openSUSE Security Announce
Threads by month
- ----- 2024 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
June 2022
- 1 participants
- 64 discussions
openSUSE-SU-2022:10035-1: important: Security update for chromium
by opensuse-security@opensuse.org 29 Jun '22
by opensuse-security@opensuse.org 29 Jun '22
29 Jun '22
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10035-1
Rating: important
References: #1200783
Cross-References: CVE-2022-2156 CVE-2022-2157 CVE-2022-2158
CVE-2022-2160 CVE-2022-2161 CVE-2022-2162
CVE-2022-2163 CVE-2022-2164 CVE-2022-2165
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes 9 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium 103.0.5060.53 (boo#1200783)
* CVE-2022-2156: Use after free in Base
* CVE-2022-2157: Use after free in Interest groups
* CVE-2022-2158: Type Confusion in V8
* CVE-2022-2160: Insufficient policy enforcement in DevTools
* CVE-2022-2161: Use after free in WebApp Provider
* CVE-2022-2162: Insufficient policy enforcement in File System API
* CVE-2022-2163: Use after free in Cast UI and Toolbar
* CVE-2022-2164: Inappropriate implementation in Extensions API
* CVE-2022-2165: Insufficient data validation in URL formatting
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10035=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 x86_64):
chromedriver-103.0.5060.53-bp154.2.11.1
chromium-103.0.5060.53-bp154.2.11.1
References:
https://www.suse.com/security/cve/CVE-2022-2156.html
https://www.suse.com/security/cve/CVE-2022-2157.html
https://www.suse.com/security/cve/CVE-2022-2158.html
https://www.suse.com/security/cve/CVE-2022-2160.html
https://www.suse.com/security/cve/CVE-2022-2161.html
https://www.suse.com/security/cve/CVE-2022-2162.html
https://www.suse.com/security/cve/CVE-2022-2163.html
https://www.suse.com/security/cve/CVE-2022-2164.html
https://www.suse.com/security/cve/CVE-2022-2165.html
https://bugzilla.suse.com/1200783
1
0
openSUSE-SU-2022:10036-1: important: Security update for chromium
by opensuse-security@opensuse.org 29 Jun '22
by opensuse-security@opensuse.org 29 Jun '22
29 Jun '22
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10036-1
Rating: important
References: #1200783
Cross-References: CVE-2022-2156 CVE-2022-2157 CVE-2022-2158
CVE-2022-2160 CVE-2022-2161 CVE-2022-2162
CVE-2022-2163 CVE-2022-2164 CVE-2022-2165
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes 9 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium 103.0.5060.53 (boo#1200783)
* CVE-2022-2156: Use after free in Base
* CVE-2022-2157: Use after free in Interest groups
* CVE-2022-2158: Type Confusion in V8
* CVE-2022-2160: Insufficient policy enforcement in DevTools
* CVE-2022-2161: Use after free in WebApp Provider
* CVE-2022-2162: Insufficient policy enforcement in File System API
* CVE-2022-2163: Use after free in Cast UI and Toolbar
* CVE-2022-2164: Inappropriate implementation in Extensions API
* CVE-2022-2165: Insufficient data validation in URL formatting
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10036=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 x86_64):
chromedriver-103.0.5060.53-bp153.2.104.1
chromium-103.0.5060.53-bp153.2.104.1
References:
https://www.suse.com/security/cve/CVE-2022-2156.html
https://www.suse.com/security/cve/CVE-2022-2157.html
https://www.suse.com/security/cve/CVE-2022-2158.html
https://www.suse.com/security/cve/CVE-2022-2160.html
https://www.suse.com/security/cve/CVE-2022-2161.html
https://www.suse.com/security/cve/CVE-2022-2162.html
https://www.suse.com/security/cve/CVE-2022-2163.html
https://www.suse.com/security/cve/CVE-2022-2164.html
https://www.suse.com/security/cve/CVE-2022-2165.html
https://bugzilla.suse.com/1200783
1
0
SUSE-SU-2022:2192-1: critical: Security update for rubygem-rack
by opensuse-security@opensuse.org 27 Jun '22
by opensuse-security@opensuse.org 27 Jun '22
27 Jun '22
SUSE Security Update: Security update for rubygem-rack
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2192-1
Rating: critical
References: #1200748 #1200750
Cross-References: CVE-2022-30122 CVE-2022-30123
CVSS scores:
CVE-2022-30122 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-30123 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Availability 15
SUSE Linux Enterprise High Availability 15-SP1
SUSE Linux Enterprise High Availability 15-SP2
SUSE Linux Enterprise High Availability 15-SP3
SUSE Linux Enterprise High Availability 15-SP4
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise High Performance Computing 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP2
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15-SP1
SUSE Linux Enterprise Server 15-SP2
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15-SP1
SUSE Linux Enterprise Server for SAP Applications 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.0
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.0
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.0
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for rubygem-rack fixes the following issues:
- CVE-2022-30122: Fixed crafted multipart POST request may cause a DoS
(bsc#1200748)
- CVE-2022-30123: Fixed crafted requests can cause shell escape sequences
(bsc#1200750)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2192=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2192=1
- SUSE Linux Enterprise High Availability 15-SP4:
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2192=1
- SUSE Linux Enterprise High Availability 15-SP3:
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2192=1
- SUSE Linux Enterprise High Availability 15-SP2:
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2192=1
- SUSE Linux Enterprise High Availability 15-SP1:
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2192=1
- SUSE Linux Enterprise High Availability 15:
zypper in -t patch SUSE-SLE-Product-HA-15-2022-2192=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-rack-2.0.8-150000.3.6.1
ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1
ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-rack-2.0.8-150000.3.6.1
ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1
ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1
- SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-rack-2.0.8-150000.3.6.1
- SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-rack-2.0.8-150000.3.6.1
- SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-rack-2.0.8-150000.3.6.1
- SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-rack-2.0.8-150000.3.6.1
- SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-rack-2.0.8-150000.3.6.1
References:
https://www.suse.com/security/cve/CVE-2022-30122.html
https://www.suse.com/security/cve/CVE-2022-30123.html
https://bugzilla.suse.com/1200748
https://bugzilla.suse.com/1200750
1
0
openSUSE-SU-2022:10032-1: important: Security update for various openSUSE kernel module packages
by opensuse-security@opensuse.org 27 Jun '22
by opensuse-security@opensuse.org 27 Jun '22
27 Jun '22
openSUSE Security Update: Security update for various openSUSE kernel module packages
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10032-1
Rating: important
References: #1198581
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update of various openSUSE kernel module packages fixes the following
issue:
- rebuild with new secure boot key due to grub2 boothole 3 issues
(bsc#1198581)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-2022-10032=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
mhvtl-1.62-lp153.3.2.1
mhvtl-debuginfo-1.62-lp153.3.2.1
mhvtl-debugsource-1.62-lp153.3.2.1
mhvtl-kmp-default-1.62_k5.3.18_150300.59.76-lp153.3.2.1
mhvtl-kmp-default-debuginfo-1.62_k5.3.18_150300.59.76-lp153.3.2.1
openafs-1.8.7-lp153.2.2.1
openafs-authlibs-1.8.7-lp153.2.2.1
openafs-authlibs-debuginfo-1.8.7-lp153.2.2.1
openafs-authlibs-devel-1.8.7-lp153.2.2.1
openafs-client-1.8.7-lp153.2.2.1
openafs-client-debuginfo-1.8.7-lp153.2.2.1
openafs-debuginfo-1.8.7-lp153.2.2.1
openafs-debugsource-1.8.7-lp153.2.2.1
openafs-devel-1.8.7-lp153.2.2.1
openafs-devel-debuginfo-1.8.7-lp153.2.2.1
openafs-fuse_client-1.8.7-lp153.2.2.1
openafs-fuse_client-debuginfo-1.8.7-lp153.2.2.1
openafs-kernel-source-1.8.7-lp153.2.2.1
openafs-server-1.8.7-lp153.2.2.1
openafs-server-debuginfo-1.8.7-lp153.2.2.1
vhba-kmp-default-20200106_k5.3.18_150300.59.76-lp153.2.2.1
vhba-kmp-default-debuginfo-20200106_k5.3.18_150300.59.76-lp153.2.2.1
xtables-addons-3.18-lp153.2.2.1
xtables-addons-debuginfo-3.18-lp153.2.2.1
xtables-addons-kmp-default-3.18_k5.3.18_150300.59.76-lp153.2.2.1
xtables-addons-kmp-default-debuginfo-3.18_k5.3.18_150300.59.76-lp153.2.2.1
- openSUSE Leap 15.3 (aarch64 ppc64le x86_64):
pcfclock-0.44-lp153.2.2.1
pcfclock-debuginfo-0.44-lp153.2.2.1
pcfclock-debugsource-0.44-lp153.2.2.1
pcfclock-kmp-default-0.44_k5.3.18_150300.59.76-lp153.2.2.1
pcfclock-kmp-default-debuginfo-0.44_k5.3.18_150300.59.76-lp153.2.2.1
rtl8812au-5.9.3.2+git20210427.6ef5d8f-lp153.2.2.1
rtl8812au-debugsource-5.9.3.2+git20210427.6ef5d8f-lp153.2.2.1
rtl8812au-kmp-default-5.9.3.2+git20210427.6ef5d8f_k5.3.18_150300.59.76-lp153.2.2.1
rtl8812au-kmp-default-debuginfo-5.9.3.2+git20210427.6ef5d8f_k5.3.18_150300.59.76-lp153.2.2.1
rtw89-debugsource-5.16~3.g38316db-lp153.4.1
rtw89-firmware-5.16~3.g38316db-lp153.4.1
rtw89-kmp-default-5.16~3.g38316db_k5.3.18_150300.59.76-lp153.4.1
rtw89-kmp-default-debuginfo-5.16~3.g38316db_k5.3.18_150300.59.76-lp153.4.1
rtw89-ueficert-5.16~3.g38316db-lp153.4.1
- openSUSE Leap 15.3 (aarch64 s390x x86_64):
openafs-kmp-default-1.8.7_k5.3.18_150300.59.76-lp153.2.2.1
openafs-kmp-default-debuginfo-1.8.7_k5.3.18_150300.59.76-lp153.2.2.1
- openSUSE Leap 15.3 (aarch64 x86_64):
mhvtl-kmp-preempt-1.62_k5.3.18_150300.59.76-lp153.3.2.1
mhvtl-kmp-preempt-debuginfo-1.62_k5.3.18_150300.59.76-lp153.3.2.1
openafs-kmp-preempt-1.8.7_k5.3.18_150300.59.76-lp153.2.2.1
openafs-kmp-preempt-debuginfo-1.8.7_k5.3.18_150300.59.76-lp153.2.2.1
pcfclock-kmp-preempt-0.44_k5.3.18_150300.59.76-lp153.2.2.1
pcfclock-kmp-preempt-debuginfo-0.44_k5.3.18_150300.59.76-lp153.2.2.1
rtl8812au-kmp-preempt-5.9.3.2+git20210427.6ef5d8f_k5.3.18_150300.59.76-lp153.2.2.1
rtl8812au-kmp-preempt-debuginfo-5.9.3.2+git20210427.6ef5d8f_k5.3.18_150300.59.76-lp153.2.2.1
rtw89-kmp-preempt-5.16~3.g38316db_k5.3.18_150300.59.76-lp153.4.1
rtw89-kmp-preempt-debuginfo-5.16~3.g38316db_k5.3.18_150300.59.76-lp153.4.1
v4l2loopback-debugsource-0.12.5-lp153.2.2.1
v4l2loopback-kmp-default-0.12.5_k5.3.18_150300.59.76-lp153.2.2.1
v4l2loopback-kmp-default-debuginfo-0.12.5_k5.3.18_150300.59.76-lp153.2.2.1
v4l2loopback-kmp-preempt-0.12.5_k5.3.18_150300.59.76-lp153.2.2.1
v4l2loopback-kmp-preempt-debuginfo-0.12.5_k5.3.18_150300.59.76-lp153.2.2.1
vhba-kmp-preempt-20200106_k5.3.18_150300.59.76-lp153.2.2.1
vhba-kmp-preempt-debuginfo-20200106_k5.3.18_150300.59.76-lp153.2.2.1
xtables-addons-kmp-preempt-3.18_k5.3.18_150300.59.76-lp153.2.2.1
xtables-addons-kmp-preempt-debuginfo-3.18_k5.3.18_150300.59.76-lp153.2.2.1
- openSUSE Leap 15.3 (aarch64):
mhvtl-kmp-64kb-1.62_k5.3.18_150300.59.76-lp153.3.2.1
mhvtl-kmp-64kb-debuginfo-1.62_k5.3.18_150300.59.76-lp153.3.2.1
openafs-kmp-64kb-1.8.7_k5.3.18_150300.59.76-lp153.2.2.1
openafs-kmp-64kb-debuginfo-1.8.7_k5.3.18_150300.59.76-lp153.2.2.1
pcfclock-kmp-64kb-0.44_k5.3.18_150300.59.76-lp153.2.2.1
pcfclock-kmp-64kb-debuginfo-0.44_k5.3.18_150300.59.76-lp153.2.2.1
rtl8812au-kmp-64kb-5.9.3.2+git20210427.6ef5d8f_k5.3.18_150300.59.76-lp153.2.2.1
rtl8812au-kmp-64kb-debuginfo-5.9.3.2+git20210427.6ef5d8f_k5.3.18_150300.59.76-lp153.2.2.1
rtw89-kmp-64kb-5.16~3.g38316db_k5.3.18_150300.59.76-lp153.4.1
rtw89-kmp-64kb-debuginfo-5.16~3.g38316db_k5.3.18_150300.59.76-lp153.4.1
v4l2loopback-kmp-64kb-0.12.5_k5.3.18_150300.59.76-lp153.2.2.1
v4l2loopback-kmp-64kb-debuginfo-0.12.5_k5.3.18_150300.59.76-lp153.2.2.1
vhba-kmp-64kb-20200106_k5.3.18_150300.59.76-lp153.2.2.1
vhba-kmp-64kb-debuginfo-20200106_k5.3.18_150300.59.76-lp153.2.2.1
xtables-addons-kmp-64kb-3.18_k5.3.18_150300.59.76-lp153.2.2.1
xtables-addons-kmp-64kb-debuginfo-3.18_k5.3.18_150300.59.76-lp153.2.2.1
- openSUSE Leap 15.3 (noarch):
v4l2loopback-autoload-0.12.5-lp153.2.2.1
v4l2loopback-utils-0.12.5-lp153.2.2.1
- openSUSE Leap 15.3 (x86_64):
bbswitch-0.8-lp153.3.2.1
bbswitch-debugsource-0.8-lp153.3.2.1
bbswitch-kmp-default-0.8_k5.3.18_150300.59.76-lp153.3.2.1
bbswitch-kmp-default-debuginfo-0.8_k5.3.18_150300.59.76-lp153.3.2.1
bbswitch-kmp-preempt-0.8_k5.3.18_150300.59.76-lp153.3.2.1
bbswitch-kmp-preempt-debuginfo-0.8_k5.3.18_150300.59.76-lp153.3.2.1
References:
https://bugzilla.suse.com/1198581
1
0
openSUSE-SU-2022:10031-1: moderate: Security update for wdiff
by opensuse-security@opensuse.org 25 Jun '22
by opensuse-security@opensuse.org 25 Jun '22
25 Jun '22
openSUSE Security Update: Security update for wdiff
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10031-1
Rating: moderate
References:
Cross-References: CVE-2012-3386
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for wdiff fixes the following issues:
This update ships wdiff.
Updated to 1.2.2:
* Updated Vietnamese, Swedish, Estonian, Chinese (traditional),
Brazilian Portuguese and Russian translations.
* Updated gnulib.
* Used more recent autotools: autoconf 2.69 and automake 1.14.1.
updated to 1.2.1:
* Added Esperanto translation.
* Updated Czech, German, Spanish, Finnish, Galician, Italian, Dutch,
Polish, Slovenian, Serbian, Swedish, Ukrainian and Vietnamese
translations.
* Updated gnulib.
* Recreated build system using recent versions of autotools. This will
avoid security issues in "make distcheck" target. (CVE-2012-3386)
updated to 1.1.2:
* Backport gnulib change to deal with removal of gets function. This is
a build-time-only fix. (Mentioned in Fedora bug #821791)
* Added Serbian translation.
* Updated Danish and Vietnamese translations.
* Work around a bug in the formatting of the man page. (Debian bug
#669340)
* Updated Czech, German, Spanish, Finnish, Dutch, Polish, Slovenian,
Swedish and Ukrainian translations.
* Fix several issue with the use of screen in the test suite.
* Allow WDIFF_PAGER to override PAGER environment variable.
* Do not autodetect less, so we don't auto-enable less-mode. This should
improve things for UTF8 text. (Savannah bug #34224) Less-mode is
considered deprecated, as it isn't fit for multi-byte encodings.
Nevertheless it can still be enabled on the command line.
* Introduces use of ngettext to allow correct handling of plural forms
updated to 1.0.1:
* Updated Polish, Ukrainian, Slovenian, Dutch, Finnish, Swedish and
Czech translations
* Changed major version to 1 to reflect maturity of the package
* Updated Dutch, French, Danish and Slovenian translations
* Added Ukrainian translation
* Improved error reporting in case a child process has problems
* Added tests to the test suite
* Updated gnulib
updated to 0.6.5:
* Never initialize or deinitialize terminals, as we do no cursor movement
* Deprecated --no-init-term (-K) command line option
* Avoid relative path in man pages
* Updated gnulib, might be particularly important for uClibc users
updated to 0.6.4:
* Updated Catalan translations
* Updated gnulib
update to 0.6.3:
* `wdiff -d' to read input from single unified diff, perhaps stdin.
* Updated texinfo documentation taking experimental switch into account.
* Experimental programs (mdiff & friends) and a configure switch
--enable-experimental to control them.
* Recent imports from gnulib, use of recent autotools.
* Improved autodetection of termcap library like ncurses.
* Reformatted translations, still a number of fuzzy translations.
* Changed from CVS to bzr for source code version control.
* Various bug fixes. See ChangeLog for a more exhaustive list.
* Introduce --with-default-pager=PAGER configure switch.
* Fix missing newline in info dir entry list.
* Fix shell syntax in configure script
* Updated gnulib and gettext, the latter to 0.18
* Updated Dutch translation
* Fixed a number of portability issues reported by maint.mk syntax checks
* Updated Italian and Swedish translations
* Updated gnulib
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10031=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
wdiff-1.2.2-bp154.2.1
- openSUSE Backports SLE-15-SP4 (noarch):
wdiff-lang-1.2.2-bp154.2.1
References:
https://www.suse.com/security/cve/CVE-2012-3386.html
1
0
openSUSE-SU-2022:10030-1: moderate: Security update for dbus-broker
by opensuse-security@opensuse.org 25 Jun '22
by opensuse-security@opensuse.org 25 Jun '22
25 Jun '22
openSUSE Security Update: Security update for dbus-broker
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10030-1
Rating: moderate
References: #1200332 #1200333
Cross-References: CVE-2022-31212 CVE-2022-31213
CVSS scores:
CVE-2022-31212 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
CVE-2022-31213 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for dbus-broker fixes the following issues:
- CVE-2022-31212: Fix a stack buffer over-read in bundled c-shquote
(boo#1200332)
- CVE-2022-31213: Fix a NULL pointer dereferences in bundled c-shquote
(boo#1200333)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10030=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
dbus-broker-28-bp154.2.3.1
References:
https://www.suse.com/security/cve/CVE-2022-31212.html
https://www.suse.com/security/cve/CVE-2022-31213.html
https://bugzilla.suse.com/1200332
https://bugzilla.suse.com/1200333
1
0
SUSE-SU-2022:2184-1: important: Security update for liblouis
by opensuse-security@opensuse.org 24 Jun '22
by opensuse-security@opensuse.org 24 Jun '22
24 Jun '22
SUSE Security Update: Security update for liblouis
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2184-1
Rating: important
References: #1197085 #1200120
Cross-References: CVE-2022-26981 CVE-2022-31783
CVSS scores:
CVE-2022-26981 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-26981 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
CVE-2022-31783 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-31783 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for liblouis fixes the following issues:
- CVE-2022-26981: fix buffer overrun in compilePassOpcode (bsc#1197085).
