openSUSE Security Update: Security update for perl-App-cpanminus
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0074-1
Rating: moderate
References:
Cross-References: CVE-2020-16154
CVSS scores:
CVE-2020-16154 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for perl-App-cpanminus fixes the following issues:
updated to 1.7045
see /usr/share/doc/packages/perl-App-cpanminus/Changes
Security fixes:
- [CVE-2020-16154] remove the functionality to verify CHECKSUMS signature
updated to 1.7044
see /usr/share/doc/packages/perl-App-cpanminus/Changes
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-74=1
Package List:
- openSUSE Backports SLE-15-SP3 (noarch):
perl-App-cpanminus-1.7045-bp153.2.3.1
References:
https://www.suse.com/security/cve/CVE-2020-16154.html
1
0
openSUSE-SU-2022:0735-1: important: Security update for zsh
by opensuse-security@opensuse.org 04 Mar '22
by opensuse-security@opensuse.org 04 Mar '22
04 Mar '22
openSUSE Security Update: Security update for zsh
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0735-1
Rating: important
References: #1163882 #1196435
Cross-References: CVE-2019-20044 CVE-2021-45444
CVSS scores:
CVE-2019-20044 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2019-20044 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-45444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-45444 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for zsh fixes the following issues:
- CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands
could be executed related to prompt expansion (bsc#1196435).
- CVE-2019-20044: Fixed a vulnerability where shell privileges would not
be properly dropped when unsetting the PRIVILEGED option (bsc#1163882).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-735=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-735=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
zsh-5.6-7.5.1
zsh-debuginfo-5.6-7.5.1
zsh-debugsource-5.6-7.5.1
zsh-htmldoc-5.6-7.5.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
zsh-5.6-7.5.1
zsh-debuginfo-5.6-7.5.1
zsh-debugsource-5.6-7.5.1
zsh-htmldoc-5.6-7.5.1
References:
https://www.suse.com/security/cve/CVE-2019-20044.html
https://www.suse.com/security/cve/CVE-2021-45444.html
https://bugzilla.suse.com/1163882
https://bugzilla.suse.com/1196435
1
0
openSUSE-SU-2022:0731-1: important: Security update for mariadb
by opensuse-security@opensuse.org 04 Mar '22
by opensuse-security@opensuse.org 04 Mar '22
04 Mar '22
openSUSE Security Update: Security update for mariadb
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0731-1
Rating: important
References: #1195325 #1195334 #1195339 #1196016 SLE-22245
Cross-References: CVE-2021-46657 CVE-2021-46658 CVE-2021-46659
CVE-2021-46661 CVE-2021-46663 CVE-2021-46664
CVE-2021-46665 CVE-2021-46668 CVE-2022-24048
CVE-2022-24050 CVE-2022-24051 CVE-2022-24052
CVSS scores:
CVE-2021-46657 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-46657 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-46658 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-46658 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-46659 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-46659 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-46661 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-46663 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-46663 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-46664 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-46665 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-46668 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-24048 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-24050 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-24051 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-24052 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes 12 vulnerabilities, contains one
feature is now available.
