April 2022 - openSUSE Security Announce

SUSE-SU-2022:1218-1: important: Security update for SDL2
by opensuse-security＠opensuse.org 14 Apr '22

14 Apr '22

SUSE Security Update: Security update for SDL2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1218-1 Rating: important References: #1198001 Cross-References: CVE-2021-33657 CVSS scores: CVE-2021-33657 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-33657 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for SDL2 fixes the following issues: - CVE-2021-33657: Fix a buffer overflow when parsing a crafted BMP image (bsc#1198001). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1218=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1218=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1218=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1218=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1218=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1218=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1218=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1218=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1218=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1218=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1218=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-1218=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1218=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1218=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1218=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1218=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - openSUSE Leap 15.4 (x86_64): libSDL2-2_0-0-32bit-2.0.8-150200.11.6.1 libSDL2-2_0-0-32bit-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-32bit-2.0.8-150200.11.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - openSUSE Leap 15.3 (x86_64): libSDL2-2_0-0-32bit-2.0.8-150200.11.6.1 libSDL2-2_0-0-32bit-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-32bit-2.0.8-150200.11.6.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - SUSE Manager Proxy 4.1 (x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-32bit-2.0.8-150200.11.6.1 libSDL2-2_0-0-32bit-debuginfo-2.0.8-150200.11.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-32bit-2.0.8-150200.11.6.1 libSDL2-2_0-0-32bit-debuginfo-2.0.8-150200.11.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 References: https://www.suse.com/security/cve/CVE-2021-33657.html https://bugzilla.suse.com/1198001

1 0

openSUSE-SU-2022:0112-1: important: Security update for chromium
by opensuse-security＠opensuse.org 13 Apr '22

13 Apr '22

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0112-1 Rating: important References: #1194511 #1194512 #1194513 #1194514 #1197680 #1198053 #1198361 Cross-References: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-1125 CVE-2022-1127 CVE-2022-1128 CVE-2022-1129 CVE-2022-1130 CVE-2022-1131 CVE-2022-1132 CVE-2022-1133 CVE-2022-1134 CVE-2022-1135 CVE-2022-1136 CVE-2022-1137 CVE-2022-1138 CVE-2022-1139 CVE-2022-1141 CVE-2022-1142 CVE-2022-1143 CVE-2022-1144 CVE-2022-1145 CVE-2022-1146 CVE-2022-1232 CVE-2022-1305 CVE-2022-1306 CVE-2022-1307 CVE-2022-1308 CVE-2022-1309 CVE-2022-1310 CVE-2022-1311 CVE-2022-1312 CVE-2022-1313 CVE-2022-1314 CVE-2022-21824 CVSS scores: CVE-2021-44531 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-44531 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-44532 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-44532 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-44533 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-44533 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21824 (NVD) : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2022-21824 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: openSUSE Backports SLE-15-SP3 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes 35 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Updated to Chromium 100.0.4896.88 (boo#1198361) - CVE-2022-1305: Use after free in storage - CVE-2022-1306: Inappropriate implementation in compositing - CVE-2022-1307: Inappropriate implementation in full screen - CVE-2022-1308: Use after free in BFCache - CVE-2022-1309: Insufficient policy enforcement in developer tools - CVE-2022-1310: Use after free in regular expressions - CVE-2022-1311: Use after free in Chrome OS shell - CVE-2022-1312: Use after free in storage - CVE-2022-1313: Use after free in tab groups - CVE-2022-1314: Type Confusion in V8 - Various fixes from internal audits, fuzzing and other initiatives Updated to version 100.0.4896.75: - CVE-2022-1232: Type Confusion in V8 (boo#1198053) Update to version 100.0.4896.60 (boo#1197680): - CVE-2022-1125: Use after free in Portals - CVE-2022-1127: Use after free in QR Code Generator - CVE-2022-1128: Inappropriate implementation in Web Share API - CVE-2022-1129: Inappropriate implementation in Full Screen Mode - CVE-2022-1130: Insufficient validation of untrusted input in WebOTP - CVE-2022-1131: Use after free in Cast UI - CVE-2022-1132: Inappropriate implementation in Virtual Keyboard - CVE-2022-1133: Use after free in WebRTC - CVE-2022-1134: Type Confusion in V8 - CVE-2022-1135: Use after free in Shopping Cart - CVE-2022-1136: Use after free in Tab Strip - CVE-2022-1137: Inappropriate implementation in Extensions - CVE-2022-1138: Inappropriate implementation in Web Cursor - CVE-2022-1139: Inappropriate implementation in Background Fetch API - CVE-2022-1141: Use after free in File Manager - CVE-2022-1142: Heap buffer overflow in WebUI - CVE-2022-1143: Heap buffer overflow in WebUI - CVE-2022-1144: Use after free in WebUI - CVE-2022-1145: Use after free in Extensions - CVE-2022-1146: Inappropriate implementation in Resource Timing Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-112=1 - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-112=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs14-14.18.3-15.24.1 nodejs14-debuginfo-14.18.3-15.24.1 nodejs14-debugsource-14.18.3-15.24.1 nodejs14-devel-14.18.3-15.24.1 npm14-14.18.3-15.24.1 - openSUSE Leap 15.3 (noarch): nodejs14-docs-14.18.3-15.24.1 - openSUSE Backports SLE-15-SP3 (aarch64 x86_64): chromedriver-100.0.4896.88-bp153.2.82.1 chromedriver-debuginfo-100.0.4896.88-bp153.2.82.1 chromium-100.0.4896.88-bp153.2.82.1 chromium-debuginfo-100.0.4896.88-bp153.2.82.1 References: https://www.suse.com/security/cve/CVE-2021-44531.html https://www.suse.com/security/cve/CVE-2021-44532.html https://www.suse.com/security/cve/CVE-2021-44533.html https://www.suse.com/security/cve/CVE-2022-1125.html https://www.suse.com/security/cve/CVE-2022-1127.html https://www.suse.com/security/cve/CVE-2022-1128.html https://www.suse.com/security/cve/CVE-2022-1129.html https://www.suse.com/security/cve/CVE-2022-1130.html https://www.suse.com/security/cve/CVE-2022-1131.html https://www.suse.com/security/cve/CVE-2022-1132.html https://www.suse.com/security/cve/CVE-2022-1133.html https://www.suse.com/security/cve/CVE-2022-1134.html https://www.suse.com/security/cve/CVE-2022-1135.html https://www.suse.com/security/cve/CVE-2022-1136.html https://www.suse.com/security/cve/CVE-2022-1137.html https://www.suse.com/security/cve/CVE-2022-1138.html https://www.suse.com/security/cve/CVE-2022-1139.html https://www.suse.com/security/cve/CVE-2022-1141.html https://www.suse.com/security/cve/CVE-2022-1142.html https://www.suse.com/security/cve/CVE-2022-1143.html https://www.suse.com/security/cve/CVE-2022-1144.html https://www.suse.com/security/cve/CVE-2022-1145.html https://www.suse.com/security/cve/CVE-2022-1146.html https://www.suse.com/security/cve/CVE-2022-1232.html https://www.suse.com/security/cve/CVE-2022-1305.html https://www.suse.com/security/cve/CVE-2022-1306.html https://www.suse.com/security/cve/CVE-2022-1307.html https://www.suse.com/security/cve/CVE-2022-1308.html https://www.suse.com/security/cve/CVE-2022-1309.html https://www.suse.com/security/cve/CVE-2022-1310.html https://www.suse.com/security/cve/CVE-2022-1311.html https://www.suse.com/security/cve/CVE-2022-1312.html https://www.suse.com/security/cve/CVE-2022-1313.html https://www.suse.com/security/cve/CVE-2022-1314.html https://www.suse.com/security/cve/CVE-2022-21824.html https://bugzilla.suse.com/1194511 https://bugzilla.suse.com/1194512 https://bugzilla.suse.com/1194513 https://bugzilla.suse.com/1194514 https://bugzilla.suse.com/1197680 https://bugzilla.suse.com/1198053 https://bugzilla.suse.com/1198361

1 0

SUSE-SU-2022:1183-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 13 Apr '22