- CVE-2022-31783: prevent an invalid memory write in compileRule
(bsc#1200120).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2184=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2184=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2184=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2184=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2184=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2184=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2184=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2184=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2184=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2184=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2184=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-2184=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
liblouis19-3.11.0-150200.3.3.1
liblouis19-debuginfo-3.11.0-150200.3.3.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
liblouis-debuginfo-3.11.0-150200.3.3.1
liblouis-debugsource-3.11.0-150200.3.3.1
liblouis-devel-3.11.0-150200.3.3.1
liblouis-doc-3.11.0-150200.3.3.1
liblouis-tools-3.11.0-150200.3.3.1
liblouis-tools-debuginfo-3.11.0-150200.3.3.1
liblouis19-3.11.0-150200.3.3.1
liblouis19-debuginfo-3.11.0-150200.3.3.1
python3-louis-3.11.0-150200.3.3.1
- openSUSE Leap 15.3 (noarch):
liblouis-data-3.11.0-150200.3.3.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
liblouis-debuginfo-3.11.0-150200.3.3.1
liblouis-debugsource-3.11.0-150200.3.3.1
liblouis-devel-3.11.0-150200.3.3.1
liblouis19-3.11.0-150200.3.3.1
liblouis19-debuginfo-3.11.0-150200.3.3.1
python3-louis-3.11.0-150200.3.3.1
- SUSE Manager Server 4.1 (noarch):
liblouis-data-3.11.0-150200.3.3.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
liblouis-data-3.11.0-150200.3.3.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
liblouis-debuginfo-3.11.0-150200.3.3.1
liblouis-debugsource-3.11.0-150200.3.3.1
liblouis-devel-3.11.0-150200.3.3.1
liblouis19-3.11.0-150200.3.3.1
liblouis19-debuginfo-3.11.0-150200.3.3.1
python3-louis-3.11.0-150200.3.3.1
- SUSE Manager Proxy 4.1 (noarch):
liblouis-data-3.11.0-150200.3.3.1
- SUSE Manager Proxy 4.1 (x86_64):
liblouis-debuginfo-3.11.0-150200.3.3.1
liblouis-debugsource-3.11.0-150200.3.3.1
liblouis-devel-3.11.0-150200.3.3.1
liblouis19-3.11.0-150200.3.3.1
liblouis19-debuginfo-3.11.0-150200.3.3.1
python3-louis-3.11.0-150200.3.3.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
liblouis-debuginfo-3.11.0-150200.3.3.1
liblouis-debugsource-3.11.0-150200.3.3.1
liblouis-devel-3.11.0-150200.3.3.1
liblouis19-3.11.0-150200.3.3.1
liblouis19-debuginfo-3.11.0-150200.3.3.1
python3-louis-3.11.0-150200.3.3.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
liblouis-data-3.11.0-150200.3.3.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
liblouis-debuginfo-3.11.0-150200.3.3.1
liblouis-debugsource-3.11.0-150200.3.3.1
liblouis-devel-3.11.0-150200.3.3.1
liblouis19-3.11.0-150200.3.3.1
liblouis19-debuginfo-3.11.0-150200.3.3.1
python3-louis-3.11.0-150200.3.3.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
liblouis-data-3.11.0-150200.3.3.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
liblouis-debuginfo-3.11.0-150200.3.3.1
liblouis-debugsource-3.11.0-150200.3.3.1
liblouis-devel-3.11.0-150200.3.3.1
liblouis19-3.11.0-150200.3.3.1
liblouis19-debuginfo-3.11.0-150200.3.3.1
python3-louis-3.11.0-150200.3.3.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
liblouis-data-3.11.0-150200.3.3.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
liblouis-debuginfo-3.11.0-150200.3.3.1
liblouis-debugsource-3.11.0-150200.3.3.1
liblouis-devel-3.11.0-150200.3.3.1
liblouis19-3.11.0-150200.3.3.1
liblouis19-debuginfo-3.11.0-150200.3.3.1
python3-louis-3.11.0-150200.3.3.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch):
liblouis-data-3.11.0-150200.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
liblouis-debuginfo-3.11.0-150200.3.3.1
liblouis-debugsource-3.11.0-150200.3.3.1
liblouis-devel-3.11.0-150200.3.3.1
liblouis19-3.11.0-150200.3.3.1
liblouis19-debuginfo-3.11.0-150200.3.3.1
python3-louis-3.11.0-150200.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
liblouis-data-3.11.0-150200.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
liblouis-debuginfo-3.11.0-150200.3.3.1
liblouis-debugsource-3.11.0-150200.3.3.1
liblouis-devel-3.11.0-150200.3.3.1
liblouis19-3.11.0-150200.3.3.1
liblouis19-debuginfo-3.11.0-150200.3.3.1
python3-louis-3.11.0-150200.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
liblouis-data-3.11.0-150200.3.3.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
liblouis-debuginfo-3.11.0-150200.3.3.1
liblouis-debugsource-3.11.0-150200.3.3.1
liblouis-devel-3.11.0-150200.3.3.1
liblouis19-3.11.0-150200.3.3.1
liblouis19-debuginfo-3.11.0-150200.3.3.1
python3-louis-3.11.0-150200.3.3.1
- SUSE Enterprise Storage 7 (noarch):
liblouis-data-3.11.0-150200.3.3.1
References:
https://www.suse.com/security/cve/CVE-2022-26981.html
https://www.suse.com/security/cve/CVE-2022-31783.html
https://bugzilla.suse.com/1197085
https://bugzilla.suse.com/1200120
1
0
SUSE-SU-2022:2185-1: important: Security update for php7
by opensuse-security@opensuse.org 24 Jun '22
by opensuse-security@opensuse.org 24 Jun '22
24 Jun '22
SUSE Security Update: Security update for php7
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2185-1
Rating: important
References: #1200628 #1200645
Cross-References: CVE-2022-31625 CVE-2022-31626
CVSS scores:
CVE-2022-31625 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-31626 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Web Scripting 15-SP3
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for php7 fixes the following issues:
- CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension.
(bsc#1200645)
- CVE-2022-31626: Fixed buffer overflow via user-supplied password when
using pdo_mysql extension with mysqlnd driver. (bsc#1200628).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2185=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2185=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2185=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2185=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2185=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2185=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2185=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2185=1
- SUSE Linux Enterprise Module for Web Scripting 15-SP3:
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-2185=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2185=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2185=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2185=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-2185=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
php7-firebird-7.4.6-150200.3.41.1
php7-firebird-debuginfo-7.4.6-150200.3.41.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
apache2-mod_php7-7.4.6-150200.3.41.1
apache2-mod_php7-debuginfo-7.4.6-150200.3.41.1
php7-7.4.6-150200.3.41.1
php7-bcmath-7.4.6-150200.3.41.1
php7-bcmath-debuginfo-7.4.6-150200.3.41.1
php7-bz2-7.4.6-150200.3.41.1
php7-bz2-debuginfo-7.4.6-150200.3.41.1
php7-calendar-7.4.6-150200.3.41.1
php7-calendar-debuginfo-7.4.6-150200.3.41.1
php7-ctype-7.4.6-150200.3.41.1
php7-ctype-debuginfo-7.4.6-150200.3.41.1
php7-curl-7.4.6-150200.3.41.1
php7-curl-debuginfo-7.4.6-150200.3.41.1
php7-dba-7.4.6-150200.3.41.1
php7-dba-debuginfo-7.4.6-150200.3.41.1
php7-debuginfo-7.4.6-150200.3.41.1
php7-debugsource-7.4.6-150200.3.41.1
php7-devel-7.4.6-150200.3.41.1
php7-dom-7.4.6-150200.3.41.1
php7-dom-debuginfo-7.4.6-150200.3.41.1
php7-embed-7.4.6-150200.3.41.1
php7-embed-debuginfo-7.4.6-150200.3.41.1
php7-enchant-7.4.6-150200.3.41.1
php7-enchant-debuginfo-7.4.6-150200.3.41.1
php7-exif-7.4.6-150200.3.41.1
php7-exif-debuginfo-7.4.6-150200.3.41.1
php7-fastcgi-7.4.6-150200.3.41.1
php7-fastcgi-debuginfo-7.4.6-150200.3.41.1
php7-fileinfo-7.4.6-150200.3.41.1
php7-fileinfo-debuginfo-7.4.6-150200.3.41.1
php7-firebird-7.4.6-150200.3.41.1
php7-firebird-debuginfo-7.4.6-150200.3.41.1
php7-fpm-7.4.6-150200.3.41.1
php7-fpm-debuginfo-7.4.6-150200.3.41.1
php7-ftp-7.4.6-150200.3.41.1
php7-ftp-debuginfo-7.4.6-150200.3.41.1
php7-gd-7.4.6-150200.3.41.1
php7-gd-debuginfo-7.4.6-150200.3.41.1
php7-gettext-7.4.6-150200.3.41.1
php7-gettext-debuginfo-7.4.6-150200.3.41.1
php7-gmp-7.4.6-150200.3.41.1
php7-gmp-debuginfo-7.4.6-150200.3.41.1
php7-iconv-7.4.6-150200.3.41.1
php7-iconv-debuginfo-7.4.6-150200.3.41.1
php7-intl-7.4.6-150200.3.41.1
php7-intl-debuginfo-7.4.6-150200.3.41.1
php7-json-7.4.6-150200.3.41.1
php7-json-debuginfo-7.4.6-150200.3.41.1
php7-ldap-7.4.6-150200.3.41.1
php7-ldap-debuginfo-7.4.6-150200.3.41.1
php7-mbstring-7.4.6-150200.3.41.1
php7-mbstring-debuginfo-7.4.6-150200.3.41.1
php7-mysql-7.4.6-150200.3.41.1
php7-mysql-debuginfo-7.4.6-150200.3.41.1
php7-odbc-7.4.6-150200.3.41.1
php7-odbc-debuginfo-7.4.6-150200.3.41.1
php7-opcache-7.4.6-150200.3.41.1
php7-opcache-debuginfo-7.4.6-150200.3.41.1
php7-openssl-7.4.6-150200.3.41.1
php7-openssl-debuginfo-7.4.6-150200.3.41.1
php7-pcntl-7.4.6-150200.3.41.1
php7-pcntl-debuginfo-7.4.6-150200.3.41.1
php7-pdo-7.4.6-150200.3.41.1
php7-pdo-debuginfo-7.4.6-150200.3.41.1
php7-pgsql-7.4.6-150200.3.41.1
php7-pgsql-debuginfo-7.4.6-150200.3.41.1
php7-phar-7.4.6-150200.3.41.1
php7-phar-debuginfo-7.4.6-150200.3.41.1
php7-posix-7.4.6-150200.3.41.1
php7-posix-debuginfo-7.4.6-150200.3.41.1
php7-readline-7.4.6-150200.3.41.1
php7-readline-debuginfo-7.4.6-150200.3.41.1
php7-shmop-7.4.6-150200.3.41.1
php7-shmop-debuginfo-7.4.6-150200.3.41.1
php7-snmp-7.4.6-150200.3.41.1
php7-snmp-debuginfo-7.4.6-150200.3.41.1
php7-soap-7.4.6-150200.3.41.1
php7-soap-debuginfo-7.4.6-150200.3.41.1
php7-sockets-7.4.6-150200.3.41.1
php7-sockets-debuginfo-7.4.6-150200.3.41.1
php7-sodium-7.4.6-150200.3.41.1
php7-sodium-debuginfo-7.4.6-150200.3.41.1
php7-sqlite-7.4.6-150200.3.41.1
php7-sqlite-debuginfo-7.4.6-150200.3.41.1
php7-sysvmsg-7.4.6-150200.3.41.1
php7-sysvmsg-debuginfo-7.4.6-150200.3.41.1
php7-sysvsem-7.4.6-150200.3.41.1
php7-sysvsem-debuginfo-7.4.6-150200.3.41.1
php7-sysvshm-7.4.6-150200.3.41.1
php7-sysvshm-debuginfo-7.4.6-150200.3.41.1
php7-test-7.4.6-150200.3.41.1
php7-tidy-7.4.6-150200.3.41.1
php7-tidy-debuginfo-7.4.6-150200.3.41.1
php7-tokenizer-7.4.6-150200.3.41.1
php7-tokenizer-debuginfo-7.4.6-150200.3.41.1
php7-xmlreader-7.4.6-150200.3.41.1
php7-xmlreader-debuginfo-7.4.6-150200.3.41.1
php7-xmlrpc-7.4.6-150200.3.41.1
php7-xmlrpc-debuginfo-7.4.6-150200.3.41.1
php7-xmlwriter-7.4.6-150200.3.41.1
php7-xmlwriter-debuginfo-7.4.6-150200.3.41.1
php7-xsl-7.4.6-150200.3.41.1
php7-xsl-debuginfo-7.4.6-150200.3.41.1
php7-zip-7.4.6-150200.3.41.1
php7-zip-debuginfo-7.4.6-150200.3.41.1
php7-zlib-7.4.6-150200.3.41.1
php7-zlib-debuginfo-7.4.6-150200.3.41.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
apache2-mod_php7-7.4.6-150200.3.41.1
apache2-mod_php7-debuginfo-7.4.6-150200.3.41.1
php7-7.4.6-150200.3.41.1
php7-bcmath-7.4.6-150200.3.41.1
php7-bcmath-debuginfo-7.4.6-150200.3.41.1
php7-bz2-7.4.6-150200.3.41.1
php7-bz2-debuginfo-7.4.6-150200.3.41.1
php7-calendar-7.4.6-150200.3.41.1
php7-calendar-debuginfo-7.4.6-150200.3.41.1
php7-ctype-7.4.6-150200.3.41.1
php7-ctype-debuginfo-7.4.6-150200.3.41.1
php7-curl-7.4.6-150200.3.41.1
php7-curl-debuginfo-7.4.6-150200.3.41.1
php7-dba-7.4.6-150200.3.41.1
php7-dba-debuginfo-7.4.6-150200.3.41.1
php7-debuginfo-7.4.6-150200.3.41.1
php7-debugsource-7.4.6-150200.3.41.1
php7-devel-7.4.6-150200.3.41.1
php7-dom-7.4.6-150200.3.41.1
php7-dom-debuginfo-7.4.6-150200.3.41.1
php7-enchant-7.4.6-150200.3.41.1
php7-enchant-debuginfo-7.4.6-150200.3.41.1
php7-exif-7.4.6-150200.3.41.1
php7-exif-debuginfo-7.4.6-150200.3.41.1
php7-fastcgi-7.4.6-150200.3.41.1
php7-fastcgi-debuginfo-7.4.6-150200.3.41.1
php7-fileinfo-7.4.6-150200.3.41.1
php7-fileinfo-debuginfo-7.4.6-150200.3.41.1
php7-fpm-7.4.6-150200.3.41.1
php7-fpm-debuginfo-7.4.6-150200.3.41.1
php7-ftp-7.4.6-150200.3.41.1
php7-ftp-debuginfo-7.4.6-150200.3.41.1
php7-gd-7.4.6-150200.3.41.1
php7-gd-debuginfo-7.4.6-150200.3.41.1
php7-gettext-7.4.6-150200.3.41.1
php7-gettext-debuginfo-7.4.6-150200.3.41.1
php7-gmp-7.4.6-150200.3.41.1
php7-gmp-debuginfo-7.4.6-150200.3.41.1
php7-iconv-7.4.6-150200.3.41.1
php7-iconv-debuginfo-7.4.6-150200.3.41.1
php7-intl-7.4.6-150200.3.41.1
php7-intl-debuginfo-7.4.6-150200.3.41.1
php7-json-7.4.6-150200.3.41.1
php7-json-debuginfo-7.4.6-150200.3.41.1
php7-ldap-7.4.6-150200.3.41.1
php7-ldap-debuginfo-7.4.6-150200.3.41.1
php7-mbstring-7.4.6-150200.3.41.1
php7-mbstring-debuginfo-7.4.6-150200.3.41.1
php7-mysql-7.4.6-150200.3.41.1
php7-mysql-debuginfo-7.4.6-150200.3.41.1
php7-odbc-7.4.6-150200.3.41.1
php7-odbc-debuginfo-7.4.6-150200.3.41.1
php7-opcache-7.4.6-150200.3.41.1
php7-opcache-debuginfo-7.4.6-150200.3.41.1
php7-openssl-7.4.6-150200.3.41.1
php7-openssl-debuginfo-7.4.6-150200.3.41.1
php7-pcntl-7.4.6-150200.3.41.1
php7-pcntl-debuginfo-7.4.6-150200.3.41.1
php7-pdo-7.4.6-150200.3.41.1
php7-pdo-debuginfo-7.4.6-150200.3.41.1
php7-pgsql-7.4.6-150200.3.41.1
php7-pgsql-debuginfo-7.4.6-150200.3.41.1
php7-phar-7.4.6-150200.3.41.1
php7-phar-debuginfo-7.4.6-150200.3.41.1
php7-posix-7.4.6-150200.3.41.1
php7-posix-debuginfo-7.4.6-150200.3.41.1
php7-readline-7.4.6-150200.3.41.1
php7-readline-debuginfo-7.4.6-150200.3.41.1
php7-shmop-7.4.6-150200.3.41.1
php7-shmop-debuginfo-7.4.6-150200.3.41.1
php7-snmp-7.4.6-150200.3.41.1
php7-snmp-debuginfo-7.4.6-150200.3.41.1
php7-soap-7.4.6-150200.3.41.1
php7-soap-debuginfo-7.4.6-150200.3.41.1
php7-sockets-7.4.6-150200.3.41.1
php7-sockets-debuginfo-7.4.6-150200.3.41.1
php7-sodium-7.4.6-150200.3.41.1
php7-sodium-debuginfo-7.4.6-150200.3.41.1
php7-sqlite-7.4.6-150200.3.41.1
php7-sqlite-debuginfo-7.4.6-150200.3.41.1
php7-sysvmsg-7.4.6-150200.3.41.1
php7-sysvmsg-debuginfo-7.4.6-150200.3.41.1
php7-sysvsem-7.4.6-150200.3.41.1
php7-sysvsem-debuginfo-7.4.6-150200.3.41.1
php7-sysvshm-7.4.6-150200.3.41.1
php7-sysvshm-debuginfo-7.4.6-150200.3.41.1
php7-tidy-7.4.6-150200.3.41.1
php7-tidy-debuginfo-7.4.6-150200.3.41.1
php7-tokenizer-7.4.6-150200.3.41.1
php7-tokenizer-debuginfo-7.4.6-150200.3.41.1
php7-xmlreader-7.4.6-150200.3.41.1
php7-xmlreader-debuginfo-7.4.6-150200.3.41.1
php7-xmlrpc-7.4.6-150200.3.41.1
php7-xmlrpc-debuginfo-7.4.6-150200.3.41.1
php7-xmlwriter-7.4.6-150200.3.41.1
php7-xmlwriter-debuginfo-7.4.6-150200.3.41.1
php7-xsl-7.4.6-150200.3.41.1
php7-xsl-debuginfo-7.4.6-150200.3.41.1
php7-zip-7.4.6-150200.3.41.1
php7-zip-debuginfo-7.4.6-150200.3.41.1
php7-zlib-7.4.6-150200.3.41.1
php7-zlib-debuginfo-7.4.6-150200.3.41.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