Description:
This update for mariadb fixes the following issues:
- Update to 10.5.15 (bsc#1196016):
* 10.5.15: CVE-2021-46665 CVE-2021-46664 CVE-2021-46661 CVE-2021-46668
CVE-2021-46663
* 10.5.14: CVE-2022-24052 CVE-2022-24051 CVE-2022-24050 CVE-2022-24048
CVE-2021-46659, bsc#1195339
- The following issues have already been fixed in this package but weren't
previously mentioned in the changes file: CVE-2021-46658, bsc#1195334
CVE-2021-46657, bsc#1195325
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-731=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libmariadbd-devel-10.5.15-150300.3.15.1
libmariadbd19-10.5.15-150300.3.15.1
libmariadbd19-debuginfo-10.5.15-150300.3.15.1
mariadb-10.5.15-150300.3.15.1
mariadb-bench-10.5.15-150300.3.15.1
mariadb-bench-debuginfo-10.5.15-150300.3.15.1
mariadb-client-10.5.15-150300.3.15.1
mariadb-client-debuginfo-10.5.15-150300.3.15.1
mariadb-debuginfo-10.5.15-150300.3.15.1
mariadb-debugsource-10.5.15-150300.3.15.1
mariadb-rpm-macros-10.5.15-150300.3.15.1
mariadb-test-10.5.15-150300.3.15.1
mariadb-test-debuginfo-10.5.15-150300.3.15.1
mariadb-tools-10.5.15-150300.3.15.1
mariadb-tools-debuginfo-10.5.15-150300.3.15.1
- openSUSE Leap 15.3 (noarch):
mariadb-errormessages-10.5.15-150300.3.15.1
References:
https://www.suse.com/security/cve/CVE-2021-46657.html
https://www.suse.com/security/cve/CVE-2021-46658.html
https://www.suse.com/security/cve/CVE-2021-46659.html
https://www.suse.com/security/cve/CVE-2021-46661.html
https://www.suse.com/security/cve/CVE-2021-46663.html
https://www.suse.com/security/cve/CVE-2021-46664.html
https://www.suse.com/security/cve/CVE-2021-46665.html
https://www.suse.com/security/cve/CVE-2021-46668.html
https://www.suse.com/security/cve/CVE-2022-24048.html
https://www.suse.com/security/cve/CVE-2022-24050.html
https://www.suse.com/security/cve/CVE-2022-24051.html
https://www.suse.com/security/cve/CVE-2022-24052.html
https://bugzilla.suse.com/1195325
https://bugzilla.suse.com/1195334
https://bugzilla.suse.com/1195339
https://bugzilla.suse.com/1196016
1
0
openSUSE-SU-2022:0736-1: important: Security update for vim
by opensuse-security@opensuse.org 04 Mar '22
by opensuse-security@opensuse.org 04 Mar '22
04 Mar '22
openSUSE Security Update: Security update for vim
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0736-1
Rating: important
References: #1190533 #1190570 #1191893 #1192478 #1192481
#1193294 #1193298 #1194216 #1194556 #1195004
#1195066 #1195126 #1195202 #1195356
Cross-References: CVE-2021-3778 CVE-2021-3796 CVE-2021-3872
CVE-2021-3927 CVE-2021-3928 CVE-2021-3984
CVE-2021-4019 CVE-2021-4193 CVE-2021-46059
CVE-2022-0318 CVE-2022-0319 CVE-2022-0351
CVE-2022-0361 CVE-2022-0413
CVSS scores:
CVE-2021-3778 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-3778 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2021-3796 (NVD) : 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H
CVE-2021-3796 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2021-3872 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-3872 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-3927 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-3927 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-3928 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3928 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-3984 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-3984 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-4019 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-4019 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-4193 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2021-4193 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2021-46059 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0319 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2022-0351 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-0351 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-0361 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-0361 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
CVE-2022-0413 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-0413 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 14 vulnerabilities is now available.
Description:
This update for vim fixes the following issues:
- CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004).
- CVE-2021-3796: Fixed use-after-free in nv_replace() in normal.c
(bsc#1190570).
- CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status()
drawscreen.c (bsc#1191893).
- CVE-2021-3927: Fixed heap-based buffer overflow (bsc#1192481).
- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).
- CVE-2021-4019: Fixed heap-based buffer overflow (bsc#1193294).
- CVE-2021-3984: Fixed illegal memory access when C-indenting could have
led to heap buffer overflow (bsc#1193298).
- CVE-2021-3778: Fixed heap-based buffer overflow in regexp_nfa.c
(bsc#1190533).
- CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216).
- CVE-2021-46059: Fixed pointer dereference vulnerability via the
vim_regexec_multi function at regexp.c (bsc#1194556).
- CVE-2022-0319: Fixded out-of-bounds read (bsc#1195066).
- CVE-2022-0351: Fixed uncontrolled recursion in eval7() (bsc#1195126).
- CVE-2022-0361: Fixed buffer overflow (bsc#1195126).