13 Apr '22

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1183-1 Rating: important References: #1065729 #1156395 #1175667 #1177028 #1178134 #1179639 #1180153 #1189562 #1194649 #1195640 #1195926 #1196018 #1196196 #1196478 #1196761 #1196823 #1197227 #1197243 #1197300 #1197302 #1197331 #1197343 #1197366 #1197389 #1197462 #1197501 #1197534 #1197661 #1197675 #1197702 #1197811 #1197812 #1197815 #1197817 #1197819 #1197820 #1197888 #1197889 #1197894 #1197914 #1198027 #1198028 #1198029 #1198030 #1198031 #1198032 #1198033 Cross-References: CVE-2021-45868 CVE-2022-0850 CVE-2022-0854 CVE-2022-1011 CVE-2022-1016 CVE-2022-1048 CVE-2022-1055 CVE-2022-1195 CVE-2022-1198 CVE-2022-1199 CVE-2022-1205 CVE-2022-27666 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVSS scores: CVE-2021-45868 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45868 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0850 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-0854 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0854 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1055 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1055 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1195 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1198 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1199 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1205 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-28388 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28388 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 15 vulnerabilities and has 32 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-1199: Fixed null-ptr-deref and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198028) - CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027) - CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030). - CVE-2022-1195: Fixed an use-after-free vulnerability which could allow a local attacker with a user privilege to execute a denial of service. (bsc#1198029) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) The following non-security bugs were fixed: - ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes). - ACPI: APEI: fix return value of __setup handlers (git-fixes). - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes). - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes). - ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes). - ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes). - ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes). - ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes). - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes). - ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes). - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes). - ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes). - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes). - ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes). - ALSA: spi: Add check for clk_enable() (git-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes). - ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes). - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes). - ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes). - ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes). - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes). - ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes). - ASoC: fsi: Add check for clk_enable (git-fixes). - ASoC: fsl_spdif: Disable TX clock when stop (git-fixes). - ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes). - ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes). - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes). - ASoC: mxs-saif: Handle errors for clk_enable (git-fixes). - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes). - ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes). - ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes). - ASoC: SOF: topology: remove redundant code (git-fixes). - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes). - ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes). - ASoC: topology: Allow TLV control to be either read or write (git-fixes). - ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes). - ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes). - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - block: update io_ticks when io hang (bsc#1197817). - block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes). - bpf: Remove config check to enable bpf support for branch records (git-fixes bsc#1177028). - btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1194649). - btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1194649). - btrfs: avoid unnecessary logging of xattrs during fast fsyncs (bsc#1194649). - btrfs: check error value from btrfs_update_inode in tree log (bsc#1194649). - btrfs: check if a log root exists before locking the log_mutex on unlink (bsc#1194649). - btrfs: check if a log tree exists at inode_logged() (bsc#1194649). - btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1194649). - btrfs: do not log new dentries when logging that a new name exists (bsc#1194649). - btrfs: eliminate some false positives when checking if inode was logged (bsc#1194649). - btrfs: fix race leading to unnecessary transaction commit when logging inode (bsc#1194649). - btrfs: fix race that causes unnecessary logging of ancestor inodes (bsc#1194649). - btrfs: fix race that makes inode logging fallback to transaction commit (bsc#1194649). - btrfs: fix race that results in logging old extents during a fast fsync (bsc#1194649). - btrfs: fixup error handling in fixup_inode_link_counts (bsc#1194649). - btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1194649). - btrfs: Remove unnecessary check from join_running_log_trans (bsc#1194649). - btrfs: remove unnecessary directory inode item update when deleting dir entry (bsc#1194649). - btrfs: remove unnecessary list head initialization when syncing log (bsc#1194649). - btrfs: skip unnecessary searches for xattrs when logging an inode (bsc#1194649). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes). - can: mcba_usb: properly check endpoint type (git-fixes). - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes). - cifs: use the correct max-length for dentry_path_raw() (bsc1196196). - clk: actions: Terminate clk_div_table with sentinel element (git-fixes). - clk: bcm2835: Remove unused variable (git-fixes). - clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes). - clk: imx7d: Remove audio_mclk_root_clk (git-fixes). - clk: Initialize orphan req_rate (git-fixes). - clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes). - clk: nxp: Remove unused variable (git-fixes). - clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes). - clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes). - clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes). - clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes). - clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes). - clk: uniphier: Fix fixed-rate initialization (git-fixes). - clocksource: acpi_pm: fix return value of __setup handler (git-fixes). - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes). - cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes) - crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes). - crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes). - crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes). - crypto: ccree - do not attempt 0 len DMA mappings (git-fixes). - crypto: mxs-dcp - Fix scatterlist processing (git-fixes). - crypto: qat - do not cast parameter in bit operations (git-fixes). - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes). - crypto: rsa-pkcs1pad - restore signature length check (git-fixes). - crypto: vmx - add missing dependencies (git-fixes). - dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501). - driver core: dd: fix return value of __setup handler (git-fixes). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes). - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes). - drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes). - drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes). - drm/doc: overview before functions for drm_writeback.c (git-fixes). - drm/i915: Fix dbuf slice config lookup (git-fixes). - drm/i915/gem: add missing boundary check in vm_access (git-fixes). - drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes). - drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes). - drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes). - drm/msm/dpu: add DSPP blocks teardown (git-fixes). - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes). - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes). - drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes). - drm/vc4: crtc: Make sure the HDMI controller is powered when disabling (git-fixes). - drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes). - ecryptfs: fix kernel panic with null dev_name (bsc#1197812). - ecryptfs: Fix typo in message (bsc#1197811). - ext2: correct max file size computing (bsc#1197820). - firmware: google: Properly state IOMEM dependency (git-fixes). - firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes). - fscrypt: do not ignore minor_hash when hash is 0 (bsc#1197815). - HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243). - hwmon: (pmbus) Add mutex to regulator ops (git-fixes). - hwmon: (pmbus) Add Vin unit off handling (git-fixes). - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes). - hwrng: atmel - disable trng on failure path (git-fixes). - i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes). - ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259). - iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes). - iio: adc: Add check for devm_request_threaded_irq (git-fixes). - iio: afe: rescale: use s64 for temporary scale calculations (git-fixes). - iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes). - iio: inkern: apply consumer scale when no channel scale is available (git-fixes). - iio: inkern: make a best effort on offset calculation (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - iwlwifi: do not advertise TWT support (git-fixes). - KVM: SVM: Do not flush cache if hardware enforces cache coherency across encryption domains (bsc#1178134). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - mac80211: fix potential double free on mesh join (git-fixes). - mac80211: refuse aggregations sessions before authorized (git-fixes). - media: aspeed: Correct value for h-total-pixels (git-fixes). - media: bttv: fix WARNING regression on tunerless devices (git-fixes). - media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM get (git-fixes). - media: em28xx: initialize refcount before kref_get (git-fixes). - media: hantro: Fix overfill bottom register field name (git-fixes). - media: Revert "media: em28xx: add missing em28xx_close_extension" (git-fixes). - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes). - media: usb: go7007: s2250-board: fix leak in probe() (git-fixes). - media: video/hdmi: handle short reads of hdmi info frame (git-fixes). - membarrier: Execute SYNC_CORE on the calling thread (git-fixes) - membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes) - memory: emif: Add check for setup_interrupts (git-fixes). - memory: emif: check the pointer temp in get_device_details() (git-fixes). - misc: alcor_pci: Fix an error handling path (git-fixes). - misc: sgi-gru: Do not cast parameter in bit operations (git-fixes). - mm_zone: add function to check if managed dma zone exists (bsc#1197501). - mm: add vma_lookup(), update find_vma_intersection() comments (git-fixes). - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501). - mmc: davinci_mmc: Handle error for clk_enable (git-fixes). - net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add (git-fixes). - net: enetc: initialize the RFS and RSS memories (git-fixes). - net: hns3: add a check for tqp_index in hclge_get_ring_chain_from_mbx() (git-fixes). - net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes). - net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes). - net: stmmac: set TxQ mode back to DCB after disabling CBS (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net: watchdog: hold device global xmit lock during tx disable (git-fixes). - net/smc: Fix loop in smc_listen (git-fixes). - net/smc: fix using of uninitialized completions (git-fixes). - net/smc: fix wrong list_del in smc_lgr_cleanup_early (git-fixes). - net/smc: Make sure the link_id is unique (git-fixes). - net/smc: Reset conn->lgr when link group registration fails (git-fixes). - netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389). - netxen_nic: fix MSI/MSI-x interrupts (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: Do not skip directory entries when doing uncached readdir (git-fixes). - NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - NFS: Use of mapping_set_error() results in spurious errors (git-fixes). - NFS: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFS: do not retry BIND_CONN_TO_SESSION on session error (git-fixes). - NFS: Fix another issue with a list iterator pointing to the head (git-fixes). - nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes). - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes). - pinctrl: mediatek: paris: Fix "argument" argument type for mtk_pinconf_get() (git-fixes). - pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes). - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes). - pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes). - pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes). - pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes). - pinctrl: samsung: drop pin banks references on error paths (git-fixes). - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes). - PM: hibernate: fix __setup handler error handling (git-fixes). - PM: suspend: fix return value of __setup handler (git-fixes). - powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395). - powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - printk: Add panic_in_progress helper (bsc#1197894). - printk: disable optimistic spin during panic (bsc#1197894). - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes). - regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes). - remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes). - remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes). - s390/bpf: Perform r1 range checking before accessing jit->seen_reg (git-fixes). - s390/gmap: do not unconditionally call pte_unmap_unlock() in __gmap_zap() (git-fixes). - s390/gmap: validate VMA in __gmap_zap() (git-fixes). - s390/hypfs: include z/VM guests with access control group set (bsc#1195640 LTC#196352). - s390/kexec_file: fix error handling when applying relocations (git-fixes). - s390/kexec: fix memory leak of ipl report buffer (git-fixes). - s390/kexec: fix return code handling (git-fixes). - s390/mm: fix VMA and page table handling code in storage key handling functions (git-fixes). - s390/mm: validate VMA in PGSTE manipulation functions (git-fixes). - s390/module: fix loading modules with a lot of relocations (git-fixes). - s390/pci_mmio: fully validate the VMA before calling follow_pte() (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes). - serial: 8250: Fix race condition in RTS-after-send handling (git-fixes). - serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes). - soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes). - soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes). - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes). - soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes). - spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes). - spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes). - staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153). - tcp: change source port randomizarion at connect() time (bsc#1180153). - thermal: int340x: Check for NULL after calling kmemdup() (git-fixes). - thermal: int340x: Increase bitmap size (git-fixes). - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes). - Update config files (bsc#1195926 bsc#1175667). VIRTIO_PCI=m -> VIRTIO_PCI=y - usb: bdc: Adb shows offline after resuming from S2 (git-fixes). - usb: bdc: Fix a resource leak in the error handling path of 'bdc_probe()' (git-fixes). - usb: bdc: Fix unused assignment in bdc_probe() (git-fixes). - usb: bdc: remove duplicated error message (git-fixes). - usb: bdc: Use devm_clk_get_optional() (git-fixes). - usb: bdc: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: gadget: Use list_replace_init() before traversing lists (git-fixes). - usb: dwc3: qcom: add IRQ check (git-fixes). - usb: gadget: bdc: use readl_poll_timeout() to simplify code (git-fixes). - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes). - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes). - usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes). - VFS: filename_create(): fix incorrect intent (bsc#1197534). - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes). - video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes). - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes). - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes). - VMCI: Fix the description of vmci_check_host_caps() (git-fixes). - vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889). - wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes). - wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes). - wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes). - wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes). - x86/cpu: Add hardware-enforced cache coherency as a CPUID feature (bsc#1178134). - x86/mm/pat: Do not flush cache if hardware enforces cache coherency across encryption domnains (bsc#1178134). - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1178134). - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1178134). - xhci: fix garbage USBSTS being logged in some cases (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1183=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1183=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1183=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1183=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-1183=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1183=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1183=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1183=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1183=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-1183=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): cluster-md-kmp-preempt-5.3.18-150300.59.63.1 cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.63.1 dlm-kmp-preempt-5.3.18-150300.59.63.1 dlm-kmp-preempt-debuginfo-5.3.18-150300.59.63.1 gfs2-kmp-preempt-5.3.18-150300.59.63.1 gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.63.1 kernel-preempt-5.3.18-150300.59.63.1 kernel-preempt-debuginfo-5.3.18-150300.59.63.1 kernel-preempt-debugsource-5.3.18-150300.59.63.1 kernel-preempt-devel-5.3.18-150300.59.63.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.63.1 kernel-preempt-extra-5.3.18-150300.59.63.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.63.1 kernel-preempt-livepatch-devel-5.3.18-150300.59.63.1 kernel-preempt-optional-5.3.18-150300.59.63.1 kernel-preempt-optional-debuginfo-5.3.18-150300.59.63.1 kselftests-kmp-preempt-5.3.18-150300.59.63.1 kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.63.1 ocfs2-kmp-preempt-5.3.18-150300.59.63.1 ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.63.1 reiserfs-kmp-preempt-5.3.18-150300.59.63.1 reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.63.1 - openSUSE Leap 15.4 (aarch64): dtb-al-5.3.18-150300.59.63.1 dtb-zte-5.3.18-150300.59.63.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.63.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.63.1 dlm-kmp-default-5.3.18-150300.59.63.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.63.1 gfs2-kmp-default-5.3.18-150300.59.63.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.63.1 kernel-default-5.3.18-150300.59.63.1 kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1 kernel-default-base-rebuild-5.3.18-150300.59.63.1.150300.18.39.1 kernel-default-debuginfo-5.3.18-150300.59.63.1 kernel-default-debugsource-5.3.18-150300.59.63.1 kernel-default-devel-5.3.18-150300.59.63.1 kernel-default-devel-debuginfo-5.3.18-150300.59.63.1 kernel-default-extra-5.3.18-150300.59.63.1 kernel-default-extra-debuginfo-5.3.18-150300.59.63.1 kernel-default-livepatch-5.3.18-150300.59.63.1 kernel-default-livepatch-devel-5.3.18-150300.59.63.1 kernel-default-optional-5.3.18-150300.59.63.1 kernel-default-optional-debuginfo-5.3.18-150300.59.63.1 kernel-obs-build-5.3.18-150300.59.63.1 kernel-obs-build-debugsource-5.3.18-150300.59.63.1 kernel-obs-qa-5.3.18-150300.59.63.1 kernel-syms-5.3.18-150300.59.63.1 kselftests-kmp-default-5.3.18-150300.59.63.1 kselftests-kmp-default-debuginfo-5.3.18-150300.59.63.1 ocfs2-kmp-default-5.3.18-150300.59.63.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.63.1 reiserfs-kmp-default-5.3.18-150300.59.63.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.63.1 - openSUSE Leap 15.3 (aarch64 x86_64): cluster-md-kmp-preempt-5.3.18-150300.59.63.1 cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.63.1 dlm-kmp-preempt-5.3.18-150300.59.63.1 dlm-kmp-preempt-debuginfo-5.3.18-150300.59.63.1 gfs2-kmp-preempt-5.3.18-150300.59.63.1 gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.63.1 kernel-preempt-5.3.18-150300.59.63.1 kernel-preempt-debuginfo-5.3.18-150300.59.63.1 kernel-preempt-debugsource-5.3.18-150300.59.63.1 kernel-preempt-devel-5.3.18-150300.59.63.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.63.1 kernel-preempt-extra-5.3.18-150300.59.63.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.63.1 kernel-preempt-livepatch-devel-5.3.18-150300.59.63.1 kernel-preempt-optional-5.3.18-150300.59.63.1 kernel-preempt-optional-debuginfo-5.3.18-150300.59.63.1 kselftests-kmp-preempt-5.3.18-150300.59.63.1 kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.63.1 ocfs2-kmp-preempt-5.3.18-150300.59.63.1 ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.63.1 reiserfs-kmp-preempt-5.3.18-150300.59.63.1 reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.63.1 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-5.3.18-150300.59.63.1 kernel-debug-debuginfo-5.3.18-150300.59.63.1 kernel-debug-debugsource-5.3.18-150300.59.63.1 kernel-debug-devel-5.3.18-150300.59.63.1 kernel-debug-devel-debuginfo-5.3.18-150300.59.63.1 kernel-debug-livepatch-devel-5.3.18-150300.59.63.1 kernel-kvmsmall-5.3.18-150300.59.63.1 kernel-kvmsmall-debuginfo-5.3.18-150300.59.63.1 kernel-kvmsmall-debugsource-5.3.18-150300.59.63.1 kernel-kvmsmall-devel-5.3.18-150300.59.63.1 kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.63.1 kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.63.1 - openSUSE Leap 15.3 (aarch64): cluster-md-kmp-64kb-5.3.18-150300.59.63.1 cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.63.1 dlm-kmp-64kb-5.3.18-150300.59.63.1 dlm-kmp-64kb-debuginfo-5.3.18-150300.59.63.1 dtb-al-5.3.18-150300.59.63.1 dtb-allwinner-5.3.18-150300.59.63.1 dtb-altera-5.3.18-150300.59.63.1 dtb-amd-5.3.18-150300.59.63.1 dtb-amlogic-5.3.18-150300.59.63.1 dtb-apm-5.3.18-150300.59.63.1 dtb-arm-5.3.18-150300.59.63.1 dtb-broadcom-5.3.18-150300.59.63.1 dtb-cavium-5.3.18-150300.59.63.1 dtb-exynos-5.3.18-150300.59.63.1 dtb-freescale-5.3.18-150300.59.63.1 dtb-hisilicon-5.3.18-150300.59.63.1 dtb-lg-5.3.18-150300.59.63.1 dtb-marvell-5.3.18-150300.59.63.1 dtb-mediatek-5.3.18-150300.59.63.1 dtb-nvidia-5.3.18-150300.59.63.1 dtb-qcom-5.3.18-150300.59.63.1 dtb-renesas-5.3.18-150300.59.63.1 dtb-rockchip-5.3.18-150300.59.63.1 dtb-socionext-5.3.18-150300.59.63.1 dtb-sprd-5.3.18-150300.59.63.1 dtb-xilinx-5.3.18-150300.59.63.1 dtb-zte-5.3.18-150300.59.63.1 gfs2-kmp-64kb-5.3.18-150300.59.63.1 gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.63.1 kernel-64kb-5.3.18-150300.59.63.1 kernel-64kb-debuginfo-5.3.18-150300.59.63.1 kernel-64kb-debugsource-5.3.18-150300.59.63.1 kernel-64kb-devel-5.3.18-150300.59.63.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.63.1 kernel-64kb-extra-5.3.18-150300.59.63.1 kernel-64kb-extra-debuginfo-5.3.18-150300.59.63.1 kernel-64kb-livepatch-devel-5.3.18-150300.59.63.1 kernel-64kb-optional-5.3.18-150300.59.63.1 kernel-64kb-optional-debuginfo-5.3.18-150300.59.63.1 kselftests-kmp-64kb-5.3.18-150300.59.63.1 kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.63.1 ocfs2-kmp-64kb-5.3.18-150300.59.63.1 ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.63.1 reiserfs-kmp-64kb-5.3.18-150300.59.63.1 reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.63.1 - openSUSE Leap 15.3 (noarch): kernel-devel-5.3.18-150300.59.63.1 kernel-docs-5.3.18-150300.59.63.1 kernel-docs-html-5.3.18-150300.59.63.1 kernel-macros-5.3.18-150300.59.63.1 kernel-source-5.3.18-150300.59.63.1 kernel-source-vanilla-5.3.18-150300.59.63.1 - openSUSE Leap 15.3 (s390x): kernel-zfcpdump-5.3.18-150300.59.63.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.63.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.63.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): kernel-default-debuginfo-5.3.18-150300.59.63.1 kernel-default-debugsource-5.3.18-150300.59.63.1 kernel-default-extra-5.3.18-150300.59.63.1 kernel-default-extra-debuginfo-5.3.18-150300.59.63.1 kernel-preempt-debuginfo-5.3.18-150300.59.63.1 kernel-preempt-debugsource-5.3.18-150300.59.63.1 kernel-preempt-extra-5.3.18-150300.59.63.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.63.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.63.1 kernel-default-debugsource-5.3.18-150300.59.63.1 kernel-default-livepatch-5.3.18-150300.59.63.1 kernel-default-livepatch-devel-5.3.18-150300.59.63.1 kernel-livepatch-5_3_18-150300_59_63-default-1-150300.7.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.63.1 kernel-default-debugsource-5.3.18-150300.59.63.1 reiserfs-kmp-default-5.3.18-150300.59.63.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.63.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-150300.59.63.1 kernel-obs-build-debugsource-5.3.18-150300.59.63.1 kernel-syms-5.3.18-150300.59.63.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-150300.59.63.1 kernel-preempt-debugsource-5.3.18-150300.59.63.1 kernel-preempt-devel-5.3.18-150300.59.63.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.63.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): kernel-docs-5.3.18-150300.59.63.1 kernel-source-5.3.18-150300.59.63.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150300.59.63.1 kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1 kernel-default-debuginfo-5.3.18-150300.59.63.1 kernel-default-debugsource-5.3.18-150300.59.63.1 kernel-default-devel-5.3.18-150300.59.63.1 kernel-default-devel-debuginfo-5.3.18-150300.59.63.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): kernel-preempt-5.3.18-150300.59.63.1 kernel-preempt-debuginfo-5.3.18-150300.59.63.1 kernel-preempt-debugsource-5.3.18-150300.59.63.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): kernel-64kb-5.3.18-150300.59.63.1 kernel-64kb-debuginfo-5.3.18-150300.59.63.1 kernel-64kb-debugsource-5.3.18-150300.59.63.1 kernel-64kb-devel-5.3.18-150300.59.63.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.63.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): kernel-devel-5.3.18-150300.59.63.1 kernel-macros-5.3.18-150300.59.63.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): kernel-zfcpdump-5.3.18-150300.59.63.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.63.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.63.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.63.1 kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1 kernel-default-debuginfo-5.3.18-150300.59.63.1 kernel-default-debugsource-5.3.18-150300.59.63.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.63.1 kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1 kernel-default-debuginfo-5.3.18-150300.59.63.1 kernel-default-debugsource-5.3.18-150300.59.63.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.63.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.63.1 dlm-kmp-default-5.3.18-150300.59.63.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.63.1 gfs2-kmp-default-5.3.18-150300.59.63.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.63.1 kernel-default-debuginfo-5.3.18-150300.59.63.1 kernel-default-debugsource-5.3.18-150300.59.63.1 ocfs2-kmp-default-5.3.18-150300.59.63.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.63.1 References: https://www.suse.com/security/cve/CVE-2021-45868.html https://www.suse.com/security/cve/CVE-2022-0850.html https://www.suse.com/security/cve/CVE-2022-0854.html https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1016.html https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-1055.html https://www.suse.com/security/cve/CVE-2022-1195.html https://www.suse.com/security/cve/CVE-2022-1198.html https://www.suse.com/security/cve/CVE-2022-1199.html https://www.suse.com/security/cve/CVE-2022-1205.html https://www.suse.com/security/cve/CVE-2022-27666.html https://www.suse.com/security/cve/CVE-2022-28388.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1175667 https://bugzilla.suse.com/1177028 https://bugzilla.suse.com/1178134 https://bugzilla.suse.com/1179639 https://bugzilla.suse.com/1180153 https://bugzilla.suse.com/1189562 https://bugzilla.suse.com/1194649 https://bugzilla.suse.com/1195640 https://bugzilla.suse.com/1195926 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1196196 https://bugzilla.suse.com/1196478 https://bugzilla.suse.com/1196761 https://bugzilla.suse.com/1196823 https://bugzilla.suse.com/1197227 https://bugzilla.suse.com/1197243 https://bugzilla.suse.com/1197300 https://bugzilla.suse.com/1197302 https://bugzilla.suse.com/1197331 https://bugzilla.suse.com/1197343 https://bugzilla.suse.com/1197366 https://bugzilla.suse.com/1197389 https://bugzilla.suse.com/1197462 https://bugzilla.suse.com/1197501 https://bugzilla.suse.com/1197534 https://bugzilla.suse.com/1197661 https://bugzilla.suse.com/1197675 https://bugzilla.suse.com/1197702 https://bugzilla.suse.com/1197811 https://bugzilla.suse.com/1197812 https://bugzilla.suse.com/1197815 https://bugzilla.suse.com/1197817 https://bugzilla.suse.com/1197819 https://bugzilla.suse.com/1197820 https://bugzilla.suse.com/1197888 https://bugzilla.suse.com/1197889 https://bugzilla.suse.com/1197894 https://bugzilla.suse.com/1197914 https://bugzilla.suse.com/1198027 https://bugzilla.suse.com/1198028 https://bugzilla.suse.com/1198029 https://bugzilla.suse.com/1198030 https://bugzilla.suse.com/1198031 https://bugzilla.suse.com/1198032 https://bugzilla.suse.com/1198033