apache2-mod_php7-7.4.6-150200.3.41.1
apache2-mod_php7-debuginfo-7.4.6-150200.3.41.1
php7-7.4.6-150200.3.41.1
php7-bcmath-7.4.6-150200.3.41.1
php7-bcmath-debuginfo-7.4.6-150200.3.41.1
php7-bz2-7.4.6-150200.3.41.1
php7-bz2-debuginfo-7.4.6-150200.3.41.1
php7-calendar-7.4.6-150200.3.41.1
php7-calendar-debuginfo-7.4.6-150200.3.41.1
php7-ctype-7.4.6-150200.3.41.1
php7-ctype-debuginfo-7.4.6-150200.3.41.1
php7-curl-7.4.6-150200.3.41.1
php7-curl-debuginfo-7.4.6-150200.3.41.1
php7-dba-7.4.6-150200.3.41.1
php7-dba-debuginfo-7.4.6-150200.3.41.1
php7-debuginfo-7.4.6-150200.3.41.1
php7-debugsource-7.4.6-150200.3.41.1
php7-devel-7.4.6-150200.3.41.1
php7-dom-7.4.6-150200.3.41.1
php7-dom-debuginfo-7.4.6-150200.3.41.1
php7-enchant-7.4.6-150200.3.41.1
php7-enchant-debuginfo-7.4.6-150200.3.41.1
php7-exif-7.4.6-150200.3.41.1
php7-exif-debuginfo-7.4.6-150200.3.41.1
php7-fastcgi-7.4.6-150200.3.41.1
php7-fastcgi-debuginfo-7.4.6-150200.3.41.1
php7-fileinfo-7.4.6-150200.3.41.1
php7-fileinfo-debuginfo-7.4.6-150200.3.41.1
php7-fpm-7.4.6-150200.3.41.1
php7-fpm-debuginfo-7.4.6-150200.3.41.1
php7-ftp-7.4.6-150200.3.41.1
php7-ftp-debuginfo-7.4.6-150200.3.41.1
php7-gd-7.4.6-150200.3.41.1
php7-gd-debuginfo-7.4.6-150200.3.41.1
php7-gettext-7.4.6-150200.3.41.1
php7-gettext-debuginfo-7.4.6-150200.3.41.1
php7-gmp-7.4.6-150200.3.41.1
php7-gmp-debuginfo-7.4.6-150200.3.41.1
php7-iconv-7.4.6-150200.3.41.1
php7-iconv-debuginfo-7.4.6-150200.3.41.1
php7-intl-7.4.6-150200.3.41.1
php7-intl-debuginfo-7.4.6-150200.3.41.1
php7-json-7.4.6-150200.3.41.1
php7-json-debuginfo-7.4.6-150200.3.41.1
php7-ldap-7.4.6-150200.3.41.1
php7-ldap-debuginfo-7.4.6-150200.3.41.1
php7-mbstring-7.4.6-150200.3.41.1
php7-mbstring-debuginfo-7.4.6-150200.3.41.1
php7-mysql-7.4.6-150200.3.41.1
php7-mysql-debuginfo-7.4.6-150200.3.41.1
php7-odbc-7.4.6-150200.3.41.1
php7-odbc-debuginfo-7.4.6-150200.3.41.1
php7-opcache-7.4.6-150200.3.41.1
php7-opcache-debuginfo-7.4.6-150200.3.41.1
php7-openssl-7.4.6-150200.3.41.1
php7-openssl-debuginfo-7.4.6-150200.3.41.1
php7-pcntl-7.4.6-150200.3.41.1
php7-pcntl-debuginfo-7.4.6-150200.3.41.1
php7-pdo-7.4.6-150200.3.41.1
php7-pdo-debuginfo-7.4.6-150200.3.41.1
php7-pgsql-7.4.6-150200.3.41.1
php7-pgsql-debuginfo-7.4.6-150200.3.41.1
php7-phar-7.4.6-150200.3.41.1
php7-phar-debuginfo-7.4.6-150200.3.41.1
php7-posix-7.4.6-150200.3.41.1
php7-posix-debuginfo-7.4.6-150200.3.41.1
php7-readline-7.4.6-150200.3.41.1
php7-readline-debuginfo-7.4.6-150200.3.41.1
php7-shmop-7.4.6-150200.3.41.1
php7-shmop-debuginfo-7.4.6-150200.3.41.1
php7-snmp-7.4.6-150200.3.41.1
php7-snmp-debuginfo-7.4.6-150200.3.41.1
php7-soap-7.4.6-150200.3.41.1
php7-soap-debuginfo-7.4.6-150200.3.41.1
php7-sockets-7.4.6-150200.3.41.1
php7-sockets-debuginfo-7.4.6-150200.3.41.1
php7-sodium-7.4.6-150200.3.41.1
php7-sodium-debuginfo-7.4.6-150200.3.41.1
php7-sqlite-7.4.6-150200.3.41.1
php7-sqlite-debuginfo-7.4.6-150200.3.41.1
php7-sysvmsg-7.4.6-150200.3.41.1
php7-sysvmsg-debuginfo-7.4.6-150200.3.41.1
php7-sysvsem-7.4.6-150200.3.41.1
php7-sysvsem-debuginfo-7.4.6-150200.3.41.1
php7-sysvshm-7.4.6-150200.3.41.1
php7-sysvshm-debuginfo-7.4.6-150200.3.41.1
php7-tidy-7.4.6-150200.3.41.1
php7-tidy-debuginfo-7.4.6-150200.3.41.1
php7-tokenizer-7.4.6-150200.3.41.1
php7-tokenizer-debuginfo-7.4.6-150200.3.41.1
php7-xmlreader-7.4.6-150200.3.41.1
php7-xmlreader-debuginfo-7.4.6-150200.3.41.1
php7-xmlrpc-7.4.6-150200.3.41.1
php7-xmlrpc-debuginfo-7.4.6-150200.3.41.1
php7-xmlwriter-7.4.6-150200.3.41.1
php7-xmlwriter-debuginfo-7.4.6-150200.3.41.1
php7-xsl-7.4.6-150200.3.41.1
php7-xsl-debuginfo-7.4.6-150200.3.41.1
php7-zip-7.4.6-150200.3.41.1
php7-zip-debuginfo-7.4.6-150200.3.41.1
php7-zlib-7.4.6-150200.3.41.1
php7-zlib-debuginfo-7.4.6-150200.3.41.1
- SUSE Manager Proxy 4.1 (x86_64):
apache2-mod_php7-7.4.6-150200.3.41.1
apache2-mod_php7-debuginfo-7.4.6-150200.3.41.1
php7-7.4.6-150200.3.41.1
php7-bcmath-7.4.6-150200.3.41.1
php7-bcmath-debuginfo-7.4.6-150200.3.41.1
php7-bz2-7.4.6-150200.3.41.1
php7-bz2-debuginfo-7.4.6-150200.3.41.1
php7-calendar-7.4.6-150200.3.41.1
php7-calendar-debuginfo-7.4.6-150200.3.41.1
php7-ctype-7.4.6-150200.3.41.1
php7-ctype-debuginfo-7.4.6-150200.3.41.1
php7-curl-7.4.6-150200.3.41.1
php7-curl-debuginfo-7.4.6-150200.3.41.1
php7-dba-7.4.6-150200.3.41.1
php7-dba-debuginfo-7.4.6-150200.3.41.1
php7-debuginfo-7.4.6-150200.3.41.1
php7-debugsource-7.4.6-150200.3.41.1
php7-devel-7.4.6-150200.3.41.1
php7-dom-7.4.6-150200.3.41.1
php7-dom-debuginfo-7.4.6-150200.3.41.1
php7-enchant-7.4.6-150200.3.41.1
php7-enchant-debuginfo-7.4.6-150200.3.41.1
php7-exif-7.4.6-150200.3.41.1
php7-exif-debuginfo-7.4.6-150200.3.41.1
php7-fastcgi-7.4.6-150200.3.41.1
php7-fastcgi-debuginfo-7.4.6-150200.3.41.1
php7-fileinfo-7.4.6-150200.3.41.1
php7-fileinfo-debuginfo-7.4.6-150200.3.41.1
php7-fpm-7.4.6-150200.3.41.1
php7-fpm-debuginfo-7.4.6-150200.3.41.1
php7-ftp-7.4.6-150200.3.41.1
php7-ftp-debuginfo-7.4.6-150200.3.41.1
php7-gd-7.4.6-150200.3.41.1
php7-gd-debuginfo-7.4.6-150200.3.41.1
php7-gettext-7.4.6-150200.3.41.1
php7-gettext-debuginfo-7.4.6-150200.3.41.1
php7-gmp-7.4.6-150200.3.41.1
php7-gmp-debuginfo-7.4.6-150200.3.41.1
php7-iconv-7.4.6-150200.3.41.1
php7-iconv-debuginfo-7.4.6-150200.3.41.1
php7-intl-7.4.6-150200.3.41.1
php7-intl-debuginfo-7.4.6-150200.3.41.1
php7-json-7.4.6-150200.3.41.1
php7-json-debuginfo-7.4.6-150200.3.41.1
php7-ldap-7.4.6-150200.3.41.1
php7-ldap-debuginfo-7.4.6-150200.3.41.1
php7-mbstring-7.4.6-150200.3.41.1
php7-mbstring-debuginfo-7.4.6-150200.3.41.1
php7-mysql-7.4.6-150200.3.41.1
php7-mysql-debuginfo-7.4.6-150200.3.41.1
php7-odbc-7.4.6-150200.3.41.1
php7-odbc-debuginfo-7.4.6-150200.3.41.1
php7-opcache-7.4.6-150200.3.41.1
php7-opcache-debuginfo-7.4.6-150200.3.41.1
php7-openssl-7.4.6-150200.3.41.1
php7-openssl-debuginfo-7.4.6-150200.3.41.1
php7-pcntl-7.4.6-150200.3.41.1
php7-pcntl-debuginfo-7.4.6-150200.3.41.1
php7-pdo-7.4.6-150200.3.41.1
php7-pdo-debuginfo-7.4.6-150200.3.41.1
php7-pgsql-7.4.6-150200.3.41.1
php7-pgsql-debuginfo-7.4.6-150200.3.41.1
php7-phar-7.4.6-150200.3.41.1
php7-phar-debuginfo-7.4.6-150200.3.41.1
php7-posix-7.4.6-150200.3.41.1
php7-posix-debuginfo-7.4.6-150200.3.41.1
php7-readline-7.4.6-150200.3.41.1
php7-readline-debuginfo-7.4.6-150200.3.41.1
php7-shmop-7.4.6-150200.3.41.1
php7-shmop-debuginfo-7.4.6-150200.3.41.1
php7-snmp-7.4.6-150200.3.41.1
php7-snmp-debuginfo-7.4.6-150200.3.41.1
php7-soap-7.4.6-150200.3.41.1
php7-soap-debuginfo-7.4.6-150200.3.41.1
php7-sockets-7.4.6-150200.3.41.1
php7-sockets-debuginfo-7.4.6-150200.3.41.1
php7-sodium-7.4.6-150200.3.41.1
php7-sodium-debuginfo-7.4.6-150200.3.41.1
php7-sqlite-7.4.6-150200.3.41.1
php7-sqlite-debuginfo-7.4.6-150200.3.41.1
php7-sysvmsg-7.4.6-150200.3.41.1
php7-sysvmsg-debuginfo-7.4.6-150200.3.41.1
php7-sysvsem-7.4.6-150200.3.41.1
php7-sysvsem-debuginfo-7.4.6-150200.3.41.1
php7-sysvshm-7.4.6-150200.3.41.1
php7-sysvshm-debuginfo-7.4.6-150200.3.41.1
php7-tidy-7.4.6-150200.3.41.1
php7-tidy-debuginfo-7.4.6-150200.3.41.1
php7-tokenizer-7.4.6-150200.3.41.1
php7-tokenizer-debuginfo-7.4.6-150200.3.41.1
php7-xmlreader-7.4.6-150200.3.41.1
php7-xmlreader-debuginfo-7.4.6-150200.3.41.1
php7-xmlrpc-7.4.6-150200.3.41.1
php7-xmlrpc-debuginfo-7.4.6-150200.3.41.1
php7-xmlwriter-7.4.6-150200.3.41.1
php7-xmlwriter-debuginfo-7.4.6-150200.3.41.1
php7-xsl-7.4.6-150200.3.41.1
php7-xsl-debuginfo-7.4.6-150200.3.41.1
php7-zip-7.4.6-150200.3.41.1
php7-zip-debuginfo-7.4.6-150200.3.41.1
php7-zlib-7.4.6-150200.3.41.1
php7-zlib-debuginfo-7.4.6-150200.3.41.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
apache2-mod_php7-7.4.6-150200.3.41.1
apache2-mod_php7-debuginfo-7.4.6-150200.3.41.1
php7-7.4.6-150200.3.41.1
php7-bcmath-7.4.6-150200.3.41.1
php7-bcmath-debuginfo-7.4.6-150200.3.41.1
php7-bz2-7.4.6-150200.3.41.1
php7-bz2-debuginfo-7.4.6-150200.3.41.1
php7-calendar-7.4.6-150200.3.41.1
php7-calendar-debuginfo-7.4.6-150200.3.41.1
php7-ctype-7.4.6-150200.3.41.1
php7-ctype-debuginfo-7.4.6-150200.3.41.1
php7-curl-7.4.6-150200.3.41.1
php7-curl-debuginfo-7.4.6-150200.3.41.1
php7-dba-7.4.6-150200.3.41.1
php7-dba-debuginfo-7.4.6-150200.3.41.1
php7-debuginfo-7.4.6-150200.3.41.1
php7-debugsource-7.4.6-150200.3.41.1
php7-devel-7.4.6-150200.3.41.1
php7-dom-7.4.6-150200.3.41.1
php7-dom-debuginfo-7.4.6-150200.3.41.1
php7-enchant-7.4.6-150200.3.41.1
php7-enchant-debuginfo-7.4.6-150200.3.41.1
php7-exif-7.4.6-150200.3.41.1
php7-exif-debuginfo-7.4.6-150200.3.41.1
php7-fastcgi-7.4.6-150200.3.41.1
php7-fastcgi-debuginfo-7.4.6-150200.3.41.1
php7-fileinfo-7.4.6-150200.3.41.1
php7-fileinfo-debuginfo-7.4.6-150200.3.41.1
php7-fpm-7.4.6-150200.3.41.1
php7-fpm-debuginfo-7.4.6-150200.3.41.1
php7-ftp-7.4.6-150200.3.41.1
php7-ftp-debuginfo-7.4.6-150200.3.41.1
php7-gd-7.4.6-150200.3.41.1
php7-gd-debuginfo-7.4.6-150200.3.41.1
php7-gettext-7.4.6-150200.3.41.1
php7-gettext-debuginfo-7.4.6-150200.3.41.1
php7-gmp-7.4.6-150200.3.41.1
php7-gmp-debuginfo-7.4.6-150200.3.41.1
php7-iconv-7.4.6-150200.3.41.1
php7-iconv-debuginfo-7.4.6-150200.3.41.1
php7-intl-7.4.6-150200.3.41.1
php7-intl-debuginfo-7.4.6-150200.3.41.1
php7-json-7.4.6-150200.3.41.1
php7-json-debuginfo-7.4.6-150200.3.41.1
php7-ldap-7.4.6-150200.3.41.1
php7-ldap-debuginfo-7.4.6-150200.3.41.1
php7-mbstring-7.4.6-150200.3.41.1
php7-mbstring-debuginfo-7.4.6-150200.3.41.1
php7-mysql-7.4.6-150200.3.41.1
php7-mysql-debuginfo-7.4.6-150200.3.41.1
php7-odbc-7.4.6-150200.3.41.1
php7-odbc-debuginfo-7.4.6-150200.3.41.1
php7-opcache-7.4.6-150200.3.41.1
php7-opcache-debuginfo-7.4.6-150200.3.41.1
php7-openssl-7.4.6-150200.3.41.1
php7-openssl-debuginfo-7.4.6-150200.3.41.1
php7-pcntl-7.4.6-150200.3.41.1
php7-pcntl-debuginfo-7.4.6-150200.3.41.1
php7-pdo-7.4.6-150200.3.41.1
php7-pdo-debuginfo-7.4.6-150200.3.41.1
php7-pgsql-7.4.6-150200.3.41.1
php7-pgsql-debuginfo-7.4.6-150200.3.41.1
php7-phar-7.4.6-150200.3.41.1
php7-phar-debuginfo-7.4.6-150200.3.41.1
php7-posix-7.4.6-150200.3.41.1
php7-posix-debuginfo-7.4.6-150200.3.41.1
php7-readline-7.4.6-150200.3.41.1
php7-readline-debuginfo-7.4.6-150200.3.41.1
php7-shmop-7.4.6-150200.3.41.1
php7-shmop-debuginfo-7.4.6-150200.3.41.1
php7-snmp-7.4.6-150200.3.41.1
php7-snmp-debuginfo-7.4.6-150200.3.41.1
php7-soap-7.4.6-150200.3.41.1
php7-soap-debuginfo-7.4.6-150200.3.41.1
php7-sockets-7.4.6-150200.3.41.1
php7-sockets-debuginfo-7.4.6-150200.3.41.1
php7-sodium-7.4.6-150200.3.41.1
php7-sodium-debuginfo-7.4.6-150200.3.41.1
php7-sqlite-7.4.6-150200.3.41.1
php7-sqlite-debuginfo-7.4.6-150200.3.41.1
php7-sysvmsg-7.4.6-150200.3.41.1
php7-sysvmsg-debuginfo-7.4.6-150200.3.41.1
php7-sysvsem-7.4.6-150200.3.41.1
php7-sysvsem-debuginfo-7.4.6-150200.3.41.1
php7-sysvshm-7.4.6-150200.3.41.1
php7-sysvshm-debuginfo-7.4.6-150200.3.41.1
php7-tidy-7.4.6-150200.3.41.1
php7-tidy-debuginfo-7.4.6-150200.3.41.1
php7-tokenizer-7.4.6-150200.3.41.1
php7-tokenizer-debuginfo-7.4.6-150200.3.41.1
php7-xmlreader-7.4.6-150200.3.41.1
php7-xmlreader-debuginfo-7.4.6-150200.3.41.1
php7-xmlrpc-7.4.6-150200.3.41.1
php7-xmlrpc-debuginfo-7.4.6-150200.3.41.1
php7-xmlwriter-7.4.6-150200.3.41.1
php7-xmlwriter-debuginfo-7.4.6-150200.3.41.1
php7-xsl-7.4.6-150200.3.41.1
php7-xsl-debuginfo-7.4.6-150200.3.41.1
php7-zip-7.4.6-150200.3.41.1
php7-zip-debuginfo-7.4.6-150200.3.41.1
php7-zlib-7.4.6-150200.3.41.1
php7-zlib-debuginfo-7.4.6-150200.3.41.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
apache2-mod_php7-7.4.6-150200.3.41.1
apache2-mod_php7-debuginfo-7.4.6-150200.3.41.1
php7-7.4.6-150200.3.41.1
php7-bcmath-7.4.6-150200.3.41.1
php7-bcmath-debuginfo-7.4.6-150200.3.41.1
php7-bz2-7.4.6-150200.3.41.1
php7-bz2-debuginfo-7.4.6-150200.3.41.1
php7-calendar-7.4.6-150200.3.41.1
php7-calendar-debuginfo-7.4.6-150200.3.41.1
php7-ctype-7.4.6-150200.3.41.1
php7-ctype-debuginfo-7.4.6-150200.3.41.1
php7-curl-7.4.6-150200.3.41.1
php7-curl-debuginfo-7.4.6-150200.3.41.1
php7-dba-7.4.6-150200.3.41.1
php7-dba-debuginfo-7.4.6-150200.3.41.1
php7-debuginfo-7.4.6-150200.3.41.1
php7-debugsource-7.4.6-150200.3.41.1
php7-devel-7.4.6-150200.3.41.1
php7-dom-7.4.6-150200.3.41.1
php7-dom-debuginfo-7.4.6-150200.3.41.1
php7-enchant-7.4.6-150200.3.41.1
php7-enchant-debuginfo-7.4.6-150200.3.41.1
php7-exif-7.4.6-150200.3.41.1
php7-exif-debuginfo-7.4.6-150200.3.41.1
php7-fastcgi-7.4.6-150200.3.41.1
php7-fastcgi-debuginfo-7.4.6-150200.3.41.1
php7-fileinfo-7.4.6-150200.3.41.1
php7-fileinfo-debuginfo-7.4.6-150200.3.41.1
php7-fpm-7.4.6-150200.3.41.1
php7-fpm-debuginfo-7.4.6-150200.3.41.1
php7-ftp-7.4.6-150200.3.41.1
php7-ftp-debuginfo-7.4.6-150200.3.41.1
php7-gd-7.4.6-150200.3.41.1
php7-gd-debuginfo-7.4.6-150200.3.41.1
php7-gettext-7.4.6-150200.3.41.1
php7-gettext-debuginfo-7.4.6-150200.3.41.1
php7-gmp-7.4.6-150200.3.41.1
php7-gmp-debuginfo-7.4.6-150200.3.41.1
php7-iconv-7.4.6-150200.3.41.1
php7-iconv-debuginfo-7.4.6-150200.3.41.1
php7-intl-7.4.6-150200.3.41.1
php7-intl-debuginfo-7.4.6-150200.3.41.1
php7-json-7.4.6-150200.3.41.1
php7-json-debuginfo-7.4.6-150200.3.41.1
php7-ldap-7.4.6-150200.3.41.1
php7-ldap-debuginfo-7.4.6-150200.3.41.1
php7-mbstring-7.4.6-150200.3.41.1
php7-mbstring-debuginfo-7.4.6-150200.3.41.1
php7-mysql-7.4.6-150200.3.41.1
php7-mysql-debuginfo-7.4.6-150200.3.41.1
php7-odbc-7.4.6-150200.3.41.1
php7-odbc-debuginfo-7.4.6-150200.3.41.1
php7-opcache-7.4.6-150200.3.41.1
php7-opcache-debuginfo-7.4.6-150200.3.41.1
php7-openssl-7.4.6-150200.3.41.1
php7-openssl-debuginfo-7.4.6-150200.3.41.1
php7-pcntl-7.4.6-150200.3.41.1
php7-pcntl-debuginfo-7.4.6-150200.3.41.1
php7-pdo-7.4.6-150200.3.41.1
php7-pdo-debuginfo-7.4.6-150200.3.41.1
php7-pgsql-7.4.6-150200.3.41.1
php7-pgsql-debuginfo-7.4.6-150200.3.41.1
php7-phar-7.4.6-150200.3.41.1
php7-phar-debuginfo-7.4.6-150200.3.41.1
php7-posix-7.4.6-150200.3.41.1
php7-posix-debuginfo-7.4.6-150200.3.41.1
php7-readline-7.4.6-150200.3.41.1
php7-readline-debuginfo-7.4.6-150200.3.41.1
php7-shmop-7.4.6-150200.3.41.1
php7-shmop-debuginfo-7.4.6-150200.3.41.1
php7-snmp-7.4.6-150200.3.41.1
php7-snmp-debuginfo-7.4.6-150200.3.41.1
php7-soap-7.4.6-150200.3.41.1
php7-soap-debuginfo-7.4.6-150200.3.41.1
php7-sockets-7.4.6-150200.3.41.1
php7-sockets-debuginfo-7.4.6-150200.3.41.1
php7-sodium-7.4.6-150200.3.41.1
php7-sodium-debuginfo-7.4.6-150200.3.41.1
php7-sqlite-7.4.6-150200.3.41.1
php7-sqlite-debuginfo-7.4.6-150200.3.41.1
php7-sysvmsg-7.4.6-150200.3.41.1
php7-sysvmsg-debuginfo-7.4.6-150200.3.41.1
php7-sysvsem-7.4.6-150200.3.41.1
php7-sysvsem-debuginfo-7.4.6-150200.3.41.1
php7-sysvshm-7.4.6-150200.3.41.1
php7-sysvshm-debuginfo-7.4.6-150200.3.41.1
php7-tidy-7.4.6-150200.3.41.1
php7-tidy-debuginfo-7.4.6-150200.3.41.1
php7-tokenizer-7.4.6-150200.3.41.1
php7-tokenizer-debuginfo-7.4.6-150200.3.41.1
php7-xmlreader-7.4.6-150200.3.41.1
php7-xmlreader-debuginfo-7.4.6-150200.3.41.1
php7-xmlrpc-7.4.6-150200.3.41.1