- CVE-2022-0413: Fixed use-after-free in src/ex_cmds.c (bsc#1195356).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-736=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-736=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
gvim-8.0.1568-5.17.1
gvim-debuginfo-8.0.1568-5.17.1
vim-8.0.1568-5.17.1
vim-debuginfo-8.0.1568-5.17.1
vim-debugsource-8.0.1568-5.17.1
vim-small-8.0.1568-5.17.1
vim-small-debuginfo-8.0.1568-5.17.1
- openSUSE Leap 15.4 (noarch):
vim-data-8.0.1568-5.17.1
vim-data-common-8.0.1568-5.17.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
gvim-8.0.1568-5.17.1
gvim-debuginfo-8.0.1568-5.17.1
vim-8.0.1568-5.17.1
vim-debuginfo-8.0.1568-5.17.1
vim-debugsource-8.0.1568-5.17.1
vim-small-8.0.1568-5.17.1
vim-small-debuginfo-8.0.1568-5.17.1
- openSUSE Leap 15.3 (noarch):
vim-data-8.0.1568-5.17.1
vim-data-common-8.0.1568-5.17.1
References:
https://www.suse.com/security/cve/CVE-2021-3778.html
https://www.suse.com/security/cve/CVE-2021-3796.html
https://www.suse.com/security/cve/CVE-2021-3872.html
https://www.suse.com/security/cve/CVE-2021-3927.html
https://www.suse.com/security/cve/CVE-2021-3928.html
https://www.suse.com/security/cve/CVE-2021-3984.html
https://www.suse.com/security/cve/CVE-2021-4019.html
https://www.suse.com/security/cve/CVE-2021-4193.html
https://www.suse.com/security/cve/CVE-2021-46059.html
https://www.suse.com/security/cve/CVE-2022-0318.html
https://www.suse.com/security/cve/CVE-2022-0319.html
https://www.suse.com/security/cve/CVE-2022-0351.html
https://www.suse.com/security/cve/CVE-2022-0361.html
https://www.suse.com/security/cve/CVE-2022-0413.html
https://bugzilla.suse.com/1190533
https://bugzilla.suse.com/1190570
https://bugzilla.suse.com/1191893
https://bugzilla.suse.com/1192478
https://bugzilla.suse.com/1192481
https://bugzilla.suse.com/1193294
https://bugzilla.suse.com/1193298
https://bugzilla.suse.com/1194216
https://bugzilla.suse.com/1194556
https://bugzilla.suse.com/1195004
https://bugzilla.suse.com/1195066
https://bugzilla.suse.com/1195126
https://bugzilla.suse.com/1195202
https://bugzilla.suse.com/1195356
1
0
openSUSE-SU-2022:0713-1: important: Security update for expat
by opensuse-security@opensuse.org 04 Mar '22
by opensuse-security@opensuse.org 04 Mar '22
04 Mar '22
openSUSE Security Update: Security update for expat
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0713-1
Rating: important
References: #1196025 #1196026 #1196168 #1196169 #1196171
Cross-References: CVE-2022-25235 CVE-2022-25236 CVE-2022-25313
CVE-2022-25314 CVE-2022-25315
CVSS scores:
CVE-2022-25235 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-25235 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-25236 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-25236 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-25313 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-25313 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-25314 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-25314 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-25315 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-25315 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes 5 vulnerabilities is now available.
Description:
This update for expat fixes the following issues:
- CVE-2022-25236: Fixed possible namespace-separator characters insertion
into namespace URIs (bsc#1196025).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context
(bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled
recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-713=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
expat-2.2.5-3.15.1
expat-debuginfo-2.2.5-3.15.1
expat-debugsource-2.2.5-3.15.1
libexpat-devel-2.2.5-3.15.1
libexpat1-2.2.5-3.15.1
libexpat1-debuginfo-2.2.5-3.15.1
- openSUSE Leap 15.3 (x86_64):
expat-32bit-debuginfo-2.2.5-3.15.1
libexpat-devel-32bit-2.2.5-3.15.1
libexpat1-32bit-2.2.5-3.15.1
libexpat1-32bit-debuginfo-2.2.5-3.15.1
References:
https://www.suse.com/security/cve/CVE-2022-25235.html
https://www.suse.com/security/cve/CVE-2022-25236.html
https://www.suse.com/security/cve/CVE-2022-25313.html
https://www.suse.com/security/cve/CVE-2022-25314.html
https://www.suse.com/security/cve/CVE-2022-25315.html
https://bugzilla.suse.com/1196025
https://bugzilla.suse.com/1196026
https://bugzilla.suse.com/1196168
https://bugzilla.suse.com/1196169
https://bugzilla.suse.com/1196171
1
0