1 0

SUSE-SU-2022:1176-1: important: Security update for MozillaThunderbird
by opensuse-security＠opensuse.org 13 Apr '22

13 Apr '22

SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1176-1 Rating: important References: #1197903 Cross-References: CVE-2022-1097 CVE-2022-1196 CVE-2022-1197 CVE-2022-24713 CVE-2022-28281 CVE-2022-28282 CVE-2022-28285 CVE-2022-28286 CVE-2022-28289 CVSS scores: CVE-2022-1097 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1196 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-1197 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-24713 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-24713 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-28281 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-28282 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-28285 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-28286 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-28289 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: - Updated to version 91.8 (bsc#1197903): - CVE-2022-1097: Fixed a memory corruption issue with NSSToken objects. - CVE-2022-28281: Fixed a memory corruption issue due to unexpected WebAuthN Extensions. - CVE-2022-1197: Fixed an issue where OpenPGP revocation information was ignored. - CVE-2022-1196: Fixed a memory corruption issue after VR process destruction. - CVE-2022-28282: Fixed a memory corruption issue in document translation. - CVE-2022-28285: Fixed a memory corruption issue in JIT code generation. - CVE-2022-28286: Fixed an iframe layout issue that could have been exploited to stage spoofing attacks. - CVE-2022-24713: Fixed a potential denial of service via complex regular expressions. - CVE-2022-28289: Fixed multiple memory corruption issues. Non-security fixes: - Changed Google accounts using password authentication to use OAuth2. - Fixed an issue where OpenPGP ECC keys created by Thunderbird could not be imported into GnuPG. - Fixed an issue where exporting multiple public PGP keys from Thunderbird was not possible. - Fixed an issue where replying to a newsgroup message erroneously displayed a "No-reply" popup warning. - Fixed an issue with opening older address books. - Fixed an issue where LDAP directories would be lost when switching to "Offline" mode. - Fixed an issue when importing webcals. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1176=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1176=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-1176=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1176=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1176=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1176=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-91.8.0-150200.8.65.1 MozillaThunderbird-debuginfo-91.8.0-150200.8.65.1 MozillaThunderbird-debugsource-91.8.0-150200.8.65.1 MozillaThunderbird-translations-common-91.8.0-150200.8.65.1 MozillaThunderbird-translations-other-91.8.0-150200.8.65.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-91.8.0-150200.8.65.1 MozillaThunderbird-debuginfo-91.8.0-150200.8.65.1 MozillaThunderbird-debugsource-91.8.0-150200.8.65.1 MozillaThunderbird-translations-common-91.8.0-150200.8.65.1 MozillaThunderbird-translations-other-91.8.0-150200.8.65.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): MozillaThunderbird-91.8.0-150200.8.65.1 MozillaThunderbird-debuginfo-91.8.0-150200.8.65.1 MozillaThunderbird-debugsource-91.8.0-150200.8.65.1 MozillaThunderbird-translations-common-91.8.0-150200.8.65.1 MozillaThunderbird-translations-other-91.8.0-150200.8.65.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): MozillaThunderbird-91.8.0-150200.8.65.1 MozillaThunderbird-debuginfo-91.8.0-150200.8.65.1 MozillaThunderbird-debugsource-91.8.0-150200.8.65.1 MozillaThunderbird-translations-common-91.8.0-150200.8.65.1 MozillaThunderbird-translations-other-91.8.0-150200.8.65.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): MozillaThunderbird-91.8.0-150200.8.65.1 MozillaThunderbird-debuginfo-91.8.0-150200.8.65.1 MozillaThunderbird-debugsource-91.8.0-150200.8.65.1 MozillaThunderbird-translations-common-91.8.0-150200.8.65.1 MozillaThunderbird-translations-other-91.8.0-150200.8.65.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): MozillaThunderbird-91.8.0-150200.8.65.1 MozillaThunderbird-debuginfo-91.8.0-150200.8.65.1 MozillaThunderbird-debugsource-91.8.0-150200.8.65.1 MozillaThunderbird-translations-common-91.8.0-150200.8.65.1 MozillaThunderbird-translations-other-91.8.0-150200.8.65.1 References: https://www.suse.com/security/cve/CVE-2022-1097.html https://www.suse.com/security/cve/CVE-2022-1196.html https://www.suse.com/security/cve/CVE-2022-1197.html https://www.suse.com/security/cve/CVE-2022-24713.html https://www.suse.com/security/cve/CVE-2022-28281.html https://www.suse.com/security/cve/CVE-2022-28282.html https://www.suse.com/security/cve/CVE-2022-28285.html https://www.suse.com/security/cve/CVE-2022-28286.html https://www.suse.com/security/cve/CVE-2022-28289.html https://bugzilla.suse.com/1197903