php7-xmlrpc-debuginfo-7.4.6-150200.3.41.1
php7-xmlwriter-7.4.6-150200.3.41.1
php7-xmlwriter-debuginfo-7.4.6-150200.3.41.1
php7-xsl-7.4.6-150200.3.41.1
php7-xsl-debuginfo-7.4.6-150200.3.41.1
php7-zip-7.4.6-150200.3.41.1
php7-zip-debuginfo-7.4.6-150200.3.41.1
php7-zlib-7.4.6-150200.3.41.1
php7-zlib-debuginfo-7.4.6-150200.3.41.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
apache2-mod_php7-7.4.6-150200.3.41.1
apache2-mod_php7-debuginfo-7.4.6-150200.3.41.1
php7-7.4.6-150200.3.41.1
php7-bcmath-7.4.6-150200.3.41.1
php7-bcmath-debuginfo-7.4.6-150200.3.41.1
php7-bz2-7.4.6-150200.3.41.1
php7-bz2-debuginfo-7.4.6-150200.3.41.1
php7-calendar-7.4.6-150200.3.41.1
php7-calendar-debuginfo-7.4.6-150200.3.41.1
php7-ctype-7.4.6-150200.3.41.1
php7-ctype-debuginfo-7.4.6-150200.3.41.1
php7-curl-7.4.6-150200.3.41.1
php7-curl-debuginfo-7.4.6-150200.3.41.1
php7-dba-7.4.6-150200.3.41.1
php7-dba-debuginfo-7.4.6-150200.3.41.1
php7-debuginfo-7.4.6-150200.3.41.1
php7-debugsource-7.4.6-150200.3.41.1
php7-devel-7.4.6-150200.3.41.1
php7-dom-7.4.6-150200.3.41.1
php7-dom-debuginfo-7.4.6-150200.3.41.1
php7-enchant-7.4.6-150200.3.41.1
php7-enchant-debuginfo-7.4.6-150200.3.41.1
php7-exif-7.4.6-150200.3.41.1
php7-exif-debuginfo-7.4.6-150200.3.41.1
php7-fastcgi-7.4.6-150200.3.41.1
php7-fastcgi-debuginfo-7.4.6-150200.3.41.1
php7-fileinfo-7.4.6-150200.3.41.1
php7-fileinfo-debuginfo-7.4.6-150200.3.41.1
php7-fpm-7.4.6-150200.3.41.1
php7-fpm-debuginfo-7.4.6-150200.3.41.1
php7-ftp-7.4.6-150200.3.41.1
php7-ftp-debuginfo-7.4.6-150200.3.41.1
php7-gd-7.4.6-150200.3.41.1
php7-gd-debuginfo-7.4.6-150200.3.41.1
php7-gettext-7.4.6-150200.3.41.1
php7-gettext-debuginfo-7.4.6-150200.3.41.1
php7-gmp-7.4.6-150200.3.41.1
php7-gmp-debuginfo-7.4.6-150200.3.41.1
php7-iconv-7.4.6-150200.3.41.1
php7-iconv-debuginfo-7.4.6-150200.3.41.1
php7-intl-7.4.6-150200.3.41.1
php7-intl-debuginfo-7.4.6-150200.3.41.1
php7-json-7.4.6-150200.3.41.1
php7-json-debuginfo-7.4.6-150200.3.41.1
php7-ldap-7.4.6-150200.3.41.1
php7-ldap-debuginfo-7.4.6-150200.3.41.1
php7-mbstring-7.4.6-150200.3.41.1
php7-mbstring-debuginfo-7.4.6-150200.3.41.1
php7-mysql-7.4.6-150200.3.41.1
php7-mysql-debuginfo-7.4.6-150200.3.41.1
php7-odbc-7.4.6-150200.3.41.1
php7-odbc-debuginfo-7.4.6-150200.3.41.1
php7-opcache-7.4.6-150200.3.41.1
php7-opcache-debuginfo-7.4.6-150200.3.41.1
php7-openssl-7.4.6-150200.3.41.1
php7-openssl-debuginfo-7.4.6-150200.3.41.1
php7-pcntl-7.4.6-150200.3.41.1
php7-pcntl-debuginfo-7.4.6-150200.3.41.1
php7-pdo-7.4.6-150200.3.41.1
php7-pdo-debuginfo-7.4.6-150200.3.41.1
php7-pgsql-7.4.6-150200.3.41.1
php7-pgsql-debuginfo-7.4.6-150200.3.41.1
php7-phar-7.4.6-150200.3.41.1
php7-phar-debuginfo-7.4.6-150200.3.41.1
php7-posix-7.4.6-150200.3.41.1
php7-posix-debuginfo-7.4.6-150200.3.41.1
php7-readline-7.4.6-150200.3.41.1
php7-readline-debuginfo-7.4.6-150200.3.41.1
php7-shmop-7.4.6-150200.3.41.1
php7-shmop-debuginfo-7.4.6-150200.3.41.1
php7-snmp-7.4.6-150200.3.41.1
php7-snmp-debuginfo-7.4.6-150200.3.41.1
php7-soap-7.4.6-150200.3.41.1
php7-soap-debuginfo-7.4.6-150200.3.41.1
php7-sockets-7.4.6-150200.3.41.1
php7-sockets-debuginfo-7.4.6-150200.3.41.1
php7-sodium-7.4.6-150200.3.41.1
php7-sodium-debuginfo-7.4.6-150200.3.41.1
php7-sqlite-7.4.6-150200.3.41.1
php7-sqlite-debuginfo-7.4.6-150200.3.41.1
php7-sysvmsg-7.4.6-150200.3.41.1
php7-sysvmsg-debuginfo-7.4.6-150200.3.41.1
php7-sysvsem-7.4.6-150200.3.41.1
php7-sysvsem-debuginfo-7.4.6-150200.3.41.1
php7-sysvshm-7.4.6-150200.3.41.1
php7-sysvshm-debuginfo-7.4.6-150200.3.41.1
php7-tidy-7.4.6-150200.3.41.1
php7-tidy-debuginfo-7.4.6-150200.3.41.1
php7-tokenizer-7.4.6-150200.3.41.1
php7-tokenizer-debuginfo-7.4.6-150200.3.41.1
php7-xmlreader-7.4.6-150200.3.41.1
php7-xmlreader-debuginfo-7.4.6-150200.3.41.1
php7-xmlrpc-7.4.6-150200.3.41.1
php7-xmlrpc-debuginfo-7.4.6-150200.3.41.1
php7-xmlwriter-7.4.6-150200.3.41.1
php7-xmlwriter-debuginfo-7.4.6-150200.3.41.1
php7-xsl-7.4.6-150200.3.41.1
php7-xsl-debuginfo-7.4.6-150200.3.41.1
php7-zip-7.4.6-150200.3.41.1
php7-zip-debuginfo-7.4.6-150200.3.41.1
php7-zlib-7.4.6-150200.3.41.1
php7-zlib-debuginfo-7.4.6-150200.3.41.1
- SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64):
apache2-mod_php7-7.4.6-150200.3.41.1
apache2-mod_php7-debuginfo-7.4.6-150200.3.41.1
php7-7.4.6-150200.3.41.1
php7-bcmath-7.4.6-150200.3.41.1
php7-bcmath-debuginfo-7.4.6-150200.3.41.1
php7-bz2-7.4.6-150200.3.41.1
php7-bz2-debuginfo-7.4.6-150200.3.41.1
php7-calendar-7.4.6-150200.3.41.1
php7-calendar-debuginfo-7.4.6-150200.3.41.1
php7-ctype-7.4.6-150200.3.41.1
php7-ctype-debuginfo-7.4.6-150200.3.41.1
php7-curl-7.4.6-150200.3.41.1
php7-curl-debuginfo-7.4.6-150200.3.41.1
php7-dba-7.4.6-150200.3.41.1
php7-dba-debuginfo-7.4.6-150200.3.41.1
php7-debuginfo-7.4.6-150200.3.41.1
php7-debugsource-7.4.6-150200.3.41.1
php7-devel-7.4.6-150200.3.41.1
php7-dom-7.4.6-150200.3.41.1
php7-dom-debuginfo-7.4.6-150200.3.41.1
php7-enchant-7.4.6-150200.3.41.1
php7-enchant-debuginfo-7.4.6-150200.3.41.1
php7-exif-7.4.6-150200.3.41.1
php7-exif-debuginfo-7.4.6-150200.3.41.1
php7-fastcgi-7.4.6-150200.3.41.1
php7-fastcgi-debuginfo-7.4.6-150200.3.41.1
php7-fileinfo-7.4.6-150200.3.41.1
php7-fileinfo-debuginfo-7.4.6-150200.3.41.1
php7-fpm-7.4.6-150200.3.41.1
php7-fpm-debuginfo-7.4.6-150200.3.41.1
php7-ftp-7.4.6-150200.3.41.1
php7-ftp-debuginfo-7.4.6-150200.3.41.1
php7-gd-7.4.6-150200.3.41.1
php7-gd-debuginfo-7.4.6-150200.3.41.1
php7-gettext-7.4.6-150200.3.41.1
php7-gettext-debuginfo-7.4.6-150200.3.41.1
php7-gmp-7.4.6-150200.3.41.1
php7-gmp-debuginfo-7.4.6-150200.3.41.1
php7-iconv-7.4.6-150200.3.41.1
php7-iconv-debuginfo-7.4.6-150200.3.41.1
php7-intl-7.4.6-150200.3.41.1
php7-intl-debuginfo-7.4.6-150200.3.41.1
php7-json-7.4.6-150200.3.41.1
php7-json-debuginfo-7.4.6-150200.3.41.1
php7-ldap-7.4.6-150200.3.41.1
php7-ldap-debuginfo-7.4.6-150200.3.41.1
php7-mbstring-7.4.6-150200.3.41.1
php7-mbstring-debuginfo-7.4.6-150200.3.41.1
php7-mysql-7.4.6-150200.3.41.1
php7-mysql-debuginfo-7.4.6-150200.3.41.1
php7-odbc-7.4.6-150200.3.41.1
php7-odbc-debuginfo-7.4.6-150200.3.41.1
php7-opcache-7.4.6-150200.3.41.1
php7-opcache-debuginfo-7.4.6-150200.3.41.1
php7-openssl-7.4.6-150200.3.41.1
php7-openssl-debuginfo-7.4.6-150200.3.41.1
php7-pcntl-7.4.6-150200.3.41.1
php7-pcntl-debuginfo-7.4.6-150200.3.41.1
php7-pdo-7.4.6-150200.3.41.1
php7-pdo-debuginfo-7.4.6-150200.3.41.1
php7-pgsql-7.4.6-150200.3.41.1
php7-pgsql-debuginfo-7.4.6-150200.3.41.1
php7-phar-7.4.6-150200.3.41.1
php7-phar-debuginfo-7.4.6-150200.3.41.1
php7-posix-7.4.6-150200.3.41.1
php7-posix-debuginfo-7.4.6-150200.3.41.1
php7-readline-7.4.6-150200.3.41.1
php7-readline-debuginfo-7.4.6-150200.3.41.1
php7-shmop-7.4.6-150200.3.41.1
php7-shmop-debuginfo-7.4.6-150200.3.41.1
php7-snmp-7.4.6-150200.3.41.1
php7-snmp-debuginfo-7.4.6-150200.3.41.1
php7-soap-7.4.6-150200.3.41.1
php7-soap-debuginfo-7.4.6-150200.3.41.1
php7-sockets-7.4.6-150200.3.41.1
php7-sockets-debuginfo-7.4.6-150200.3.41.1
php7-sodium-7.4.6-150200.3.41.1
php7-sodium-debuginfo-7.4.6-150200.3.41.1
php7-sqlite-7.4.6-150200.3.41.1
php7-sqlite-debuginfo-7.4.6-150200.3.41.1
php7-sysvmsg-7.4.6-150200.3.41.1
php7-sysvmsg-debuginfo-7.4.6-150200.3.41.1
php7-sysvsem-7.4.6-150200.3.41.1
php7-sysvsem-debuginfo-7.4.6-150200.3.41.1
php7-sysvshm-7.4.6-150200.3.41.1
php7-sysvshm-debuginfo-7.4.6-150200.3.41.1
php7-tidy-7.4.6-150200.3.41.1
php7-tidy-debuginfo-7.4.6-150200.3.41.1
php7-tokenizer-7.4.6-150200.3.41.1
php7-tokenizer-debuginfo-7.4.6-150200.3.41.1
php7-xmlreader-7.4.6-150200.3.41.1
php7-xmlreader-debuginfo-7.4.6-150200.3.41.1
php7-xmlrpc-7.4.6-150200.3.41.1
php7-xmlrpc-debuginfo-7.4.6-150200.3.41.1
php7-xmlwriter-7.4.6-150200.3.41.1
php7-xmlwriter-debuginfo-7.4.6-150200.3.41.1
php7-xsl-7.4.6-150200.3.41.1
php7-xsl-debuginfo-7.4.6-150200.3.41.1
php7-zip-7.4.6-150200.3.41.1
php7-zip-debuginfo-7.4.6-150200.3.41.1
php7-zlib-7.4.6-150200.3.41.1
php7-zlib-debuginfo-7.4.6-150200.3.41.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):
php7-debuginfo-7.4.6-150200.3.41.1
php7-debugsource-7.4.6-150200.3.41.1
php7-embed-7.4.6-150200.3.41.1
php7-embed-debuginfo-7.4.6-150200.3.41.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
apache2-mod_php7-7.4.6-150200.3.41.1
apache2-mod_php7-debuginfo-7.4.6-150200.3.41.1
php7-7.4.6-150200.3.41.1
php7-bcmath-7.4.6-150200.3.41.1
php7-bcmath-debuginfo-7.4.6-150200.3.41.1
php7-bz2-7.4.6-150200.3.41.1
php7-bz2-debuginfo-7.4.6-150200.3.41.1
php7-calendar-7.4.6-150200.3.41.1
php7-calendar-debuginfo-7.4.6-150200.3.41.1
php7-ctype-7.4.6-150200.3.41.1
php7-ctype-debuginfo-7.4.6-150200.3.41.1
php7-curl-7.4.6-150200.3.41.1
php7-curl-debuginfo-7.4.6-150200.3.41.1
php7-dba-7.4.6-150200.3.41.1
php7-dba-debuginfo-7.4.6-150200.3.41.1
php7-debuginfo-7.4.6-150200.3.41.1
php7-debugsource-7.4.6-150200.3.41.1
php7-devel-7.4.6-150200.3.41.1
php7-dom-7.4.6-150200.3.41.1
php7-dom-debuginfo-7.4.6-150200.3.41.1
php7-enchant-7.4.6-150200.3.41.1
php7-enchant-debuginfo-7.4.6-150200.3.41.1
php7-exif-7.4.6-150200.3.41.1
php7-exif-debuginfo-7.4.6-150200.3.41.1
php7-fastcgi-7.4.6-150200.3.41.1
php7-fastcgi-debuginfo-7.4.6-150200.3.41.1
php7-fileinfo-7.4.6-150200.3.41.1
php7-fileinfo-debuginfo-7.4.6-150200.3.41.1
php7-fpm-7.4.6-150200.3.41.1
php7-fpm-debuginfo-7.4.6-150200.3.41.1
php7-ftp-7.4.6-150200.3.41.1
php7-ftp-debuginfo-7.4.6-150200.3.41.1
php7-gd-7.4.6-150200.3.41.1
php7-gd-debuginfo-7.4.6-150200.3.41.1
php7-gettext-7.4.6-150200.3.41.1
php7-gettext-debuginfo-7.4.6-150200.3.41.1
php7-gmp-7.4.6-150200.3.41.1
php7-gmp-debuginfo-7.4.6-150200.3.41.1
php7-iconv-7.4.6-150200.3.41.1
php7-iconv-debuginfo-7.4.6-150200.3.41.1
php7-intl-7.4.6-150200.3.41.1
php7-intl-debuginfo-7.4.6-150200.3.41.1
php7-json-7.4.6-150200.3.41.1
php7-json-debuginfo-7.4.6-150200.3.41.1
php7-ldap-7.4.6-150200.3.41.1
php7-ldap-debuginfo-7.4.6-150200.3.41.1
php7-mbstring-7.4.6-150200.3.41.1
php7-mbstring-debuginfo-7.4.6-150200.3.41.1
php7-mysql-7.4.6-150200.3.41.1
php7-mysql-debuginfo-7.4.6-150200.3.41.1
php7-odbc-7.4.6-150200.3.41.1
php7-odbc-debuginfo-7.4.6-150200.3.41.1
php7-opcache-7.4.6-150200.3.41.1
php7-opcache-debuginfo-7.4.6-150200.3.41.1
php7-openssl-7.4.6-150200.3.41.1
php7-openssl-debuginfo-7.4.6-150200.3.41.1
php7-pcntl-7.4.6-150200.3.41.1
php7-pcntl-debuginfo-7.4.6-150200.3.41.1
php7-pdo-7.4.6-150200.3.41.1
php7-pdo-debuginfo-7.4.6-150200.3.41.1
php7-pgsql-7.4.6-150200.3.41.1
php7-pgsql-debuginfo-7.4.6-150200.3.41.1
php7-phar-7.4.6-150200.3.41.1
php7-phar-debuginfo-7.4.6-150200.3.41.1
php7-posix-7.4.6-150200.3.41.1
php7-posix-debuginfo-7.4.6-150200.3.41.1
php7-readline-7.4.6-150200.3.41.1
php7-readline-debuginfo-7.4.6-150200.3.41.1
php7-shmop-7.4.6-150200.3.41.1
php7-shmop-debuginfo-7.4.6-150200.3.41.1
php7-snmp-7.4.6-150200.3.41.1
php7-snmp-debuginfo-7.4.6-150200.3.41.1
php7-soap-7.4.6-150200.3.41.1
php7-soap-debuginfo-7.4.6-150200.3.41.1
php7-sockets-7.4.6-150200.3.41.1
php7-sockets-debuginfo-7.4.6-150200.3.41.1
php7-sodium-7.4.6-150200.3.41.1
php7-sodium-debuginfo-7.4.6-150200.3.41.1
php7-sqlite-7.4.6-150200.3.41.1
php7-sqlite-debuginfo-7.4.6-150200.3.41.1
php7-sysvmsg-7.4.6-150200.3.41.1
php7-sysvmsg-debuginfo-7.4.6-150200.3.41.1
php7-sysvsem-7.4.6-150200.3.41.1
php7-sysvsem-debuginfo-7.4.6-150200.3.41.1
php7-sysvshm-7.4.6-150200.3.41.1
php7-sysvshm-debuginfo-7.4.6-150200.3.41.1
php7-tidy-7.4.6-150200.3.41.1
php7-tidy-debuginfo-7.4.6-150200.3.41.1
php7-tokenizer-7.4.6-150200.3.41.1
php7-tokenizer-debuginfo-7.4.6-150200.3.41.1
php7-xmlreader-7.4.6-150200.3.41.1
php7-xmlreader-debuginfo-7.4.6-150200.3.41.1
php7-xmlrpc-7.4.6-150200.3.41.1
php7-xmlrpc-debuginfo-7.4.6-150200.3.41.1
php7-xmlwriter-7.4.6-150200.3.41.1
php7-xmlwriter-debuginfo-7.4.6-150200.3.41.1
php7-xsl-7.4.6-150200.3.41.1
php7-xsl-debuginfo-7.4.6-150200.3.41.1
php7-zip-7.4.6-150200.3.41.1
php7-zip-debuginfo-7.4.6-150200.3.41.1
php7-zlib-7.4.6-150200.3.41.1
php7-zlib-debuginfo-7.4.6-150200.3.41.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
apache2-mod_php7-7.4.6-150200.3.41.1
apache2-mod_php7-debuginfo-7.4.6-150200.3.41.1
php7-7.4.6-150200.3.41.1
php7-bcmath-7.4.6-150200.3.41.1
php7-bcmath-debuginfo-7.4.6-150200.3.41.1
php7-bz2-7.4.6-150200.3.41.1
php7-bz2-debuginfo-7.4.6-150200.3.41.1
php7-calendar-7.4.6-150200.3.41.1
php7-calendar-debuginfo-7.4.6-150200.3.41.1
php7-ctype-7.4.6-150200.3.41.1
php7-ctype-debuginfo-7.4.6-150200.3.41.1
php7-curl-7.4.6-150200.3.41.1
php7-curl-debuginfo-7.4.6-150200.3.41.1
php7-dba-7.4.6-150200.3.41.1
php7-dba-debuginfo-7.4.6-150200.3.41.1
php7-debuginfo-7.4.6-150200.3.41.1
php7-debugsource-7.4.6-150200.3.41.1
php7-devel-7.4.6-150200.3.41.1
php7-dom-7.4.6-150200.3.41.1
php7-dom-debuginfo-7.4.6-150200.3.41.1
php7-enchant-7.4.6-150200.3.41.1
php7-enchant-debuginfo-7.4.6-150200.3.41.1
php7-exif-7.4.6-150200.3.41.1
php7-exif-debuginfo-7.4.6-150200.3.41.1
php7-fastcgi-7.4.6-150200.3.41.1
php7-fastcgi-debuginfo-7.4.6-150200.3.41.1
php7-fileinfo-7.4.6-150200.3.41.1
php7-fileinfo-debuginfo-7.4.6-150200.3.41.1
php7-fpm-7.4.6-150200.3.41.1
php7-fpm-debuginfo-7.4.6-150200.3.41.1
php7-ftp-7.4.6-150200.3.41.1
php7-ftp-debuginfo-7.4.6-150200.3.41.1
php7-gd-7.4.6-150200.3.41.1
php7-gd-debuginfo-7.4.6-150200.3.41.1
php7-gettext-7.4.6-150200.3.41.1
php7-gettext-debuginfo-7.4.6-150200.3.41.1
php7-gmp-7.4.6-150200.3.41.1
php7-gmp-debuginfo-7.4.6-150200.3.41.1
php7-iconv-7.4.6-150200.3.41.1
php7-iconv-debuginfo-7.4.6-150200.3.41.1
php7-intl-7.4.6-150200.3.41.1
php7-intl-debuginfo-7.4.6-150200.3.41.1
php7-json-7.4.6-150200.3.41.1
php7-json-debuginfo-7.4.6-150200.3.41.1
php7-ldap-7.4.6-150200.3.41.1
php7-ldap-debuginfo-7.4.6-150200.3.41.1
php7-mbstring-7.4.6-150200.3.41.1
php7-mbstring-debuginfo-7.4.6-150200.3.41.1
php7-mysql-7.4.6-150200.3.41.1
php7-mysql-debuginfo-7.4.6-150200.3.41.1
php7-odbc-7.4.6-150200.3.41.1
php7-odbc-debuginfo-7.4.6-150200.3.41.1
php7-opcache-7.4.6-150200.3.41.1
php7-opcache-debuginfo-7.4.6-150200.3.41.1
php7-openssl-7.4.6-150200.3.41.1
php7-openssl-debuginfo-7.4.6-150200.3.41.1
php7-pcntl-7.4.6-150200.3.41.1
php7-pcntl-debuginfo-7.4.6-150200.3.41.1
php7-pdo-7.4.6-150200.3.41.1
php7-pdo-debuginfo-7.4.6-150200.3.41.1
php7-pgsql-7.4.6-150200.3.41.1
php7-pgsql-debuginfo-7.4.6-150200.3.41.1
php7-phar-7.4.6-150200.3.41.1
php7-phar-debuginfo-7.4.6-150200.3.41.1
php7-posix-7.4.6-150200.3.41.1
php7-posix-debuginfo-7.4.6-150200.3.41.1
php7-readline-7.4.6-150200.3.41.1
php7-readline-debuginfo-7.4.6-150200.3.41.1
php7-shmop-7.4.6-150200.3.41.1
php7-shmop-debuginfo-7.4.6-150200.3.41.1
php7-snmp-7.4.6-150200.3.41.1
php7-snmp-debuginfo-7.4.6-150200.3.41.1
php7-soap-7.4.6-150200.3.41.1
php7-soap-debuginfo-7.4.6-150200.3.41.1
php7-sockets-7.4.6-150200.3.41.1
php7-sockets-debuginfo-7.4.6-150200.3.41.1
php7-sodium-7.4.6-150200.3.41.1
php7-sodium-debuginfo-7.4.6-150200.3.41.1
php7-sqlite-7.4.6-150200.3.41.1
php7-sqlite-debuginfo-7.4.6-150200.3.41.1
php7-sysvmsg-7.4.6-150200.3.41.1
php7-sysvmsg-debuginfo-7.4.6-150200.3.41.1
php7-sysvsem-7.4.6-150200.3.41.1
php7-sysvsem-debuginfo-7.4.6-150200.3.41.1
php7-sysvshm-7.4.6-150200.3.41.1
php7-sysvshm-debuginfo-7.4.6-150200.3.41.1
php7-tidy-7.4.6-150200.3.41.1
php7-tidy-debuginfo-7.4.6-150200.3.41.1
php7-tokenizer-7.4.6-150200.3.41.1
php7-tokenizer-debuginfo-7.4.6-150200.3.41.1
php7-xmlreader-7.4.6-150200.3.41.1
php7-xmlreader-debuginfo-7.4.6-150200.3.41.1
php7-xmlrpc-7.4.6-150200.3.41.1
php7-xmlrpc-debuginfo-7.4.6-150200.3.41.1
php7-xmlwriter-7.4.6-150200.3.41.1
php7-xmlwriter-debuginfo-7.4.6-150200.3.41.1
php7-xsl-7.4.6-150200.3.41.1
php7-xsl-debuginfo-7.4.6-150200.3.41.1
php7-zip-7.4.6-150200.3.41.1
php7-zip-debuginfo-7.4.6-150200.3.41.1
php7-zlib-7.4.6-150200.3.41.1
php7-zlib-debuginfo-7.4.6-150200.3.41.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
apache2-mod_php7-7.4.6-150200.3.41.1
apache2-mod_php7-debuginfo-7.4.6-150200.3.41.1
php7-7.4.6-150200.3.41.1
php7-bcmath-7.4.6-150200.3.41.1
php7-bcmath-debuginfo-7.4.6-150200.3.41.1
php7-bz2-7.4.6-150200.3.41.1
php7-bz2-debuginfo-7.4.6-150200.3.41.1
php7-calendar-7.4.6-150200.3.41.1
php7-calendar-debuginfo-7.4.6-150200.3.41.1
php7-ctype-7.4.6-150200.3.41.1
php7-ctype-debuginfo-7.4.6-150200.3.41.1
php7-curl-7.4.6-150200.3.41.1
php7-curl-debuginfo-7.4.6-150200.3.41.1
php7-dba-7.4.6-150200.3.41.1
php7-dba-debuginfo-7.4.6-150200.3.41.1
php7-debuginfo-7.4.6-150200.3.41.1
php7-debugsource-7.4.6-150200.3.41.1
php7-devel-7.4.6-150200.3.41.1
php7-dom-7.4.6-150200.3.41.1
php7-dom-debuginfo-7.4.6-150200.3.41.1
php7-enchant-7.4.6-150200.3.41.1
php7-enchant-debuginfo-7.4.6-150200.3.41.1
php7-exif-7.4.6-150200.3.41.1
php7-exif-debuginfo-7.4.6-150200.3.41.1
php7-fastcgi-7.4.6-150200.3.41.1
php7-fastcgi-debuginfo-7.4.6-150200.3.41.1
php7-fileinfo-7.4.6-150200.3.41.1
php7-fileinfo-debuginfo-7.4.6-150200.3.41.1
php7-fpm-7.4.6-150200.3.41.1
php7-fpm-debuginfo-7.4.6-150200.3.41.1
php7-ftp-7.4.6-150200.3.41.1
php7-ftp-debuginfo-7.4.6-150200.3.41.1
php7-gd-7.4.6-150200.3.41.1
php7-gd-debuginfo-7.4.6-150200.3.41.1
php7-gettext-7.4.6-150200.3.41.1
php7-gettext-debuginfo-7.4.6-150200.3.41.1
php7-gmp-7.4.6-150200.3.41.1
php7-gmp-debuginfo-7.4.6-150200.3.41.1
php7-iconv-7.4.6-150200.3.41.1
php7-iconv-debuginfo-7.4.6-150200.3.41.1
php7-intl-7.4.6-150200.3.41.1
php7-intl-debuginfo-7.4.6-150200.3.41.1
php7-json-7.4.6-150200.3.41.1
php7-json-debuginfo-7.4.6-150200.3.41.1
php7-ldap-7.4.6-150200.3.41.1
php7-ldap-debuginfo-7.4.6-150200.3.41.1
php7-mbstring-7.4.6-150200.3.41.1
php7-mbstring-debuginfo-7.4.6-150200.3.41.1
php7-mysql-7.4.6-150200.3.41.1
php7-mysql-debuginfo-7.4.6-150200.3.41.1
php7-odbc-7.4.6-150200.3.41.1
php7-odbc-debuginfo-7.4.6-150200.3.41.1
php7-opcache-7.4.6-150200.3.41.1
php7-opcache-debuginfo-7.4.6-150200.3.41.1
php7-openssl-7.4.6-150200.3.41.1
php7-openssl-debuginfo-7.4.6-150200.3.41.1
php7-pcntl-7.4.6-150200.3.41.1
php7-pcntl-debuginfo-7.4.6-150200.3.41.1
php7-pdo-7.4.6-150200.3.41.1
php7-pdo-debuginfo-7.4.6-150200.3.41.1
php7-pgsql-7.4.6-150200.3.41.1
php7-pgsql-debuginfo-7.4.6-150200.3.41.1
php7-phar-7.4.6-150200.3.41.1
php7-phar-debuginfo-7.4.6-150200.3.41.1
php7-posix-7.4.6-150200.3.41.1
php7-posix-debuginfo-7.4.6-150200.3.41.1
php7-readline-7.4.6-150200.3.41.1
php7-readline-debuginfo-7.4.6-150200.3.41.1
php7-shmop-7.4.6-150200.3.41.1
php7-shmop-debuginfo-7.4.6-150200.3.41.1
php7-snmp-7.4.6-150200.3.41.1
php7-snmp-debuginfo-7.4.6-150200.3.41.1
php7-soap-7.4.6-150200.3.41.1
php7-soap-debuginfo-7.4.6-150200.3.41.1
php7-sockets-7.4.6-150200.3.41.1
php7-sockets-debuginfo-7.4.6-150200.3.41.1
php7-sodium-7.4.6-150200.3.41.1
php7-sodium-debuginfo-7.4.6-150200.3.41.1
php7-sqlite-7.4.6-150200.3.41.1
php7-sqlite-debuginfo-7.4.6-150200.3.41.1
php7-sysvmsg-7.4.6-150200.3.41.1
php7-sysvmsg-debuginfo-7.4.6-150200.3.41.1
php7-sysvsem-7.4.6-150200.3.41.1
php7-sysvsem-debuginfo-7.4.6-150200.3.41.1
php7-sysvshm-7.4.6-150200.3.41.1
php7-sysvshm-debuginfo-7.4.6-150200.3.41.1
php7-tidy-7.4.6-150200.3.41.1
php7-tidy-debuginfo-7.4.6-150200.3.41.1
php7-tokenizer-7.4.6-150200.3.41.1
php7-tokenizer-debuginfo-7.4.6-150200.3.41.1
php7-xmlreader-7.4.6-150200.3.41.1
php7-xmlreader-debuginfo-7.4.6-150200.3.41.1
php7-xmlrpc-7.4.6-150200.3.41.1
php7-xmlrpc-debuginfo-7.4.6-150200.3.41.1
php7-xmlwriter-7.4.6-150200.3.41.1
php7-xmlwriter-debuginfo-7.4.6-150200.3.41.1
php7-xsl-7.4.6-150200.3.41.1
php7-xsl-debuginfo-7.4.6-150200.3.41.1
php7-zip-7.4.6-150200.3.41.1
php7-zip-debuginfo-7.4.6-150200.3.41.1
php7-zlib-7.4.6-150200.3.41.1
php7-zlib-debuginfo-7.4.6-150200.3.41.1
References:
https://www.suse.com/security/cve/CVE-2022-31625.html
https://www.suse.com/security/cve/CVE-2022-31626.html
https://bugzilla.suse.com/1200628
https://bugzilla.suse.com/1200645
1
0
SUSE-SU-2022:2178-1: important: Security update for salt
by opensuse-security@opensuse.org 24 Jun '22
by opensuse-security@opensuse.org 24 Jun '22
24 Jun '22
SUSE Security Update: Security update for salt
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2178-1
Rating: important
References: #1200566
Cross-References: CVE-2022-22967
CVSS scores:
CVE-2022-22967 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Module for Transactional Server 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for salt fixes the following issues:
- CVE-2022-22967: Fixed missing check for PAM_ACCT_MGM return value that
could be used to bypass PAM authentication (bsc#1200566)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2178=1
- SUSE Linux Enterprise Module for Transactional Server 15-SP3:
zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP3-2022-2178=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2178=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2178=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2178=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2178=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
python3-salt-3004-150300.53.24.1
salt-3004-150300.53.24.1
salt-api-3004-150300.53.24.1
salt-cloud-3004-150300.53.24.1
salt-doc-3004-150300.53.24.1
salt-master-3004-150300.53.24.1
salt-minion-3004-150300.53.24.1
salt-proxy-3004-150300.53.24.1
salt-ssh-3004-150300.53.24.1
salt-standalone-formulas-configuration-3004-150300.53.24.1
salt-syndic-3004-150300.53.24.1
salt-transactional-update-3004-150300.53.24.1
- openSUSE Leap 15.3 (noarch):
salt-bash-completion-3004-150300.53.24.1
salt-fish-completion-3004-150300.53.24.1
salt-zsh-completion-3004-150300.53.24.1
- SUSE Linux Enterprise Module for Transactional Server 15-SP3 (aarch64 ppc64le s390x x86_64):
salt-transactional-update-3004-150300.53.24.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
salt-api-3004-150300.53.24.1
salt-cloud-3004-150300.53.24.1
salt-master-3004-150300.53.24.1
salt-proxy-3004-150300.53.24.1
salt-ssh-3004-150300.53.24.1
salt-standalone-formulas-configuration-3004-150300.53.24.1
salt-syndic-3004-150300.53.24.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch):
salt-fish-completion-3004-150300.53.24.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
python3-salt-3004-150300.53.24.1
salt-3004-150300.53.24.1
salt-doc-3004-150300.53.24.1
salt-minion-3004-150300.53.24.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
salt-bash-completion-3004-150300.53.24.1
salt-zsh-completion-3004-150300.53.24.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
python3-salt-3004-150300.53.24.1
salt-3004-150300.53.24.1
salt-minion-3004-150300.53.24.1
salt-transactional-update-3004-150300.53.24.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
python3-salt-3004-150300.53.24.1
salt-3004-150300.53.24.1
salt-minion-3004-150300.53.24.1
salt-transactional-update-3004-150300.53.24.1
References:
https://www.suse.com/security/cve/CVE-2022-22967.html
https://bugzilla.suse.com/1200566
1
0
SUSE-SU-2022:2174-1: important: Security update for python39
by opensuse-security@opensuse.org 24 Jun '22
by opensuse-security@opensuse.org 24 Jun '22
24 Jun '22
SUSE Security Update: Security update for python39
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2174-1
Rating: important
References: #1192249 #1198511 SLE-21253
Cross-References: CVE-2015-20107
CVSS scores:
CVE-2015-20107 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2015-20107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability, contains one
feature and has one errata is now available.
Description:
This update for python39 fixes the following issues:
- CVE-2015-20107: avoid command injection in the mailcap module
(bsc#1198511).
- Update to 3.9.13:
- Core and Builtins
- gh-92311: Fixed a bug where setting frame.f_lineno to jump
over a list comprehension could misbehave or crash.
- gh-92112: Fix crash triggered by an evil custom mro() on a metaclass.
- gh-92036: Fix a crash in subinterpreters related to the garbage
collector. When a subinterpreter is deleted, untrack all objects
tracked by its GC. To prevent a crash in deallocator functions
expecting objects to be tracked by the GC, leak a strong reference
to these objects on purpose, so they are never deleted and their
deallocator functions are not called. Patch by Victor Stinner.
- gh-91421: Fix a potential integer overflow in _Py_DecodeUTF8Ex.
- bpo-46775: Some Windows system error codes(>= 10000) are now mapped
into the correct errno and may now raise a subclass of OSError.
Patch by Dong-hee Na.
- bpo-46962: Classes and functions that unconditionally declared their
docstrings ignoring the
--without-doc-strings compilation flag no longer do so.
- The classes affected are pickle.PickleBuffer,
testcapi.RecursingInfinitelyError, and types.GenericAlias.
- The functions affected are 24 methods in ctypes.
- Patch by Oleg Iarygin.
- bpo-36819: Fix crashes in built-in encoders with error handlers that
return position less or equal than the starting position of
non-encodable characters.
- Library
- gh-91581: utcfromtimestamp() no longer attempts to resolve fold in
the pure Python implementation, since the fold is never 1 in UTC. In
addition to being slightly faster in the common case, this also
prevents some errors when the timestamp is close to datetime.min.
Patch by Paul Ganssle.
- gh-92530: Fix an issue that occurred after interrupting
threading.Condition.notify().
- gh-92049: Forbid pickling constants re._constants.SUCCESS etc.
Previously, pickling did not fail, but the result could not be
unpickled.
- bpo-47029: Always close the read end of the pipe used by
multiprocessing.Queue after the last write of buffered data to the
write end of the pipe to avoid BrokenPipeError at garbage collection
and at multiprocessing.Queue.close() calls. Patch by G��ry Ogam.
- gh-91910: Add missing f prefix to f-strings in error messages from
the multiprocessing and asyncio modules.
- gh-91810: ElementTree method write() and function tostring() now use
the text file''s encoding ("UTF-8" if not available) instead of
locale encoding in XML declaration when encoding="unicode" is
specified.
- gh-91832: Add required attribute to argparse.Action repr
output.
- gh-91734: Fix OSS audio support on Solaris.
- gh-91700: Compilation of regular expression containing a conditional
expression (?(group)...) now raises an appropriate re.error if the
group number refers to not defined group. Previously an internal
RuntimeError was raised.
- gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown the per
test event loop executor before returning from its run method so
that a not yet stopped or garbage collected executor state does not
persist beyond the test.
- gh-90568: Parsing \N escapes of Unicode Named Character Sequences in
a regular expression raises now re.error instead of TypeError.
- gh-91595: Fix the comparison of character and integer inside
Tools.gdb.libpython.write_repr(). Patch by Yu Liu.
- gh-90622: Worker processes for
concurrent.futures.ProcessPoolExecutor are no longer spawned on
demand (a feature added in 3.9) when the multiprocessing context
start method is "fork" as that can lead to deadlocks in the child
processes due to a fork happening while threads are running.
- gh-91575: Update case-insensitive matching in the re module to the
latest Unicode version.
- gh-91581: Remove an unhandled error case in the C implementation of
calls to datetime.fromtimestamp with no time zone (i.e. getting a
local time from an epoch timestamp). This should have no user-facing
effect other than giving a possibly more accurate error message when
called with timestamps that fall on 10000-01-01 in the local time.
Patch by Paul Ganssle.
- bpo-34480: Fix a bug where _markupbase raised an UnboundLocalError
when an invalid keyword was found in marked section. Patch by Marek
Suscak.
- bpo-27929: Fix asyncio.loop.sock_connect() to only resolve names for
socket.AF_INET or socket.AF_INET6 families. Resolution may not make
sense for other families, like socket.AF_BLUETOOTH and
socket.AF_UNIX.
- bpo-43323: Fix errors in the email module if the charset itself
contains undecodable/unencodable characters.
- bpo-46787: Fix concurrent.futures.ProcessPoolExecutor exception
memory leak
- bpo-46415: Fix ipaddress.ip_{address,interface,network} raising
TypeError instead of ValueError if given invalid tuple as address
parameter.
- bpo-44911: IsolatedAsyncioTestCase will no longer throw an exception
while cancelling leaked tasks. Patch by Bar Harel.
- bpo-44493: Add missing terminated NUL in sockaddr_un's length
- This was potentially observable when using non-abstract AF_UNIX
datagram sockets to processes written in another programming
language.
- bpo-42627: Fix incorrect parsing of Windows registry proxy settings
- bpo-36073: Raise ProgrammingError instead of segfaulting on
recursive usage of cursors in sqlite3 converters. Patch by Sergey
Fedoseev.
- Documentation
- gh-91888: Add a new gh role to the documentation to link to GitHub
issues.
- gh-91783: Document security issues concerning the use of the
function shutil.unpack_archive()
- gh-91547: Remove "Undocumented modules" page.
- bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of
shutil.copytree().
- bpo-38668: Update the introduction to documentation for
os.path to remove warnings that became irrelevant after the
implementations of PEP 383 and PEP 529.
- bpo-47138: Pin Jinja to a version compatible with Sphinx version
2.4.4.
- bpo-46962: All docstrings in code snippets are now wrapped into
PyDoc_STR() to follow the guideline of PEP 7's Documentation Strings
paragraph. Patch by Oleg Iarygin.