1 0

SUSE-SU-2022:1167-1: important: Security update for go1.17
by opensuse-security＠opensuse.org 12 Apr '22

12 Apr '22

SUSE Security Update: Security update for go1.17 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1167-1 Rating: important References: #1183043 #1190649 #1196732 Cross-References: CVE-2022-24921 CVSS scores: CVE-2022-24921 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-24921 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for go1.17 fixes the following issues: Update to version 1.17.8 (bsc#1190649): - CVE-2022-24921: Fixed a potential denial of service via large regular expressions (bsc#1196732). Non-security fixes: - Fixed an issue with v2 modules (go#51332). - Fixed an issue when building source in riscv64 (go#51199). - Increased compatibility for the DNS protocol in the net module (go#51162). - Fixed an issue with histograms in the runtime/metrics module (go#50734). - Fixed an issue when parsing x509 certificates (go#51000). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1167=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1167=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1167=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1167=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1167=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1167=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1167=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1167=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1167=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1167=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1167=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1167=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1167=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1167=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 - openSUSE Leap 15.4 (aarch64 x86_64): go1.17-race-1.17.8-150000.1.25.1 - openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.17-race-1.17.8-150000.1.25.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 - SUSE Manager Server 4.1 (x86_64): go1.17-race-1.17.8-150000.1.25.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 go1.17-race-1.17.8-150000.1.25.1 - SUSE Manager Proxy 4.1 (x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 go1.17-race-1.17.8-150000.1.25.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): go1.17-race-1.17.8-150000.1.25.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): go1.17-race-1.17.8-150000.1.25.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 go1.17-race-1.17.8-150000.1.25.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 go1.17-race-1.17.8-150000.1.25.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64): go1.17-race-1.17.8-150000.1.25.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.17-race-1.17.8-150000.1.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 go1.17-race-1.17.8-150000.1.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 go1.17-race-1.17.8-150000.1.25.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 go1.17-race-1.17.8-150000.1.25.1 References: https://www.suse.com/security/cve/CVE-2022-24921.html https://bugzilla.suse.com/1183043 https://bugzilla.suse.com/1190649 https://bugzilla.suse.com/1196732

1 0

SUSE-SU-2022:1164-1: important: Security update for go1.16
by opensuse-security＠opensuse.org 12 Apr '22

12 Apr '22

SUSE Security Update: Security update for go1.16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1164-1 Rating: important References: #1182345 #1183043 #1196732 Cross-References: CVE-2022-24921 CVSS scores: CVE-2022-24921 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-24921 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for go1.16 fixes the following issues: Update to version 1.16.15 (bsc#1182345): - CVE-2022-24921: Fixed a potential denial of service via large regular expressions (bsc#1196732). Non-security fixes: - Fixed an issue with v2 modules (go#51331). - Fixed an issue when building source in riscv64 (go#51198). - Increased compatibility for the DNS protocol in the net module (go#51161). - Fixed an issue with histograms in the runtime/metrics module (go#50733). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1164=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1164=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1164=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1164=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1164=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1164=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1164=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1164=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1164=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1164=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1164=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1164=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1164=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 - openSUSE Leap 15.4 (aarch64 x86_64): go1.16-race-1.16.15-150000.1.46.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.16-race-1.16.15-150000.1.46.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 - SUSE Manager Server 4.1 (x86_64): go1.16-race-1.16.15-150000.1.46.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 go1.16-race-1.16.15-150000.1.46.1 - SUSE Manager Proxy 4.1 (x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 go1.16-race-1.16.15-150000.1.46.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): go1.16-race-1.16.15-150000.1.46.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): go1.16-race-1.16.15-150000.1.46.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 go1.16-race-1.16.15-150000.1.46.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 go1.16-race-1.16.15-150000.1.46.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.16-race-1.16.15-150000.1.46.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 go1.16-race-1.16.15-150000.1.46.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 go1.16-race-1.16.15-150000.1.46.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 go1.16-race-1.16.15-150000.1.46.1 References: https://www.suse.com/security/cve/CVE-2022-24921.html https://bugzilla.suse.com/1182345 https://bugzilla.suse.com/1183043 https://bugzilla.suse.com/1196732

1 0

SUSE-SU-2022:1157-1: important: Security update for libsolv, libzypp, zypper
by opensuse-security＠opensuse.org 12 Apr '22

12 Apr '22

SUSE Security Update: Security update for libsolv, libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1157-1 Rating: important References: #1184501 #1194848 #1195999 #1196061 #1196317 #1196368 #1196514 #1196925 #1197134 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP2 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Installer 15-SP2 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ("requires" is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1157=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1157=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1157=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1157=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1157=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1157=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1157=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1157=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1157=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1157=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1157=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1157=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2022-1157=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1157=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1157=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1157=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-demo-0.7.22-150200.12.1 libsolv-demo-debuginfo-0.7.22-150200.12.1 libsolv-devel-0.7.22-150200.12.1 libsolv-devel-debuginfo-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 libzypp-devel-17.30.0-150200.36.1 libzypp-devel-doc-17.30.0-150200.36.1 perl-solv-0.7.22-150200.12.1 perl-solv-debuginfo-0.7.22-150200.12.1 python-solv-0.7.22-150200.12.1 python-solv-debuginfo-0.7.22-150200.12.1 python3-solv-0.7.22-150200.12.1 python3-solv-debuginfo-0.7.22-150200.12.1 ruby-solv-0.7.22-150200.12.1 ruby-solv-debuginfo-0.7.22-150200.12.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - openSUSE Leap 15.3 (noarch): zypper-aptitude-1.14.52-150200.30.2 zypper-log-1.14.52-150200.30.2 zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-devel-0.7.22-150200.12.1 libsolv-devel-debuginfo-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 libzypp-devel-17.30.0-150200.36.1 perl-solv-0.7.22-150200.12.1 perl-solv-debuginfo-0.7.22-150200.12.1 python3-solv-0.7.22-150200.12.1 python3-solv-debuginfo-0.7.22-150200.12.1 ruby-solv-0.7.22-150200.12.1 ruby-solv-debuginfo-0.7.22-150200.12.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Manager Server 4.1 (noarch): zypper-log-1.14.52-150200.30.2 zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Manager Retail Branch Server 4.1 (noarch): zypper-log-1.14.52-150200.30.2 zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-devel-0.7.22-150200.12.1 libsolv-devel-debuginfo-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 libzypp-devel-17.30.0-150200.36.1 perl-solv-0.7.22-150200.12.1 perl-solv-debuginfo-0.7.22-150200.12.1 python3-solv-0.7.22-150200.12.1 python3-solv-debuginfo-0.7.22-150200.12.1 ruby-solv-0.7.22-150200.12.1 ruby-solv-debuginfo-0.7.22-150200.12.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Manager Proxy 4.1 (x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-devel-0.7.22-150200.12.1 libsolv-devel-debuginfo-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 libzypp-devel-17.30.0-150200.36.1 perl-solv-0.7.22-150200.12.1 perl-solv-debuginfo-0.7.22-150200.12.1 python3-solv-0.7.22-150200.12.1 python3-solv-debuginfo-0.7.22-150200.12.1 ruby-solv-0.7.22-150200.12.1 ruby-solv-debuginfo-0.7.22-150200.12.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Manager Proxy 4.1 (noarch): zypper-log-1.14.52-150200.30.2 zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-devel-0.7.22-150200.12.1 libsolv-devel-debuginfo-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 libzypp-devel-17.30.0-150200.36.1 perl-solv-0.7.22-150200.12.1 perl-solv-debuginfo-0.7.22-150200.12.1 python3-solv-0.7.22-150200.12.1 python3-solv-debuginfo-0.7.22-150200.12.1 ruby-solv-0.7.22-150200.12.1 ruby-solv-debuginfo-0.7.22-150200.12.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): zypper-log-1.14.52-150200.30.2 zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-devel-0.7.22-150200.12.1 libsolv-devel-debuginfo-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 libzypp-devel-17.30.0-150200.36.1 perl-solv-0.7.22-150200.12.1 perl-solv-debuginfo-0.7.22-150200.12.1 python3-solv-0.7.22-150200.12.1 python3-solv-debuginfo-0.7.22-150200.12.1 ruby-solv-0.7.22-150200.12.1 ruby-solv-debuginfo-0.7.22-150200.12.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): zypper-log-1.14.52-150200.30.2 zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-devel-0.7.22-150200.12.1 libsolv-devel-debuginfo-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 libzypp-devel-17.30.0-150200.36.1 perl-solv-0.7.22-150200.12.1 perl-solv-debuginfo-0.7.22-150200.12.1 python3-solv-0.7.22-150200.12.1 python3-solv-debuginfo-0.7.22-150200.12.1 ruby-solv-0.7.22-150200.12.1 ruby-solv-debuginfo-0.7.22-150200.12.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): zypper-log-1.14.52-150200.30.2 zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-devel-0.7.22-150200.12.1 libsolv-devel-debuginfo-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 libzypp-devel-17.30.0-150200.36.1 perl-solv-0.7.22-150200.12.1 perl-solv-debuginfo-0.7.22-150200.12.1 python3-solv-0.7.22-150200.12.1 python3-solv-debuginfo-0.7.22-150200.12.1 ruby-solv-0.7.22-150200.12.1 ruby-solv-debuginfo-0.7.22-150200.12.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): zypper-log-1.14.52-150200.30.2 zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 perl-solv-0.7.22-150200.12.1 perl-solv-debuginfo-0.7.22-150200.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-devel-0.7.22-150200.12.1 libsolv-devel-debuginfo-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 libzypp-devel-17.30.0-150200.36.1 python3-solv-0.7.22-150200.12.1 python3-solv-debuginfo-0.7.22-150200.12.1 ruby-solv-0.7.22-150200.12.1 ruby-solv-debuginfo-0.7.22-150200.12.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): zypper-log-1.14.52-150200.30.2 zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Linux Enterprise Micro 5.1 (noarch): zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Linux Enterprise Micro 5.0 (noarch): zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): libsolv-tools-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-devel-0.7.22-150200.12.1 libsolv-devel-debuginfo-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 libzypp-devel-17.30.0-150200.36.1 perl-solv-0.7.22-150200.12.1 perl-solv-debuginfo-0.7.22-150200.12.1 python3-solv-0.7.22-150200.12.1 python3-solv-debuginfo-0.7.22-150200.12.1 ruby-solv-0.7.22-150200.12.1 ruby-solv-debuginfo-0.7.22-150200.12.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): zypper-log-1.14.52-150200.30.2 zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-devel-0.7.22-150200.12.1 libsolv-devel-debuginfo-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 libzypp-devel-17.30.0-150200.36.1 perl-solv-0.7.22-150200.12.1 perl-solv-debuginfo-0.7.22-150200.12.1 python3-solv-0.7.22-150200.12.1 python3-solv-debuginfo-0.7.22-150200.12.1 ruby-solv-0.7.22-150200.12.1 ruby-solv-debuginfo-0.7.22-150200.12.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): zypper-log-1.14.52-150200.30.2 zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-devel-0.7.22-150200.12.1 libsolv-devel-debuginfo-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 libzypp-devel-17.30.0-150200.36.1 perl-solv-0.7.22-150200.12.1 perl-solv-debuginfo-0.7.22-150200.12.1 python3-solv-0.7.22-150200.12.1 python3-solv-debuginfo-0.7.22-150200.12.1 ruby-solv-0.7.22-150200.12.1 ruby-solv-debuginfo-0.7.22-150200.12.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Enterprise Storage 7 (noarch): zypper-log-1.14.52-150200.30.2 zypper-needs-restarting-1.14.52-150200.30.2 References: https://bugzilla.suse.com/1184501 https://bugzilla.suse.com/1194848 https://bugzilla.suse.com/1195999 https://bugzilla.suse.com/1196061 https://bugzilla.suse.com/1196317 https://bugzilla.suse.com/1196368 https://bugzilla.suse.com/1196514 https://bugzilla.suse.com/1196925 https://bugzilla.suse.com/1197134