- bpo-26792: Improve the docstrings of runpy.run_module() and
runpy.run_path(). Original patch by Andrew Brezovsky.
- bpo-45790: Adjust inaccurate phrasing in Defining Extension Types:
Tutorial about the ob_base field and the macros used to access its
contents.
- bpo-42340: Document that in some circumstances KeyboardInterrupt may
cause the code to enter an inconsistent state. Provided a sample
workaround to avoid it if needed.
- bpo-41233: Link the errnos referenced in Doc/library/exceptions.rst
to their respective section in Doc/library/errno.rst, and vice
versa. Previously this was
only done for EINTR and InterruptedError. Patch by Yan "yyyyyyyan"
Orestes.
- bpo-38056: Overhaul the Error Handlers documentation in codecs.
- bpo-13553: Document tkinter.Tk args.
- Tests
- gh-91607: Fix test_concurrent_futures to test the correct
multiprocessing start method context in several cases where the test
logic mixed this up.
- bpo-47205: Skip test for sched_getaffinity() and sched_setaffinity()
error case on FreeBSD.
- bpo-29890: Add tests for ipaddress.IPv4Interface and
ipaddress.IPv6Interface construction with tuple arguments. Original
patch and tests by louisom.
- Build
- bpo-47103: Windows PGInstrument builds now copy a required DLL into
the output directory, making it easier to run the profile stage of a
PGO build.
- Windows
- bpo-47194: Update zlib to v1.2.12 to resolve CVE-2018-25032.
- bpo-46785: Fix race condition between os.stat() and unlinking a file
on Windows, by using errors codes returned by FindFirstFileW() when
appropriate in win32_xstat_impl.
- bpo-40859: Update Windows build to use xz-5.2.5
- Tools/Demos
- gh-91583: Fix regression in the code generated by Argument Clinic
for functions with the defining_class parameter.
- Update to 3.9.12:
- bpo-46968: Check for the existence of the "sys/auxv.h" header in
faulthandler to avoid compilation problems in systems where this
header doesn't exist. Patch by Pablo Galindo
- bpo-47101: hashlib.algorithms_available now lists only algorithms that
are provided by activated crypto providers on OpenSSL 3.0. Legacy
algorithms are not listed unless the legacy provider has been loaded
into the default OSSL context.
- bpo-23691: Protect the re.finditer() iterator from re-entering.
- bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to avoid a
"zipfile.BadZipFile: Bad CRC-32 for file" exception when reading a
ZipFile from multiple threads.
- bpo-38256: Fix binascii.crc32() when it is compiled to use zlib'c
crc32 to work properly on inputs 4+GiB in length instead of returning
the wrong result. The workaround prior to this was to always feed the
function data in increments smaller than 4GiB or to just call the zlib
module function.
- bpo-39394: A warning about inline flags not at the start of the
regular expression now contains the position of the flag.
- bpo-47061: Deprecate the various modules listed by PEP 594:
- aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, imghdr,
msilib, nntplib, nis, ossaudiodev, pipes, smtpd, sndhdr, spwd, sunau,
telnetlib, uu, xdrlib
- bpo-2604: Fix bug where doctests using globals would fail when run
multiple times.
- bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order.
- bpo-47022: The asynchat, asyncore and smtpd modules have been
deprecated since at least Python 3.6. Their documentation has now been
updated to note they will removed in Python 3.12 (PEP 594).
- bpo-46421: Fix a unittest issue where if the command was invoked as
python -m unittest and the filename(s) began with a dot (.), a
ValueError is returned.
- bpo-40296: Fix supporting generic aliases in pydoc.
- bpo-14156: argparse.FileType now supports an argument of '-'; in
binary mode, returning the .buffer attribute of sys.stdin/sys.stdout
as appropriate. Modes including 'x' and 'a' are treated equivalently
to 'w' when argument is '-'. Patch contributed by Josh Rosenberg
- Update to 3.9.11:
- bpo-46852: Rename the private undocumented float.__set_format__()
method to float.__setformat__() to fix a typo introduced in Python
3.7. The method is only used by test_float. Patch by Victor Stinner.
- bpo-46794: Bump up the libexpat version into 2.4.6
- bpo-46762: Fix an assert failure in debug builds when a '<', '>', or
'=' is the last character in an f-string that's missing a closing
right brace.
- bpo-46732: Correct the docstring for the __bool__() method. Patch by
Jelle Zijlstra.
- bpo-40479: Add a missing call to va_end() in Modules/_hashopenssl.c.
- bpo-46615: When iterating over sets internally in setobject.c, acquire
strong references to the resulting items from the set. This prevents
crashes in corner-cases of various set operations where the set gets
mutated.
- bpo-43721: Fix docstrings of getter, setter, and deleter to clarify
that they create a new copy of the property.
- bpo-46503: Fix an assert when parsing some invalid N escape sequences
in f-strings.
- bpo-46417: Fix a race condition on setting a type __bases__ attribute:
the internal function add_subclass() now gets the
PyTypeObject.tp_subclasses member after calling PyWeakref_NewRef()
which can trigger a garbage collection which can indirectly modify
PyTypeObject.tp_subclasses. Patch by Victor Stinner.
- bpo-46383: Fix invalid signature of _zoneinfo's module_free function
to resolve a crash on wasm32-emscripten platform.
- bpo-43253: Fix a crash when closing transports where the underlying
socket handle is already invalid on the Proactor event loop.
- bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, including
bugfix for EntryPoint.extras, which was returning match objects and
not the extras strings.
- bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4)
- bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically
determine size of signal handler stack size CPython allocates using
getauxval(AT_MINSIGSTKSZ). This changes allows for Python extension's
request to Linux kernel to use AMX_TILE instruction set on Sapphire
Rapids Xeon processor to succeed, unblocking use of the ISA in
frameworks.
- bpo-46955: Expose asyncio.base_events.Server as asyncio.Server. Patch
by Stefan Zabka.
- bpo-46932: Update bundled libexpat to 2.4.7
- bpo-25707: Fixed a file leak in xml.etree.ElementTree.iterparse() when
the iterator is not exhausted. Patch by Jacob Walls.
- bpo-44886: Inherit asyncio proactor datagram transport from
asyncio.DatagramTransport.
- bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() for
selector-based event loops. Patch by Thomas Grainger.
- bpo-46811: Make test suite support Expat >=2.4.5
- bpo-46252: Raise TypeError if ssl.SSLSocket is passed to
transport-based APIs.
- bpo-46784: Fix libexpat symbols collisions with user dynamically
loaded or statically linked libexpat in embedded Python.
- bpo-39327: shutil.rmtree() can now work with VirtualBox shared folders
when running from the guest operating-system.
- bpo-46756: Fix a bug in
urllib.request.HTTPPasswordMgr.find_user_password() and
urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which
allowed to bypass authorization. For example, access to URI
example.org/foobar was allowed if the user was authorized for URI
example.org/foo.
- bpo-45863: When the tarfile module creates a pax format archive, it
will put an integer representation of timestamps in the ustar header
(if possible) for the benefit of older unarchivers, in addition to the
existing full-precision timestamps in the pax extended header.
- bpo-46672: Fix NameError in asyncio.gather() when initial type check
fails.
- bpo-45948: Fixed a discrepancy in the C implementation of the
xml.etree.ElementTree module. Now, instantiating an
xml.etree.ElementTree.XMLParser with a target=None keyword provides a
default xml.etree.ElementTree.TreeBuilder target as the Python
implementation does.
- bpo-46591: Make the IDLE doc URL on the About IDLE dialog clickable.
- bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4
- bpo-46487: Add the get_write_buffer_limits method to
asyncio.transports.WriteTransport and to the SSL transport.
- bpo-46539: In typing.get_type_hints(), support evaluating stringified
ClassVar and Final annotations inside Annotated. Patch by Gregory
Beauregard.
- bpo-46491: Allow typing.Annotated to wrap typing.Final and
typing.ClassVar. Patch by Gregory Beauregard.
- bpo-46436: Fix command-line option -d/--directory in module
http.server which is ignored when combined with command-line
option --cgi. Patch by G��ry Ogam.
- bpo-41403: Make mock.patch() raise a TypeError with a relevant error
message on invalid arg. Previously it allowed a cryptic AttributeError
to escape.
- bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid potential
REDoS by limiting ambiguity in consecutive whitespace.
- bpo-46469: asyncio generic classes now return types.GenericAlias in
__class_getitem__ instead of the same class.
- bpo-46434: pdb now gracefully handles help when __doc__ is missing,
for example when run with pregenerated optimized .pyc files.
- bpo-46333: The __eq__() and __hash__() methods of typing.ForwardRef
now honor the module parameter of typing.ForwardRef. Forward
references from different modules are now differentiated.
- bpo-43118: Fix a bug in inspect.signature() that was causing it to
fail on some subclasses of classes with a __text_signature__
referencing module globals. Patch by Weipeng Hong.
- bpo-21987: Fix an issue with tarfile.TarFile.getmember() getting a
directory name with a trailing slash.
- bpo-20392: Fix inconsistency with uppercase file extensions in
MimeTypes.guess_type(). Patch by Kumar Aditya.
- bpo-46080: Fix exception in argparse help text generation if a
argparse.BooleanOptionalAction argument's default is argparse.SUPPRESS
and it has help specified. Patch by Felix Fontein.
- bpo-44439: Fix .write() method of a member file in ZipFile, when the
input data is an object that supports the buffer protocol, the file
length may be wrong.
- bpo-45703: When a namespace package is imported before another module
from the same namespace is created/installed in a different sys.path
location while the program is running, calling the
importlib.invalidate_caches() function will now also guarantee the new
module is noticed.
- bpo-24959: Fix bug where unittest sometimes drops frames from
tracebacks of exceptions raised in tests.
- bpo-46463: Fixes escape4chm.py script used when building the CHM
documentation file
- bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is built with
undefined behavior sanitizer (UBSAN): disable UBSAN on the
faulthandler_sigfpe() function. Patch by Victor Stinner.
- bpo-46708: Prevent default asyncio event loop policy modification
warning after test_asyncio execution.
- bpo-46616: Ensures test_importlib.test_windows cleans up registry keys
after completion.
- bpo-44359: test_ftplib now silently ignores socket errors to prevent
logging unhandled threading exceptions. Patch by Victor Stinner.
- bpo-46542: Fix a Python crash in test_lib2to3 when using Python built
in debug mode: limit the recursion limit. Patch by Victor Stinner.
- bpo-46576: test_peg_generator now disables compiler
optimization when testing compilation of its own C extensions to
significantly speed up the testing on non-debug builds of CPython.
- bpo-46542: Fix test_json tests checking for RecursionError: modify
these tests to use support.infinite_recursion(). Patch by Victor
Stinner.
- bpo-13886: Skip test_builtin PTY tests on non-ASCII characters if the
readline module is loaded. The readline module changes input()
behavior, but test_builtin is not intented to test the readline
module. Patch by Victor Stinner.
- bpo-38472: Fix GCC detection in setup.py when cross-compiling. The C
compiler is now run with LC_ALL=C. Previously, the detection failed
with a German locale.
- bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro and
pyconfig.h no longer defines reserved symbol __CHAR_UNSIGNED__.
- bpo-45925: Update Windows installer to use SQLite 3.37.2.
- bpo-45296: Clarify close, quit, and exit in IDLE. In the File menu,
'Close' and 'Exit' are now 'Close Window' (the current
one) and 'Exit' is now 'Exit IDLE' (by closing all windows). In Shell,
'quit()' and 'exit()' mean 'close Shell'. If there are no other
windows, this also exits IDLE.
- bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch by Alex
Waygood and Terry Jan Reedy.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2174=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2174=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2174=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2174=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libpython3_9-1_0-3.9.13-150300.4.13.1
libpython3_9-1_0-debuginfo-3.9.13-150300.4.13.1
python39-3.9.13-150300.4.13.1
python39-base-3.9.13-150300.4.13.1
python39-base-debuginfo-3.9.13-150300.4.13.1
python39-core-debugsource-3.9.13-150300.4.13.1
python39-curses-3.9.13-150300.4.13.1
python39-curses-debuginfo-3.9.13-150300.4.13.1
python39-dbm-3.9.13-150300.4.13.1
python39-dbm-debuginfo-3.9.13-150300.4.13.1
python39-debuginfo-3.9.13-150300.4.13.1
python39-debugsource-3.9.13-150300.4.13.1
python39-devel-3.9.13-150300.4.13.1
python39-doc-3.9.13-150300.4.13.1
python39-doc-devhelp-3.9.13-150300.4.13.1
python39-idle-3.9.13-150300.4.13.1
python39-testsuite-3.9.13-150300.4.13.1
python39-testsuite-debuginfo-3.9.13-150300.4.13.1
python39-tk-3.9.13-150300.4.13.1
python39-tk-debuginfo-3.9.13-150300.4.13.1
python39-tools-3.9.13-150300.4.13.1
- openSUSE Leap 15.4 (x86_64):
libpython3_9-1_0-32bit-3.9.13-150300.4.13.1
libpython3_9-1_0-32bit-debuginfo-3.9.13-150300.4.13.1
python39-32bit-3.9.13-150300.4.13.1
python39-32bit-debuginfo-3.9.13-150300.4.13.1
python39-base-32bit-3.9.13-150300.4.13.1
python39-base-32bit-debuginfo-3.9.13-150300.4.13.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libpython3_9-1_0-3.9.13-150300.4.13.1
libpython3_9-1_0-debuginfo-3.9.13-150300.4.13.1
python39-3.9.13-150300.4.13.1
python39-base-3.9.13-150300.4.13.1
python39-base-debuginfo-3.9.13-150300.4.13.1
python39-core-debugsource-3.9.13-150300.4.13.1
python39-curses-3.9.13-150300.4.13.1
python39-curses-debuginfo-3.9.13-150300.4.13.1
python39-dbm-3.9.13-150300.4.13.1
python39-dbm-debuginfo-3.9.13-150300.4.13.1
python39-debuginfo-3.9.13-150300.4.13.1
python39-debugsource-3.9.13-150300.4.13.1
python39-devel-3.9.13-150300.4.13.1
python39-doc-3.9.13-150300.4.13.1
python39-doc-devhelp-3.9.13-150300.4.13.1
python39-idle-3.9.13-150300.4.13.1
python39-testsuite-3.9.13-150300.4.13.1
python39-testsuite-debuginfo-3.9.13-150300.4.13.1
python39-tk-3.9.13-150300.4.13.1
python39-tk-debuginfo-3.9.13-150300.4.13.1
python39-tools-3.9.13-150300.4.13.1
- openSUSE Leap 15.3 (x86_64):
libpython3_9-1_0-32bit-3.9.13-150300.4.13.1
libpython3_9-1_0-32bit-debuginfo-3.9.13-150300.4.13.1
python39-32bit-3.9.13-150300.4.13.1
python39-32bit-debuginfo-3.9.13-150300.4.13.1
python39-base-32bit-3.9.13-150300.4.13.1
python39-base-32bit-debuginfo-3.9.13-150300.4.13.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
python39-core-debugsource-3.9.13-150300.4.13.1
python39-tools-3.9.13-150300.4.13.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libpython3_9-1_0-3.9.13-150300.4.13.1
libpython3_9-1_0-debuginfo-3.9.13-150300.4.13.1
python39-3.9.13-150300.4.13.1
python39-base-3.9.13-150300.4.13.1
python39-base-debuginfo-3.9.13-150300.4.13.1
python39-core-debugsource-3.9.13-150300.4.13.1
python39-curses-3.9.13-150300.4.13.1
python39-curses-debuginfo-3.9.13-150300.4.13.1
python39-dbm-3.9.13-150300.4.13.1
python39-dbm-debuginfo-3.9.13-150300.4.13.1
python39-debuginfo-3.9.13-150300.4.13.1
python39-debugsource-3.9.13-150300.4.13.1
python39-devel-3.9.13-150300.4.13.1
python39-idle-3.9.13-150300.4.13.1
python39-tk-3.9.13-150300.4.13.1
python39-tk-debuginfo-3.9.13-150300.4.13.1
References:
https://www.suse.com/security/cve/CVE-2015-20107.html
https://bugzilla.suse.com/1192249
https://bugzilla.suse.com/1198511
1
0
SUSE-SU-2022:2173-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 24 Jun '22
by opensuse-security@opensuse.org 24 Jun '22
24 Jun '22
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2173-1
Rating: important
References: #1177282 #1199365 #1200015 #1200143 #1200144
#1200206 #1200207 #1200249 #1200259 #1200263
#1200268 #1200529
Cross-References: CVE-2020-26541 CVE-2022-1966 CVE-2022-1974
CVE-2022-1975
CVSS scores:
CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CVE-2022-1966 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Availability 15-SP3
SUSE Linux Enterprise High Performance Computing
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Legacy Software 15-SP3
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Server
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves four vulnerabilities and has 8 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem.
This flaw allowed a local attacker with user access to cause a privilege
escalation issue. (bnc#1200015)
- CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash
linux kernel by simulating nfc device from user-space. (bsc#1200143)
- CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by
simulating an nfc device from user-space. (bsc#1200144)
- CVE-2020-26541: Enforce the secure boot forbidden signature database
(aka dbx) protection mechanism. (bnc#1177282)
- The following non-security bugs were fixed:
- ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default
(git-fixes).
- ACPI: sysfs: Fix BERT error region memory mapping (git-fixes).
- ACPI: sysfs: Make sparse happy about address space in use (git-fixes).
- ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes).
- ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes).
- ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes).
- ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes).
- ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes).
- ASoC: dapm: Do not fold register value changes into notifications
(git-fixes).
- ASoC: max98357a: remove dependency on GPIOLIB (git-fixes).
- ASoC: rt5645: Fix errorenous cleanup order (git-fixes).
- ASoC: tscs454: Add endianness flag in snd_soc_component_driver
(git-fixes).
- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes).
- ath9k: fix QCA9561 PA bias level (git-fixes).
- b43: Fix assigning negative value to unsigned variable (git-fixes).
- b43legacy: Fix assigning negative value to unsigned variable (git-fixes).
- blk-mq: fix tag_get wait task can't be awakened (bsc#1200263).
- blk-mq: Fix wrong wakeup batch configuration which will cause hang
(bsc#1200263).
- block: fix bio_clone_blkg_association() to associate with proper
blkcg_gq (bsc#1200259).
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- cfg80211: set custom regdomain after wiphy registration (git-fixes).
- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
(git-fixes).
- clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes).
- dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes).
- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type
(git-fixes).
- drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI
controllers (git-fixes).
- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
(git-fixes).
- drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop()
(git-fixes).
- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes).
- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes).
- drm: imx: fix compiler warning with gcc-12 (git-fixes).
- drm: msm: fix error check return value of irq_of_parse_and_map()
(git-fixes).
- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes).
- drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes).
- drm/amdgpu/ucode: Remove firmware load type check in
amdgpu_ucode_free_bo (git-fixes).
- drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes).
- drm/bridge: analogix_dp: Support PSR-exit to disable transition
(git-fixes).
- drm/i915: Fix -Wstringop-overflow warning in call to
intel_read_wm_latency() (git-fixes).
- drm/i915: fix i915_globals_exit() section mismatch error (git-fixes).
- drm/komeda: return early if drm_universal_plane_init() fails (git-fixes).
- drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes).
- drm/plane: Move range check for format_count earlier (git-fixes).
- drm/radeon: fix a possible null pointer dereference (git-fixes).
- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
(git-fixes).
- efi: Add missing prototype for efi_capsule_setup_info (git-fixes).
- efi: Do not import certificates from UEFI Secure Boot for T2 Macs
(git-fixes).
- fbcon: Consistently protect deferred_takeover with console_lock()
(git-fixes).
- ftrace: Clean up hash direct_functions on register failures (git-fixes).
- HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes).
- HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes).
- hwmon: Make chip parameter for with_info API mandatory (git-fixes).
- i2c: cadence: Increase timeout per message if necessary (git-fixes).
- i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes).
- iio: dummy: iio_simple_dummy: check the return value of kstrdup()
(git-fixes).
- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
(git-fixes).
- Input: goodix - fix spurious key release events (git-fixes).
- ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes).
- irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes).
- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on
A375, A38x, A39x (git-fixes).
- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
(git-fixes).
- irqchip/exiu: Fix acknowledgment of edge triggered interrupts
(git-fixes).
- iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes).
- KVM: fix wrong exception emulation in check_rdtsc (git-fixes).
- KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT
(git-fixes).
- KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use
(git-fixes).
- KVM: nVMX: Set LDTR to its architecturally defined value on nested
VM-Exit (git-fixes).
- KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter
(git-fixes).
- KVM: s390: pv: add macros for UVC CC values (git-fixes).
- KVM: s390: pv: avoid double free of sida page (git-fixes).
- KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes).
- KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes).
- KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes).
- KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation
(git-fixes).
- KVM: x86: clflushopt should be treated as a no-op by emulation
(git-fixes).