1 0

SUSE-SU-2022:1163-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 12 Apr '22

12 Apr '22

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1163-1 Rating: important References: #1065729 #1156395 #1175667 #1177028 #1178134 #1179639 #1180153 #1189562 #1194589 #1194625 #1194649 #1194943 #1195051 #1195353 #1195640 #1195926 #1196018 #1196130 #1196196 #1196478 #1196488 #1196761 #1196823 #1196956 #1197227 #1197243 #1197245 #1197300 #1197302 #1197331 #1197343 #1197366 #1197389 #1197460 #1197462 #1197501 #1197534 #1197661 #1197675 #1197677 #1197702 #1197811 #1197812 #1197815 #1197817 #1197819 #1197820 #1197888 #1197889 #1197894 #1198027 #1198028 #1198029 #1198030 #1198031 #1198032 #1198033 #1198077 Cross-References: CVE-2021-39698 CVE-2021-45402 CVE-2021-45868 CVE-2022-0850 CVE-2022-0854 CVE-2022-1011 CVE-2022-1016 CVE-2022-1048 CVE-2022-1055 CVE-2022-1195 CVE-2022-1198 CVE-2022-1199 CVE-2022-1205 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-27223 CVE-2022-27666 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVSS scores: CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-45402 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45402 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2021-45868 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45868 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0850 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-0854 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0854 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1055 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1055 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1195 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1198 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1199 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1205 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23036 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23037 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23037 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23038 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23038 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23039 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23039 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23040 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23040 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23041 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23041 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23042 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23042 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-27223 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27223 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-28388 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28388 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 25 vulnerabilities and has 33 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-1199: Fixed null-ptr-deref and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198028) - CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027) - CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030). - CVE-2022-1195: Fixed an use-after-free vulnerability which could allow a local attacker with a user privilege to execute a denial of service. (bsc#1198029) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) - CVE-2022-27223: Fixed an out-of-array access in /usb/gadget/udc/udc-xilinx.c. (bsc#1197245) - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) - CVE-2021-45402: Fixed a pointer leak in check_alu_op() of kernel/bpf/verifier.c. (bsc#1196130). - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040, CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) The following non-security bugs were fixed: - ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes). - ACPI: APEI: fix return value of __setup handlers (git-fixes). - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes). - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes). - ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes). - ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes). - ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes). - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes). - ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes). - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes). - ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes). - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes). - ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes). - ALSA: spi: Add check for clk_enable() (git-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes). - ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes). - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes). - ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes). - ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes). - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes). - ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes). - ASoC: fsi: Add check for clk_enable (git-fixes). - ASoC: fsl_spdif: Disable TX clock when stop (git-fixes). - ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes). - ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes). - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes). - ASoC: mxs-saif: Handle errors for clk_enable (git-fixes). - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes). - ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes). - ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes). - ASoC: SOF: topology: remove redundant code (git-fixes). - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes). - ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes). - ASoC: topology: Allow TLV control to be either read or write (git-fixes). - ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes). - ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes). - ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes). - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - block: update io_ticks when io hang (bsc#1197817). - block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes). - bpf: Remove config check to enable bpf support for branch records (git-fixes bsc#1177028). - btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1194649). - btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1194649). - btrfs: avoid unnecessary logging of xattrs during fast fsyncs (bsc#1194649). - btrfs: check error value from btrfs_update_inode in tree log (bsc#1194649). - btrfs: check if a log root exists before locking the log_mutex on unlink (bsc#1194649). - btrfs: check if a log tree exists at inode_logged() (bsc#1194649). - btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1194649). - btrfs: do not log new dentries when logging that a new name exists (bsc#1194649). - btrfs: eliminate some false positives when checking if inode was logged (bsc#1194649). - btrfs: fix race leading to unnecessary transaction commit when logging inode (bsc#1194649). - btrfs: fix race that causes unnecessary logging of ancestor inodes (bsc#1194649). - btrfs: fix race that makes inode logging fallback to transaction commit (bsc#1194649). - btrfs: fix race that results in logging old extents during a fast fsync (bsc#1194649). - btrfs: fixup error handling in fixup_inode_link_counts (bsc#1194649). - btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1194649). - btrfs: Remove unnecessary check from join_running_log_trans (bsc#1194649). - btrfs: remove unnecessary directory inode item update when deleting dir entry (bsc#1194649). - btrfs: remove unnecessary list head initialization when syncing log (bsc#1194649). - btrfs: skip unnecessary searches for xattrs when logging an inode (bsc#1194649). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes). - can: mcba_usb: properly check endpoint type (git-fixes). - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: use the correct max-length for dentry_path_raw() (bsc1196196). - clk: actions: Terminate clk_div_table with sentinel element (git-fixes). - clk: bcm2835: Remove unused variable (git-fixes). - clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes). - clk: imx7d: Remove audio_mclk_root_clk (git-fixes). - clk: Initialize orphan req_rate (git-fixes). - clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes). - clk: nxp: Remove unused variable (git-fixes). - clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes). - clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes). - clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes). - clk: uniphier: Fix fixed-rate initialization (git-fixes). - clocksource: acpi_pm: fix return value of __setup handler (git-fixes). - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes). - cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes) - crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes). - crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes). - crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes). - crypto: ccree - do not attempt 0 len DMA mappings (git-fixes). - crypto: mxs-dcp - Fix scatterlist processing (git-fixes). - crypto: qat - do not cast parameter in bit operations (git-fixes). - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes). - crypto: rsa-pkcs1pad - restore signature length check (git-fixes). - crypto: vmx - add missing dependencies (git-fixes). - dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501). - driver core: dd: fix return value of __setup handler (git-fixes). - drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes). - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes). - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes). - drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes). - drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes). - drm/doc: overview before functions for drm_writeback.c (git-fixes). - drm/i915: Fix dbuf slice config lookup (git-fixes). - drm/i915/gem: add missing boundary check in vm_access (git-fixes). - drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes). - drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes). - drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes). - drm/msm/dpu: add DSPP blocks teardown (git-fixes). - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes). - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes). - drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes). - drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes). - drm/vc4: crtc: Make sure the HDMI controller is powered when disabling (git-fixes). - drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes). - Drop HID multitouch fix patch (bsc#1197243), - ecryptfs: fix kernel panic with null dev_name (bsc#1197812). - ecryptfs: Fix typo in message (bsc#1197811). - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1178134). - ext2: correct max file size computing (bsc#1197820). - firmware: google: Properly state IOMEM dependency (git-fixes). - firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes). - fscrypt: do not ignore minor_hash when hash is 0 (bsc#1197815). - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes). - gpio: ts4900: Do not set DAT and OE together (git-fixes). - gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes). - HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243). - hwmon: (pmbus) Add mutex to regulator ops (git-fixes). - hwmon: (pmbus) Add Vin unit off handling (git-fixes). - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes). - hwrng: atmel - disable trng on failure path (git-fixes). - i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes). - ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259). - iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes). - iio: adc: Add check for devm_request_threaded_irq (git-fixes). - iio: afe: rescale: use s64 for temporary scale calculations (git-fixes). - iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes). - iio: inkern: apply consumer scale when no channel scale is available (git-fixes). - iio: inkern: make a best effort on offset calculation (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - iwlwifi: do not advertise TWT support (git-fixes). - kernel-binary.spec: Do not use the default certificate path (bsc#1194943). - KVM: SVM: Do not flush cache if hardware enforces cache coherency across encryption domains (bsc#1178134). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - mac80211: fix potential double free on mesh join (git-fixes). - mac80211: refuse aggregations sessions before authorized (git-fixes). - media: aspeed: Correct value for h-total-pixels (git-fixes). - media: bttv: fix WARNING regression on tunerless devices (git-fixes). - media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM get (git-fixes). - media: em28xx: initialize refcount before kref_get (git-fixes). - media: hantro: Fix overfill bottom register field name (git-fixes). - media: Revert "media: em28xx: add missing em28xx_close_extension" (git-fixes). - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes). - media: usb: go7007: s2250-board: fix leak in probe() (git-fixes). - media: video/hdmi: handle short reads of hdmi info frame (git-fixes). - membarrier: Execute SYNC_CORE on the calling thread (git-fixes) - membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes) - memory: emif: Add check for setup_interrupts (git-fixes). - memory: emif: check the pointer temp in get_device_details() (git-fixes). - misc: alcor_pci: Fix an error handling path (git-fixes). - misc: sgi-gru: Do not cast parameter in bit operations (git-fixes). - mm_zone: add function to check if managed dma zone exists (bsc#1197501). - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501). - mmc: davinci_mmc: Handle error for clk_enable (git-fixes). - mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes). - net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add (git-fixes). - net: enetc: initialize the RFS and RSS memories (git-fixes). - net: hns3: add a check for tqp_index in hclge_get_ring_chain_from_mbx() (git-fixes). - net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes). - net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes). - net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes). - net: stmmac: set TxQ mode back to DCB after disabling CBS (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net: watchdog: hold device global xmit lock during tx disable (git-fixes). - net/smc: Fix loop in smc_listen (git-fixes). - net/smc: fix using of uninitialized completions (git-fixes). - net/smc: fix wrong list_del in smc_lgr_cleanup_early (git-fixes). - net/smc: Make sure the link_id is unique (git-fixes). - net/smc: Reset conn->lgr when link group registration fails (git-fixes). - netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389). - netxen_nic: fix MSI/MSI-x interrupts (git-fixes). - NFC: port100: fix use-after-free in port100_send_complete (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: Do not skip directory entries when doing uncached readdir (git-fixes). - NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - NFS: Use of mapping_set_error() results in spurious errors (git-fixes). - nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFSv4.1: do not retry BIND_CONN_TO_SESSION on session error (git-fixes). - NFSv4/pNFS: Fix another issue with a list iterator pointing to the head (git-fixes). - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes). - pinctrl: mediatek: paris: Fix "argument" argument type for mtk_pinconf_get() (git-fixes). - pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes). - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes). - pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes). - pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes). - pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes). - pinctrl: samsung: drop pin banks references on error paths (git-fixes). - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes). - PM: hibernate: fix __setup handler error handling (git-fixes). - PM: suspend: fix return value of __setup handler (git-fixes). - powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395). - powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395). - powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299). - powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - printk: Add panic_in_progress helper (bsc#1197894). - printk: disable optimistic spin during panic (bsc#1197894). - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes). - regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes). - remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes). - remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes). - Revert "build initrd without systemd" (bsc#1197300). - Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads" (bsc#1197243). - Revert "module, async: async_synchronize_full() on module init iff async is used" (bsc#1197888). - Revert "Revert "build initrd without systemd" (bsc#1197300)" - Revert "usb: dwc3: gadget: Use list_replace_init() before traversing lists" (git-fixes). - s390/bpf: Perform r1 range checking before accessing jit->seen_reg (git-fixes). - s390/gmap: do not unconditionally call pte_unmap_unlock() in __gmap_zap() (git-fixes). - s390/gmap: validate VMA in __gmap_zap() (git-fixes). - s390/hypfs: include z/VM guests with access control group set (bsc#1195640 LTC#196352). - s390/kexec_file: fix error handling when applying relocations (git-fixes). - s390/kexec: fix memory leak of ipl report buffer (git-fixes). - s390/kexec: fix return code handling (git-fixes). - s390/mm: fix VMA and page table handling code in storage key handling functions (git-fixes). - s390/mm: validate VMA in PGSTE manipulation functions (git-fixes). - s390/module: fix loading modules with a lot of relocations (git-fixes). - s390/pci_mmio: fully validate the VMA before calling follow_pte() (git-fixes). - s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378). - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes). - serial: 8250: Fix race condition in RTS-after-send handling (git-fixes). - serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes). - soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes). - soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes). - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes). - soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes). - spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes). - spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes). - staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes). - staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153). - tcp: change source port randomizarion at connect() time (bsc#1180153). - team: protect features update by RCU to avoid deadlock (git-fixes). - thermal: int340x: Check for NULL after calling kmemdup() (git-fixes). - thermal: int340x: Increase bitmap size (git-fixes). - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes). - Update config files (bsc#1195926 bsc#1175667). VIRTIO_PCI=m -> VIRTIO_PCI=y - usb: bdc: Adb shows offline after resuming from S2 (git-fixes). - usb: bdc: Fix a resource leak in the error handling path of 'bdc_probe()' (git-fixes). - usb: bdc: Fix unused assignment in bdc_probe() (git-fixes). - usb: bdc: remove duplicated error message (git-fixes). - usb: bdc: Use devm_clk_get_optional() (git-fixes). - usb: bdc: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc2: Fix Stalling a Non-Isochronous OUT EP (git-fixes). - usb: dwc2: gadget: Fix GOUTNAK flow for Slave mode (git-fixes). - usb: dwc2: gadget: Fix kill_all_requests race (git-fixes). - usb: dwc3: gadget: Use list_replace_init() before traversing lists (git-fixes). - usb: dwc3: meson-g12a: Disable the regulator in the error handling path of the probe (git-fixes). - usb: dwc3: qcom: add IRQ check (git-fixes). - usb: gadget: bdc: use readl_poll_timeout() to simplify code (git-fixes). - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes). - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - usb: hub: Fix locking issues with address0_mutex (git-fixes). - usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes). - VFS: filename_create(): fix incorrect intent (bsc#1197534). - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes). - video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes). - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes). - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes). - VMCI: Fix the description of vmci_check_host_caps() (git-fixes). - vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889). - wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes). - wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes). - wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes). - wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes). - x86/cpu: Add hardware-enforced cache coherency as a CPUID feature (bsc#1178134). - x86/mm/pat: Do not flush cache if hardware enforces cache coherency across encryption domnains (bsc#1178134). - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1178134). - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1178134). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - xhci: fix garbage USBSTS being logged in some cases (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1163=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-1163=1 Package List: - openSUSE Leap 15.3 (noarch): kernel-devel-azure-5.3.18-150300.38.53.1 kernel-source-azure-5.3.18-150300.38.53.1 - openSUSE Leap 15.3 (x86_64): cluster-md-kmp-azure-5.3.18-150300.38.53.1 cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.53.1 dlm-kmp-azure-5.3.18-150300.38.53.1 dlm-kmp-azure-debuginfo-5.3.18-150300.38.53.1 gfs2-kmp-azure-5.3.18-150300.38.53.1 gfs2-kmp-azure-debuginfo-5.3.18-150300.38.53.1 kernel-azure-5.3.18-150300.38.53.1 kernel-azure-debuginfo-5.3.18-150300.38.53.1 kernel-azure-debugsource-5.3.18-150300.38.53.1 kernel-azure-devel-5.3.18-150300.38.53.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.53.1 kernel-azure-extra-5.3.18-150300.38.53.1 kernel-azure-extra-debuginfo-5.3.18-150300.38.53.1 kernel-azure-livepatch-devel-5.3.18-150300.38.53.1 kernel-azure-optional-5.3.18-150300.38.53.1 kernel-azure-optional-debuginfo-5.3.18-150300.38.53.1 kernel-syms-azure-5.3.18-150300.38.53.1 kselftests-kmp-azure-5.3.18-150300.38.53.1 kselftests-kmp-azure-debuginfo-5.3.18-150300.38.53.1 ocfs2-kmp-azure-5.3.18-150300.38.53.1 ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.53.1 reiserfs-kmp-azure-5.3.18-150300.38.53.1 reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.53.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): kernel-devel-azure-5.3.18-150300.38.53.1 kernel-source-azure-5.3.18-150300.38.53.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64): kernel-azure-5.3.18-150300.38.53.1 kernel-azure-debuginfo-5.3.18-150300.38.53.1 kernel-azure-debugsource-5.3.18-150300.38.53.1 kernel-azure-devel-5.3.18-150300.38.53.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.53.1 kernel-syms-azure-5.3.18-150300.38.53.1 References: https://www.suse.com/security/cve/CVE-2021-39698.html https://www.suse.com/security/cve/CVE-2021-45402.html https://www.suse.com/security/cve/CVE-2021-45868.html https://www.suse.com/security/cve/CVE-2022-0850.html https://www.suse.com/security/cve/CVE-2022-0854.html https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1016.html https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-1055.html https://www.suse.com/security/cve/CVE-2022-1195.html https://www.suse.com/security/cve/CVE-2022-1198.html https://www.suse.com/security/cve/CVE-2022-1199.html https://www.suse.com/security/cve/CVE-2022-1205.html https://www.suse.com/security/cve/CVE-2022-23036.html https://www.suse.com/security/cve/CVE-2022-23037.html https://www.suse.com/security/cve/CVE-2022-23038.html https://www.suse.com/security/cve/CVE-2022-23039.html https://www.suse.com/security/cve/CVE-2022-23040.html https://www.suse.com/security/cve/CVE-2022-23041.html https://www.suse.com/security/cve/CVE-2022-23042.html https://www.suse.com/security/cve/CVE-2022-27223.html https://www.suse.com/security/cve/CVE-2022-27666.html https://www.suse.com/security/cve/CVE-2022-28388.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1175667 https://bugzilla.suse.com/1177028 https://bugzilla.suse.com/1178134 https://bugzilla.suse.com/1179639 https://bugzilla.suse.com/1180153 https://bugzilla.suse.com/1189562 https://bugzilla.suse.com/1194589 https://bugzilla.suse.com/1194625 https://bugzilla.suse.com/1194649 https://bugzilla.suse.com/1194943 https://bugzilla.suse.com/1195051 https://bugzilla.suse.com/1195353 https://bugzilla.suse.com/1195640 https://bugzilla.suse.com/1195926 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1196130 https://bugzilla.suse.com/1196196 https://bugzilla.suse.com/1196478 https://bugzilla.suse.com/1196488 https://bugzilla.suse.com/1196761 https://bugzilla.suse.com/1196823 https://bugzilla.suse.com/1196956 https://bugzilla.suse.com/1197227 https://bugzilla.suse.com/1197243 https://bugzilla.suse.com/1197245 https://bugzilla.suse.com/1197300 https://bugzilla.suse.com/1197302 https://bugzilla.suse.com/1197331 https://bugzilla.suse.com/1197343 https://bugzilla.suse.com/1197366 https://bugzilla.suse.com/1197389 https://bugzilla.suse.com/1197460 https://bugzilla.suse.com/1197462 https://bugzilla.suse.com/1197501 https://bugzilla.suse.com/1197534 https://bugzilla.suse.com/1197661 https://bugzilla.suse.com/1197675 https://bugzilla.suse.com/1197677 https://bugzilla.suse.com/1197702 https://bugzilla.suse.com/1197811 https://bugzilla.suse.com/1197812 https://bugzilla.suse.com/1197815 https://bugzilla.suse.com/1197817 https://bugzilla.suse.com/1197819 https://bugzilla.suse.com/1197820 https://bugzilla.suse.com/1197888 https://bugzilla.suse.com/1197889 https://bugzilla.suse.com/1197894 https://bugzilla.suse.com/1198027 https://bugzilla.suse.com/1198028 https://bugzilla.suse.com/1198029 https://bugzilla.suse.com/1198030 https://bugzilla.suse.com/1198031 https://bugzilla.suse.com/1198032 https://bugzilla.suse.com/1198033 https://bugzilla.suse.com/1198077