- KVM: x86: Do not force set BSP bit when local APIC is managed by
userspace (git-fixes).
- KVM: x86: Fix emulation in writing cr8 (git-fixes).
- KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
(git-fixes).
- KVM: x86: Immediately reset the MMU context when the SMM flag is cleared
(git-fixes).
- KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode
(git-fixes).
- KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes).
- KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP
(git-fixes).
- KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes).
- KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes).
- KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural
PMU (git-fixes).
- KVM: x86/emulator: Defer not-present segment check in
__load_segment_descriptor() (git-fixes).
- KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in
intel_arch_events[] (git-fixes).
- mac80211: upgrade passive scan to active scan on DFS channels after
beacon rx (git-fixes).
- md: fix an incorrect NULL check in does_sb_need_changing (git-fixes).
- md: fix an incorrect NULL check in md_reload_sb (git-fixes).
- media: cx25821: Fix the warning when removing the module (git-fixes).
- media: netup_unidvb: Do not leak SPI master in probe error path
(git-fixes).
- media: pci: cx23885: Fix the error handling in cx23885_initdev()
(git-fixes).
- media: venus: hfi: avoid null dereference in deinit (git-fixes).
- misc: rtsx: set NULL intfdata when probe fails (git-fixes).
- mmc: block: Fix CQE recovery reset success (git-fixes).
- mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes).
- modpost: fix removing numeric suffixes (git-fixes).
- modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes).
- mt76: check return value of mt76_txq_send_burst in
mt76_txq_schedule_list (git-fixes).
- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
(git-fixes).
- net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes).
- nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION
(git-fixes).
- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
(git-fixes).
- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes).
- NFS: Do not report ENOSPC write errors twice (git-fixes).
- nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes).
- PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA
topology (bsc#1199365).
- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes).
- pinctrl: sunxi: fix f1c100s uart2 function (git-fixes).
- platform/chrome: cros_ec_proto: Send command again when timeout occurs
(git-fixes).
- platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes).
- platform/x86: wmi: Replace read_takes_no_args with a flags field
(git-fixes).
- devfreq: rk3399_dmc: Disable edev on remove() (git-fixes).
- raid5: introduce MD_BROKEN (git-fixes).
- rtl818x: Prevent using not initialized queues (git-fixes).
- rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes).
- s390: fix detection of vector enhancements facility 1 vs. vector packed
decimal facility (git-fixes).
- s390: fix strrchr() implementation (git-fixes).
- s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes).
- s390/cio: Fix the "type" field in s390_cio_tpi tracepoint (git-fixes).
- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes).
- s390/ctcm: fix potential memory leak (git-fixes).
- s390/ctcm: fix variable dereferenced before check (git-fixes).
- s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454).
- s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455).
- s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206
LTC#198455).
- s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207
LTC#198454).
- s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes).
- s390/lcs: fix variable dereferenced before check (git-fixes).
- s390/mcck: fix invalid KVM guest condition check (git-fixes).
- s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag
(git-fixes).
- s390/nmi: handle guarded storage validity failures for KVM guests
(git-fixes).
- s390/nmi: handle vector validity failures for KVM guests (git-fixes).
- s390/pv: fix the forcing of the swiotlb (git-fixes).
- s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).
- s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes).
- s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks
(git-fixes).
- serial: msm_serial: disable interrupts in __msm_console_write()
(git-fixes).
- spi: Introduce device-managed SPI controller allocation (git-fixes).
- spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA
direction (git-fixes).
- spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes).
- staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes).
- staging: rtl8712: fix uninit-value in usb_read8() and friends
(git-fixes).
- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator
(git-fixes).
- tty: Fix a possible resource leak in icom_probe (git-fixes).
- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
(git-fixes).
- usb: core: hcd: Add support for deferring roothub registration
(git-fixes).
- usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes).
- usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes).
- usb: host: isp116x: check return value after calling
platform_get_resource() (git-fixes).
- usb: new quirk for Dell Gen 2 devices (git-fixes).
- usb: serial: option: add Quectel BG95 modem (git-fixes).
- vfio-ccw: Check initialized flag in cp_init() (git-fixes).
- vfio/ccw: Remove unneeded GFP_DMA (git-fixes).
- video: fbdev: pxa3xx-gcu: release the resources correctly in
pxa3xx_gcu_probe/remove() (git-fixes).
- virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes).
- vringh: Fix loop descriptors check in the indirect cases (git-fixes).
- watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2173=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2173=1
- SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2173=1
- SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2173=1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2173=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2173=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2173=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2173=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2173=1
- SUSE Linux Enterprise High Availability 15-SP3:
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2173=1
Package List:
- openSUSE Leap 15.4 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-150300.59.76.1
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
dlm-kmp-preempt-5.3.18-150300.59.76.1
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
gfs2-kmp-preempt-5.3.18-150300.59.76.1
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
kernel-preempt-5.3.18-150300.59.76.1
kernel-preempt-debuginfo-5.3.18-150300.59.76.1
kernel-preempt-debugsource-5.3.18-150300.59.76.1
kernel-preempt-devel-5.3.18-150300.59.76.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.76.1
kernel-preempt-extra-5.3.18-150300.59.76.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.76.1
kernel-preempt-livepatch-devel-5.3.18-150300.59.76.1
kernel-preempt-optional-5.3.18-150300.59.76.1
kernel-preempt-optional-debuginfo-5.3.18-150300.59.76.1
kselftests-kmp-preempt-5.3.18-150300.59.76.1
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
ocfs2-kmp-preempt-5.3.18-150300.59.76.1
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
reiserfs-kmp-preempt-5.3.18-150300.59.76.1
reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
- openSUSE Leap 15.4 (aarch64):
dtb-al-5.3.18-150300.59.76.1
dtb-zte-5.3.18-150300.59.76.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-150300.59.76.1
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.76.1
dlm-kmp-default-5.3.18-150300.59.76.1
dlm-kmp-default-debuginfo-5.3.18-150300.59.76.1
gfs2-kmp-default-5.3.18-150300.59.76.1
gfs2-kmp-default-debuginfo-5.3.18-150300.59.76.1
kernel-default-5.3.18-150300.59.76.1
kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2
kernel-default-base-rebuild-5.3.18-150300.59.76.1.150300.18.45.2
kernel-default-debuginfo-5.3.18-150300.59.76.1
kernel-default-debugsource-5.3.18-150300.59.76.1
kernel-default-devel-5.3.18-150300.59.76.1
kernel-default-devel-debuginfo-5.3.18-150300.59.76.1
kernel-default-extra-5.3.18-150300.59.76.1
kernel-default-extra-debuginfo-5.3.18-150300.59.76.1
kernel-default-livepatch-5.3.18-150300.59.76.1
kernel-default-livepatch-devel-5.3.18-150300.59.76.1
kernel-default-optional-5.3.18-150300.59.76.1
kernel-default-optional-debuginfo-5.3.18-150300.59.76.1
kernel-obs-build-5.3.18-150300.59.76.1
kernel-obs-build-debugsource-5.3.18-150300.59.76.1
kernel-obs-qa-5.3.18-150300.59.76.1
kernel-syms-5.3.18-150300.59.76.1
kselftests-kmp-default-5.3.18-150300.59.76.1
kselftests-kmp-default-debuginfo-5.3.18-150300.59.76.1
ocfs2-kmp-default-5.3.18-150300.59.76.1
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.76.1
reiserfs-kmp-default-5.3.18-150300.59.76.1
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.76.1
- openSUSE Leap 15.3 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-150300.59.76.1
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
dlm-kmp-preempt-5.3.18-150300.59.76.1
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
gfs2-kmp-preempt-5.3.18-150300.59.76.1
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
kernel-preempt-5.3.18-150300.59.76.1
kernel-preempt-debuginfo-5.3.18-150300.59.76.1
kernel-preempt-debugsource-5.3.18-150300.59.76.1
kernel-preempt-devel-5.3.18-150300.59.76.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.76.1
kernel-preempt-extra-5.3.18-150300.59.76.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.76.1
kernel-preempt-livepatch-devel-5.3.18-150300.59.76.1
kernel-preempt-optional-5.3.18-150300.59.76.1
kernel-preempt-optional-debuginfo-5.3.18-150300.59.76.1
kselftests-kmp-preempt-5.3.18-150300.59.76.1
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
ocfs2-kmp-preempt-5.3.18-150300.59.76.1
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
reiserfs-kmp-preempt-5.3.18-150300.59.76.1
reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
- openSUSE Leap 15.3 (ppc64le x86_64):
kernel-debug-5.3.18-150300.59.76.1
kernel-debug-debuginfo-5.3.18-150300.59.76.1
kernel-debug-debugsource-5.3.18-150300.59.76.1
kernel-debug-devel-5.3.18-150300.59.76.1
kernel-debug-devel-debuginfo-5.3.18-150300.59.76.1
kernel-debug-livepatch-devel-5.3.18-150300.59.76.1
kernel-kvmsmall-5.3.18-150300.59.76.1
kernel-kvmsmall-debuginfo-5.3.18-150300.59.76.1
kernel-kvmsmall-debugsource-5.3.18-150300.59.76.1
kernel-kvmsmall-devel-5.3.18-150300.59.76.1
kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.76.1
kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.76.1
- openSUSE Leap 15.3 (aarch64):
cluster-md-kmp-64kb-5.3.18-150300.59.76.1
cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.76.1
dlm-kmp-64kb-5.3.18-150300.59.76.1
dlm-kmp-64kb-debuginfo-5.3.18-150300.59.76.1
dtb-al-5.3.18-150300.59.76.1
dtb-allwinner-5.3.18-150300.59.76.1
dtb-altera-5.3.18-150300.59.76.1
dtb-amd-5.3.18-150300.59.76.1
dtb-amlogic-5.3.18-150300.59.76.1
dtb-apm-5.3.18-150300.59.76.1
dtb-arm-5.3.18-150300.59.76.1
dtb-broadcom-5.3.18-150300.59.76.1
dtb-cavium-5.3.18-150300.59.76.1
dtb-exynos-5.3.18-150300.59.76.1
dtb-freescale-5.3.18-150300.59.76.1
dtb-hisilicon-5.3.18-150300.59.76.1
dtb-lg-5.3.18-150300.59.76.1
dtb-marvell-5.3.18-150300.59.76.1
dtb-mediatek-5.3.18-150300.59.76.1
dtb-nvidia-5.3.18-150300.59.76.1
dtb-qcom-5.3.18-150300.59.76.1
dtb-renesas-5.3.18-150300.59.76.1
dtb-rockchip-5.3.18-150300.59.76.1
dtb-socionext-5.3.18-150300.59.76.1
dtb-sprd-5.3.18-150300.59.76.1
dtb-xilinx-5.3.18-150300.59.76.1
dtb-zte-5.3.18-150300.59.76.1
gfs2-kmp-64kb-5.3.18-150300.59.76.1
gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.76.1
kernel-64kb-5.3.18-150300.59.76.1
kernel-64kb-debuginfo-5.3.18-150300.59.76.1
kernel-64kb-debugsource-5.3.18-150300.59.76.1
kernel-64kb-devel-5.3.18-150300.59.76.1
kernel-64kb-devel-debuginfo-5.3.18-150300.59.76.1
kernel-64kb-extra-5.3.18-150300.59.76.1
kernel-64kb-extra-debuginfo-5.3.18-150300.59.76.1
kernel-64kb-livepatch-devel-5.3.18-150300.59.76.1
kernel-64kb-optional-5.3.18-150300.59.76.1
kernel-64kb-optional-debuginfo-5.3.18-150300.59.76.1
kselftests-kmp-64kb-5.3.18-150300.59.76.1
kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.76.1
ocfs2-kmp-64kb-5.3.18-150300.59.76.1
ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.76.1
reiserfs-kmp-64kb-5.3.18-150300.59.76.1
reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.76.1
- openSUSE Leap 15.3 (noarch):
kernel-devel-5.3.18-150300.59.76.1
kernel-docs-5.3.18-150300.59.76.1
kernel-docs-html-5.3.18-150300.59.76.1
kernel-macros-5.3.18-150300.59.76.1
kernel-source-5.3.18-150300.59.76.1
kernel-source-vanilla-5.3.18-150300.59.76.1
- openSUSE Leap 15.3 (s390x):
kernel-zfcpdump-5.3.18-150300.59.76.1
kernel-zfcpdump-debuginfo-5.3.18-150300.59.76.1
kernel-zfcpdump-debugsource-5.3.18-150300.59.76.1
- SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
kernel-default-debuginfo-5.3.18-150300.59.76.1
kernel-default-debugsource-5.3.18-150300.59.76.1
kernel-default-extra-5.3.18-150300.59.76.1
kernel-default-extra-debuginfo-5.3.18-150300.59.76.1
kernel-preempt-debuginfo-5.3.18-150300.59.76.1
kernel-preempt-debugsource-5.3.18-150300.59.76.1
kernel-preempt-extra-5.3.18-150300.59.76.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.76.1
- SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):
kernel-default-debuginfo-5.3.18-150300.59.76.1
kernel-default-debugsource-5.3.18-150300.59.76.1
kernel-default-livepatch-5.3.18-150300.59.76.1
kernel-default-livepatch-devel-5.3.18-150300.59.76.1
kernel-livepatch-5_3_18-150300_59_76-default-1-150300.7.5.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-default-debuginfo-5.3.18-150300.59.76.1
kernel-default-debugsource-5.3.18-150300.59.76.1
reiserfs-kmp-default-5.3.18-150300.59.76.1
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.76.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-5.3.18-150300.59.76.1
kernel-obs-build-debugsource-5.3.18-150300.59.76.1
kernel-syms-5.3.18-150300.59.76.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):
kernel-preempt-debuginfo-5.3.18-150300.59.76.1
kernel-preempt-debugsource-5.3.18-150300.59.76.1
kernel-preempt-devel-5.3.18-150300.59.76.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.76.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):
kernel-docs-5.3.18-150300.59.76.1
kernel-source-5.3.18-150300.59.76.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-default-5.3.18-150300.59.76.1
kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2
kernel-default-debuginfo-5.3.18-150300.59.76.1
kernel-default-debugsource-5.3.18-150300.59.76.1
kernel-default-devel-5.3.18-150300.59.76.1
kernel-default-devel-debuginfo-5.3.18-150300.59.76.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):
kernel-preempt-5.3.18-150300.59.76.1
kernel-preempt-debuginfo-5.3.18-150300.59.76.1
kernel-preempt-debugsource-5.3.18-150300.59.76.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64):
kernel-64kb-5.3.18-150300.59.76.1
kernel-64kb-debuginfo-5.3.18-150300.59.76.1
kernel-64kb-debugsource-5.3.18-150300.59.76.1
kernel-64kb-devel-5.3.18-150300.59.76.1
kernel-64kb-devel-debuginfo-5.3.18-150300.59.76.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
kernel-devel-5.3.18-150300.59.76.1
kernel-macros-5.3.18-150300.59.76.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x):
kernel-zfcpdump-5.3.18-150300.59.76.1
kernel-zfcpdump-debuginfo-5.3.18-150300.59.76.1
kernel-zfcpdump-debugsource-5.3.18-150300.59.76.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
kernel-default-5.3.18-150300.59.76.1
kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2
kernel-default-debuginfo-5.3.18-150300.59.76.1
kernel-default-debugsource-5.3.18-150300.59.76.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
kernel-default-5.3.18-150300.59.76.1
kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2
kernel-default-debuginfo-5.3.18-150300.59.76.1
kernel-default-debugsource-5.3.18-150300.59.76.1
- SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-150300.59.76.1
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.76.1
dlm-kmp-default-5.3.18-150300.59.76.1
dlm-kmp-default-debuginfo-5.3.18-150300.59.76.1
gfs2-kmp-default-5.3.18-150300.59.76.1
gfs2-kmp-default-debuginfo-5.3.18-150300.59.76.1
kernel-default-debuginfo-5.3.18-150300.59.76.1
kernel-default-debugsource-5.3.18-150300.59.76.1
ocfs2-kmp-default-5.3.18-150300.59.76.1
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.76.1
References:
https://www.suse.com/security/cve/CVE-2020-26541.html
https://www.suse.com/security/cve/CVE-2022-1966.html
https://www.suse.com/security/cve/CVE-2022-1974.html
https://www.suse.com/security/cve/CVE-2022-1975.html
https://bugzilla.suse.com/1177282
https://bugzilla.suse.com/1199365
https://bugzilla.suse.com/1200015
https://bugzilla.suse.com/1200143
https://bugzilla.suse.com/1200144
https://bugzilla.suse.com/1200206
https://bugzilla.suse.com/1200207
https://bugzilla.suse.com/1200249
https://bugzilla.suse.com/1200259
https://bugzilla.suse.com/1200263
https://bugzilla.suse.com/1200268
https://bugzilla.suse.com/1200529
1
0
SUSE-SU-2022:2172-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 24 Jun '22
by opensuse-security@opensuse.org 24 Jun '22
24 Jun '22
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2172-1
Rating: important
References: #1177282 #1184924 #1198924 #1199365 #1199482
#1200015 #1200143 #1200144 #1200206 #1200207
#1200249 #1200259 #1200263 #1200343 #1200494
#1200529 #1200604
Cross-References: CVE-2020-26541 CVE-2022-1012 CVE-2022-1966
CVE-2022-1974 CVE-2022-1975 CVE-2022-20141
CVE-2022-32250
CVSS scores:
CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CVE-2022-1012 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
CVE-2022-1966 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-32250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-32250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Public Cloud 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves 7 vulnerabilities and has 10 fixes is
now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-1012: Fixed a small table perturb size in the TCP source port
generation algorithm which could leads to information leak.
(bsc#1199482).
- CVE-2022-20141: Fixed an use after free due to improper locking. This
bug could lead to local escalation of privilege when opening and closing
inet sockets with no additional execution privileges needed.
(bnc#1200604)
- CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem.
This flaw allowed a local attacker with user access to cause a privilege
escalation issue. (bnc#1200015)
- CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash
linux kernel by simulating nfc device from user-space. (bsc#1200143)
- CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by
simulating an nfc device from user-space. (bsc#1200144)
- CVE-2020-26541: Enforce the secure boot forbidden signature database
(aka dbx) protection mechanism. (bnc#1177282)
The following non-security bugs were fixed:
- ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default
(git-fixes).
- ACPI: sysfs: Fix BERT error region memory mapping (git-fixes).
- ACPI: sysfs: Make sparse happy about address space in use (git-fixes).
- ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes).
- ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes).
- ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes).
- ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes).
- ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes).
- arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399
(git-fixes)
- ASoC: dapm: Do not fold register value changes into notifications
(git-fixes).
- ASoC: max98357a: remove dependency on GPIOLIB (git-fixes).
- ASoC: rt5645: Fix errorenous cleanup order (git-fixes).
- ASoC: tscs454: Add endianness flag in snd_soc_component_driver
(git-fixes).
- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes).
- ath9k: fix QCA9561 PA bias level (git-fixes).
- b43: Fix assigning negative value to unsigned variable (git-fixes).
- b43legacy: Fix assigning negative value to unsigned variable (git-fixes).
- blk-mq: fix tag_get wait task can't be awakened (bsc#1200263).
- blk-mq: Fix wrong wakeup batch configuration which will cause hang
(bsc#1200263).
- block: fix bio_clone_blkg_association() to associate with proper
blkcg_gq (bsc#1200259).
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- certs/blacklist_hashes.c: fix const confusion in certs blacklist
(git-fixes).
- cfg80211: set custom regdomain after wiphy registration (git-fixes).
- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
(git-fixes).
- clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes).
- dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes).
- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type
(git-fixes).
- drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI
controllers (git-fixes).
- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
(git-fixes).
- drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop()
(git-fixes).
- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes).
- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes).
- drm: imx: fix compiler warning with gcc-12 (git-fixes).
- drm: msm: fix error check return value of irq_of_parse_and_map()
(git-fixes).
- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes).
- drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes).
- drm/amdgpu/ucode: Remove firmware load type check in
amdgpu_ucode_free_bo (git-fixes).
- drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes).
- drm/bridge: analogix_dp: Support PSR-exit to disable transition
(git-fixes).
- drm/i915: Fix -Wstringop-overflow warning in call to
intel_read_wm_latency() (git-fixes).
- drm/i915: fix i915_globals_exit() section mismatch error (git-fixes).
- drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924).
- drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes).
- drm/komeda: return early if drm_universal_plane_init() fails (git-fixes).
- drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes).
- drm/plane: Move range check for format_count earlier (git-fixes).
- drm/radeon: fix a possible null pointer dereference (git-fixes).
- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
(git-fixes).
- efi: Add missing prototype for efi_capsule_setup_info (git-fixes).
- efi: Do not import certificates from UEFI Secure Boot for T2 Macs
(git-fixes).
- fbcon: Consistently protect deferred_takeover with console_lock()
(git-fixes).
- ftrace: Clean up hash direct_functions on register failures (git-fixes).
- HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes).
- HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes).
- hwmon: Make chip parameter for with_info API mandatory (git-fixes).