1 0

SUSE-SU-2022:1158-1: important: Security update for xz
by opensuse-security＠opensuse.org 12 Apr '22

12 Apr '22

SUSE Security Update: Security update for xz ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1158-1 Rating: important References: #1198062 Cross-References: CVE-2022-1271 CVSS scores: CVE-2022-1271 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1158=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1158=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1158=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1158=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1158=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1158=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1158=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1158=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1158=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1158=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1158=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1158=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1158=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1158=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1158=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1158=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1158=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1158=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1158=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1158=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1158=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1158=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1158=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1158=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1158=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1158=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1158=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - openSUSE Leap 15.4 (noarch): xz-lang-5.2.3-150000.4.7.1 - openSUSE Leap 15.4 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 xz-devel-32bit-5.2.3-150000.4.7.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - openSUSE Leap 15.3 (noarch): xz-lang-5.2.3-150000.4.7.1 - openSUSE Leap 15.3 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 xz-devel-32bit-5.2.3-150000.4.7.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Manager Server 4.1 (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Manager Server 4.1 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Manager Retail Branch Server 4.1 (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Manager Proxy 4.1 (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Manager Proxy 4.1 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Enterprise Storage 7 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Enterprise Storage 7 (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Enterprise Storage 6 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Enterprise Storage 6 (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE CaaS Platform 4.0 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE CaaS Platform 4.0 (noarch): xz-lang-5.2.3-150000.4.7.1 References: https://www.suse.com/security/cve/CVE-2022-1271.html https://bugzilla.suse.com/1198062

1 0

SUSE-SU-2022:1162-1: important: Security update for subversion
by opensuse-security＠opensuse.org 12 Apr '22

12 Apr '22

SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1162-1 Rating: important References: #1197939 #1197940 Cross-References: CVE-2021-28544 CVE-2022-24070 CVSS scores: CVE-2021-28544 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-24070 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for subversion fixes the following issues: - CVE-2022-24070: Fixed a memory corruption issue in mod_dav_svn as used by Apache HTTP server. This could be exploited by a remote attacker to cause a denial of service (bsc#1197940). - CVE-2021-28544: Fixed an information leak issue where Subversion servers may reveal the original path of files protected by path-based authorization (bsc#1197939). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1162=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1162=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1162=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1162=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1162=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): subversion-python-ctypes-1.10.6-150300.10.8.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libsvn_auth_gnome_keyring-1-0-1.10.6-150300.10.8.1 libsvn_auth_gnome_keyring-1-0-debuginfo-1.10.6-150300.10.8.1 libsvn_auth_kwallet-1-0-1.10.6-150300.10.8.1 libsvn_auth_kwallet-1-0-debuginfo-1.10.6-150300.10.8.1 subversion-1.10.6-150300.10.8.1 subversion-debuginfo-1.10.6-150300.10.8.1 subversion-debugsource-1.10.6-150300.10.8.1 subversion-devel-1.10.6-150300.10.8.1 subversion-perl-1.10.6-150300.10.8.1 subversion-perl-debuginfo-1.10.6-150300.10.8.1 subversion-python-1.10.6-150300.10.8.1 subversion-python-ctypes-1.10.6-150300.10.8.1 subversion-python-debuginfo-1.10.6-150300.10.8.1 subversion-ruby-1.10.6-150300.10.8.1 subversion-ruby-debuginfo-1.10.6-150300.10.8.1 subversion-server-1.10.6-150300.10.8.1 subversion-server-debuginfo-1.10.6-150300.10.8.1 subversion-tools-1.10.6-150300.10.8.1 subversion-tools-debuginfo-1.10.6-150300.10.8.1 - openSUSE Leap 15.3 (noarch): subversion-bash-completion-1.10.6-150300.10.8.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.6-150300.10.8.1 subversion-debugsource-1.10.6-150300.10.8.1 subversion-server-1.10.6-150300.10.8.1 subversion-server-debuginfo-1.10.6-150300.10.8.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.6-150300.10.8.1 subversion-debugsource-1.10.6-150300.10.8.1 subversion-perl-1.10.6-150300.10.8.1 subversion-perl-debuginfo-1.10.6-150300.10.8.1 subversion-python-1.10.6-150300.10.8.1 subversion-python-debuginfo-1.10.6-150300.10.8.1 subversion-tools-1.10.6-150300.10.8.1 subversion-tools-debuginfo-1.10.6-150300.10.8.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): subversion-bash-completion-1.10.6-150300.10.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): subversion-1.10.6-150300.10.8.1 subversion-debuginfo-1.10.6-150300.10.8.1 subversion-debugsource-1.10.6-150300.10.8.1 subversion-devel-1.10.6-150300.10.8.1 References: https://www.suse.com/security/cve/CVE-2021-28544.html https://www.suse.com/security/cve/CVE-2022-24070.html https://bugzilla.suse.com/1197939 https://bugzilla.suse.com/1197940

1 0