- i2c: cadence: Increase timeout per message if necessary (git-fixes).
- i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes).
- iio: dummy: iio_simple_dummy: check the return value of kstrdup()
(git-fixes).
- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
(git-fixes).
- Input: goodix - fix spurious key release events (git-fixes).
- ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes).
- irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes).
- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on
A375, A38x, A39x (git-fixes).
- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
(git-fixes).
- irqchip/exiu: Fix acknowledgment of edge triggered interrupts
(git-fixes).
- iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes).
- KVM: fix wrong exception emulation in check_rdtsc (git-fixes).
- KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT
(git-fixes).
- KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use
(git-fixes).
- KVM: nVMX: Set LDTR to its architecturally defined value on nested
VM-Exit (git-fixes).
- KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter
(git-fixes).
- KVM: s390: pv: add macros for UVC CC values (git-fixes).
- KVM: s390: pv: avoid double free of sida page (git-fixes).
- KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes).
- KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes).
- KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes).
- KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation
(git-fixes).
- KVM: x86: clflushopt should be treated as a no-op by emulation
(git-fixes).
- KVM: x86: Do not force set BSP bit when local APIC is managed by
userspace (git-fixes).
- KVM: x86: Fix emulation in writing cr8 (git-fixes).
- KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
(git-fixes).
- KVM: x86: Immediately reset the MMU context when the SMM flag is cleared
(git-fixes).
- KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode
(git-fixes).
- KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes).
- KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP
(git-fixes).
- KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes).
- KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes).
- KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural
PMU (git-fixes).
- KVM: x86/emulator: Defer not-present segment check in
__load_segment_descriptor() (git-fixes).
- KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in
intel_arch_events[] (git-fixes).
- mac80211: upgrade passive scan to active scan on DFS channels after
beacon rx (git-fixes).
- md: fix an incorrect NULL check in does_sb_need_changing (git-fixes).
- md: fix an incorrect NULL check in md_reload_sb (git-fixes).
- media: cx25821: Fix the warning when removing the module (git-fixes).
- media: netup_unidvb: Do not leak SPI master in probe error path
(git-fixes).
- media: pci: cx23885: Fix the error handling in cx23885_initdev()
(git-fixes).
- media: venus: hfi: avoid null dereference in deinit (git-fixes).
- misc: rtsx: set NULL intfdata when probe fails (git-fixes).
- mmc: block: Fix CQE recovery reset success (git-fixes).
- mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes).
- modpost: fix removing numeric suffixes (git-fixes).
- modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes).
- mt76: check return value of mt76_txq_send_burst in
mt76_txq_schedule_list (git-fixes).
- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
(git-fixes).
- net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg
(git-fixes).
- net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes).
- nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION
(git-fixes).
- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
(git-fixes).
- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes).
- NFS: Do not report ENOSPC write errors twice (git-fixes).
- nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes).
- PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA
topology (bsc#1199365).
- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes).
- pinctrl: sunxi: fix f1c100s uart2 function (git-fixes).
- platform/chrome: cros_ec_proto: Send command again when timeout occurs
(git-fixes).
- platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes).
- platform/x86: wmi: Replace read_takes_no_args with a flags field
(git-fixes).
- PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes).
- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address
(bsc#1200343 ltc#198477).
- raid5: introduce MD_BROKEN (git-fixes).
- random: Add and use pr_fmt() (bsc#1184924).
- random: remove unnecessary unlikely() (bsc#1184924).
- rtl818x: Prevent using not initialized queues (git-fixes).
- rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes).
- s390: fix detection of vector enhancements facility 1 vs. vector packed
decimal facility (git-fixes).
- s390: fix strrchr() implementation (git-fixes).
- s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes).
- s390/cio: Fix the "type" field in s390_cio_tpi tracepoint (git-fixes).
- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes).
- s390/ctcm: fix potential memory leak (git-fixes).
- s390/ctcm: fix variable dereferenced before check (git-fixes).
- s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454).
- s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455).
- s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206
LTC#198455).
- s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207
LTC#198454).
- s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes).
- s390/lcs: fix variable dereferenced before check (git-fixes).
- s390/mcck: fix invalid KVM guest condition check (git-fixes).
- s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag
(git-fixes).
- s390/nmi: handle guarded storage validity failures for KVM guests
(git-fixes).
- s390/nmi: handle vector validity failures for KVM guests (git-fixes).
- s390/pv: fix the forcing of the swiotlb (git-fixes).
- s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).
- s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes).
- s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks
(git-fixes).
- serial: msm_serial: disable interrupts in __msm_console_write()
(git-fixes).
- spi: Introduce device-managed SPI controller allocation (git-fixes).
- spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA
direction (git-fixes).
- spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes).
- staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes).
- staging: rtl8712: fix uninit-value in usb_read8() and friends
(git-fixes).
- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator
(git-fixes).
- tty: Fix a possible resource leak in icom_probe (git-fixes).
- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
(git-fixes).
- usb: core: hcd: Add support for deferring roothub registration
(git-fixes).
- usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes).
- usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes).
- usb: host: isp116x: check return value after calling
platform_get_resource() (git-fixes).
- usb: new quirk for Dell Gen 2 devices (git-fixes).
- usb: serial: option: add Quectel BG95 modem (git-fixes).
- vfio-ccw: Check initialized flag in cp_init() (git-fixes).
- vfio/ccw: Remove unneeded GFP_DMA (git-fixes).
- video: fbdev: pxa3xx-gcu: release the resources correctly in
pxa3xx_gcu_probe/remove() (git-fixes).
- virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes).
- vringh: Fix loop descriptors check in the indirect cases (git-fixes).
- watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2172=1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2172=1
Package List:
- openSUSE Leap 15.3 (noarch):
kernel-devel-azure-5.3.18-150300.38.62.1
kernel-source-azure-5.3.18-150300.38.62.1
- openSUSE Leap 15.3 (x86_64):
cluster-md-kmp-azure-5.3.18-150300.38.62.1
cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.62.1
dlm-kmp-azure-5.3.18-150300.38.62.1
dlm-kmp-azure-debuginfo-5.3.18-150300.38.62.1
gfs2-kmp-azure-5.3.18-150300.38.62.1
gfs2-kmp-azure-debuginfo-5.3.18-150300.38.62.1
kernel-azure-5.3.18-150300.38.62.1
kernel-azure-debuginfo-5.3.18-150300.38.62.1
kernel-azure-debugsource-5.3.18-150300.38.62.1
kernel-azure-devel-5.3.18-150300.38.62.1
kernel-azure-devel-debuginfo-5.3.18-150300.38.62.1
kernel-azure-extra-5.3.18-150300.38.62.1
kernel-azure-extra-debuginfo-5.3.18-150300.38.62.1
kernel-azure-livepatch-devel-5.3.18-150300.38.62.1
kernel-azure-optional-5.3.18-150300.38.62.1
kernel-azure-optional-debuginfo-5.3.18-150300.38.62.1
kernel-syms-azure-5.3.18-150300.38.62.1
kselftests-kmp-azure-5.3.18-150300.38.62.1
kselftests-kmp-azure-debuginfo-5.3.18-150300.38.62.1
ocfs2-kmp-azure-5.3.18-150300.38.62.1
ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.62.1
reiserfs-kmp-azure-5.3.18-150300.38.62.1
reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.62.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64):
kernel-azure-5.3.18-150300.38.62.1
kernel-azure-debuginfo-5.3.18-150300.38.62.1
kernel-azure-debugsource-5.3.18-150300.38.62.1
kernel-azure-devel-5.3.18-150300.38.62.1
kernel-azure-devel-debuginfo-5.3.18-150300.38.62.1
kernel-syms-azure-5.3.18-150300.38.62.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch):
kernel-devel-azure-5.3.18-150300.38.62.1
kernel-source-azure-5.3.18-150300.38.62.1
References:
https://www.suse.com/security/cve/CVE-2020-26541.html
https://www.suse.com/security/cve/CVE-2022-1012.html
https://www.suse.com/security/cve/CVE-2022-1966.html
https://www.suse.com/security/cve/CVE-2022-1974.html
https://www.suse.com/security/cve/CVE-2022-1975.html
https://www.suse.com/security/cve/CVE-2022-20141.html
https://www.suse.com/security/cve/CVE-2022-32250.html
https://bugzilla.suse.com/1177282
https://bugzilla.suse.com/1184924
https://bugzilla.suse.com/1198924
https://bugzilla.suse.com/1199365
https://bugzilla.suse.com/1199482
https://bugzilla.suse.com/1200015
https://bugzilla.suse.com/1200143
https://bugzilla.suse.com/1200144
https://bugzilla.suse.com/1200206
https://bugzilla.suse.com/1200207
https://bugzilla.suse.com/1200249
https://bugzilla.suse.com/1200259
https://bugzilla.suse.com/1200263
https://bugzilla.suse.com/1200343
https://bugzilla.suse.com/1200494
https://bugzilla.suse.com/1200529
https://bugzilla.suse.com/1200604
1
0
SUSE-SU-2022:2168-1: important: Security update for drbd
by opensuse-security@opensuse.org 24 Jun '22
by opensuse-security@opensuse.org 24 Jun '22
24 Jun '22
SUSE Security Update: Security update for drbd
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2168-1
Rating: important
References: #1198581
Affected Products:
SUSE Linux Enterprise High Availability 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update of drbd fixes the following issue:
- rebuild with new secure boot key due to grub2 boothole 3 issues
(bsc#1198581)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2168=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2168=1
- SUSE Linux Enterprise High Availability 15-SP3:
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2168=1
Package List:
- openSUSE Leap 15.4 (aarch64 x86_64):
drbd-kmp-preempt-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1
drbd-kmp-preempt-debuginfo-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1
- openSUSE Leap 15.4 (x86_64):
drbd-kmp-rt-9.0.29~0+git.9a7bc817_k5.3.18_8.13-150300.3.5.1
drbd-kmp-rt-debuginfo-9.0.29~0+git.9a7bc817_k5.3.18_8.13-150300.3.5.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
drbd-9.0.29~0+git.9a7bc817-150300.3.5.1
drbd-debugsource-9.0.29~0+git.9a7bc817-150300.3.5.1
drbd-kmp-default-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1
drbd-kmp-default-debuginfo-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1
- openSUSE Leap 15.3 (aarch64 x86_64):
drbd-kmp-preempt-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1
drbd-kmp-preempt-debuginfo-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1
- openSUSE Leap 15.3 (aarch64):
drbd-kmp-64kb-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1
drbd-kmp-64kb-debuginfo-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1
- openSUSE Leap 15.3 (x86_64):
drbd-kmp-rt-9.0.29~0+git.9a7bc817_k5.3.18_8.13-150300.3.5.1
drbd-kmp-rt-debuginfo-9.0.29~0+git.9a7bc817_k5.3.18_8.13-150300.3.5.1
- SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):
drbd-9.0.29~0+git.9a7bc817-150300.3.5.1
drbd-debugsource-9.0.29~0+git.9a7bc817-150300.3.5.1
drbd-kmp-default-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1
drbd-kmp-default-debuginfo-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1
References:
https://bugzilla.suse.com/1198581
1
0
openSUSE-SU-2022:10025-1: moderate: Security update for chafa
by opensuse-security@opensuse.org 23 Jun '22
by opensuse-security@opensuse.org 23 Jun '22
23 Jun '22
openSUSE Security Update: Security update for chafa
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10025-1
Rating: moderate
References: #1198965
Cross-References: CVE-2022-1507
CVSS scores:
CVE-2022-1507 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for chafa fixes the following issues:
- CVE-2022-1507: Fix NULL pointer deref in gif_internal_decode_frame
(boo#1198965)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10025=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64):
chafa-1.4.1-bp153.2.3.1
chafa-devel-1.4.1-bp153.2.3.1
libchafa0-1.4.1-bp153.2.3.1
- openSUSE Backports SLE-15-SP3 (noarch):
chafa-doc-1.4.1-bp153.2.3.1
References:
https://www.suse.com/security/cve/CVE-2022-1507.html
https://bugzilla.suse.com/1198965
1
0
openSUSE-SU-2022:10023-1: important: Security update for tor
by opensuse-security@opensuse.org 22 Jun '22
by opensuse-security@opensuse.org 22 Jun '22
22 Jun '22
openSUSE Security Update: Security update for tor
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10023-1
Rating: important
References: #1200672
Cross-References: CVE-2022-33903
Affected Products:
openSUSE Backports SLE-15-SP3
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for tor fixes the following issues:
tor was updated to 0.4.7.8:
* Fix a scenario where RTT estimation can become wedged, seriously
degrading congestion control performance on all circuits. This impacts
clients, onion services, and relays, and can be triggered remotely by a
malicious endpoint. (TROVE-2022-001, CVE-2022-33903, boo#1200672)
* Regenerate fallback directories generated on June 17, 2022.
* Update the geoip files to match the IPFire Location Database, as
retrieved on 2022/06/17.
* Allow the rseq system call in the sandbox
* logging bug fixes
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10023=1
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10023=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
tor-0.4.7.8-bp154.2.3.1
tor-debuginfo-0.4.7.8-bp154.2.3.1
tor-debugsource-0.4.7.8-bp154.2.3.1
- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le x86_64):
tor-0.4.7.8-bp153.2.15.1
References:
https://www.suse.com/security/cve/CVE-2022-33903.html
https://bugzilla.suse.com/1200672
1
0
openSUSE-SU-2022:10022-1: moderate: Security update for trivy
by opensuse-security@opensuse.org 21 Jun '22
by opensuse-security@opensuse.org 21 Jun '22
21 Jun '22
openSUSE Security Update: Security update for trivy
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10022-1
Rating: moderate
References: #1199760
Cross-References: CVE-2022-23648 CVE-2022-28946
CVSS scores:
CVE-2022-23648 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-23648 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-28946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-28946 (SUSE): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for trivy fixes the following issues:
trivy was updated to version 0.28.0 (boo#1199760, CVE-2022-28946):
* fix: remove Highlighted from json output (#2131)
* fix: remove trivy-kubernetes replace (#2132)
* docs: Add Operator docs under Kubernetes section (#2111)
* fix(k8s): security-checks panic (#2127)
* ci: added k8s scope (#2130)
* docs: Update misconfig output in examples (#2128)
* fix(misconf): Fix coloured output in Goland terminal (#2126)
* docs(secret): Fix default value of --security-checks in docs (#2107)
* refactor(report): move colorize function from trivy-db (#2122)
* feat: k8s resource scanning (#2118)
* chore: add CODEOWNERS (#2121)
* feat(image): add `--server` option for remote scans (#1871)
* refactor: k8s (#2116)
* refactor: export useful APIs (#2108)
* docs: fix k8s doc (#2114)
* feat(kubernetes): Add report flag for summary (#2112)
* fix: Remove problematic advanced rego policies (#2113)
* feat(misconf): Add special output format for misconfigurations (#2100)
* feat: add k8s subcommand (#2065)
* chore: fix make lint version (#2102)
* fix(java): handle relative pom modules (#2101)
* fix(misconf): Add missing links for non-rego misconfig results (#2094)
* feat(misconf): Added fs.FS based scanning via latest defsec (#2084)
* chore(deps): bump trivy-issue-action to v0.0.4 (#2091)
* chore(deps): bump github.com/twitchtv/twirp (#2077)
* chore(deps): bump github.com/urfave/cli/v2 from 2.4.0 to 2.5.1 (#2074)
* chore(os): updated fanal version and alpine distroless test (#2086)
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.1 to 0.5.2
(#2075)
* chore(deps): bump github.com/samber/lo from 1.16.0 to 1.19.0 (#2076)
* feat(report): add support for SPDX (#2059)
* chore(deps): bump actions/setup-go from 2 to 3 (#2073)
* chore(deps): bump actions/cache from 3.0.1 to 3.0.2 (#2071)
* chore(deps): bump golang from 1.18.0 to 1.18.1 (#2069)
* chore(deps): bump actions/stale from 4 to 5 (#2070)
* chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.3.0 (#2072)
* chore(deps): bump github.com/open-policy-agent/opa from 0.39.0 to 0.40.0
(#2079)
* chore: app version 0.27.0 (#2046)
* fix(misconf): added to skip conf files if their scanning is not enabled
(#2066)
* docs(secret) fix rule path in docs (#2061)
* docs: change from go.sum to go.mod (#2056)
Update to version 0.27.1:
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.0 to 0.5.1
(#1926)
* refactor(fs): scanner options (#2050)
* feat(secret): truncate long line (#2052)
* docs: fix a broken bullets (#2042)
* feat(ubuntu): add 22.04 approx eol date (#2044)
* docs: update installation.md (#2027)
* docs: add Containerfile (#2032)
Update to version 0.27.0:
* fix(go): fixed panic to scan gomod without version (#2038)
* docs(mariner): confirm it works with Mariner 2.0 VM (#2036)
* feat(secret): support enable rules (#2035)
* chore: app version 26.0 (#2030)
* docs(secret): add a demo movie (#2031)
* feat: support cache TTL in Redis (#2021)
* fix(go): skip system installed binaries (#2028)
* fix(go): check if go.sum is nil (#2029)
* feat: add secret scanning (#1901)
* chore: gh publish only with push the tag release (#2025)
* fix(fs): ignore permission errors (#2022)
* test(mod): using correct module inside test go.mod (#2020)
* feat(server): re-add proxy support for client/server communications
(#1995)
* fix(report): truncate a description before escaping in ASFF template
(#2004)
* fix(cloudformation): correct margin removal for empty lines (#2002)
* fix(template): correct check of old sarif template files (#2003)
Update to version 0.26.0:
* feat(alpine): warn mixing versions (#2000)
* Update ASFF template (#1914)
* chore(deps): replace `containerd/containerd` version to fix
CVE-2022-23648 (#1994)
* chore(deps): bump alpine from 3.15.3 to 3.15.4 (#1993)
* test(go): add integration tests for gomod (#1989)
* fix(python): fixed panic when scan .egg archive (#1992)
* fix(go): set correct go modules type (#1990)
* feat(alpine): support apk repositories (#1987)
* docs: add CBL-Mariner (#1982)
* docs(go): fix version (#1986)
* feat(go): support go.mod in Go 1.17+ (#1985)
* ci: fix URLs in the PR template (#1972)
* ci: add semantic pull requests check (#1968)
* docs(issue): added docs for wrong detection issues (#1961)
Update to version 0.25.4:
* docs: move CONTRIBUTING.md to docs (#1971)
* refactor(table): use file name instead package path (#1966)
* fix(sbom): add --db-repository (#1964)
* feat(table): add PkgPath in table result (#1960)
* fix(pom): merge multiple pom imports in a good manner (#1959)
Update to version 0.25.3:
* fix(downloadDB): add dbRepositoryFlag to repository and rootfs commands
(#1956)
* fix(misconf): update BurntSushi/toml for fix runtime error (#1948)
* fix(misconf): Update fanal/defsec to resolve missing metadata issues
(#1947)
* feat(jar): allow setting Maven Central URL using environment variable
(#1939)
* chore(chart): update Trivy version in HelmChart to 0.25.0 (#1931)
* chore(chart): remove version comments (#1933)
Update to version 0.25.2:
* fix(downloadDB): add flag to server command (#1942)
Update to version 0.25.1:
* fix(misconf): update defsec to resolve panics (#1935)
* chore(deps): bump github.com/docker/docker (#1924)
* docs: restructure the documentation (#1887)
* chore(deps): bump github.com/urfave/cli/v2 from 2.3.0 to 2.4.0 (#1923)
* chore(deps): bump actions/cache from 2 to 3.0.1 (#1920)
* chore(deps): bump actions/checkout from 2 to 3 (#1916)
* chore(deps): bump github.com/open-policy-agent/opa from 0.37.2 to 0.39.0
(#1921)
* chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.1.0 (#1919)
* chore(deps): bump helm/chart-testing-action from 2.2.0 to 2.2.1 (#1918)
* chore(deps): bump golang from 1.17 to 1.18.0 (#1915)
* Add trivy horizontal logo (#1932)
* chore(deps): bump alpine from 3.15.0 to 3.15.3 (#1917)
* chore(deps): bump github.com/go-redis/redis/v8 from 8.11.4 to 8.11.5
(#1925)
* chore(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#1927)
* feat(db): Add dbRepository flag to get advisory database from OCI
registry (#1873)
Update to version 0.25.0:
* docs(filter vulnerabilities): fix link (#1880)
* feat(template) Add misconfigurations to gitlab codequality report (#1756)
* fix(rpc): add PkgPath field to client / server mode (#1643)
* fix(vulnerabilities): fixed trivy-db vulns (#1883)
* feat(cache): remove temporary cache after filesystem scanning (#1868)
* feat(sbom): add a dedicated sbom command (#1799)
* feat(cyclonedx): add vulnerabilities (#1832)
* fix(option): hide false warning about remote options (#1865)
* chore: bump up Go to 1.18 (#1862)
* feat(filesystem): scan in client/server mode (#1829)
* refactor(template): remove unused test (#1861)
* fix(cli): json format for trivy version (#1854)
* docs: change URL for tfsec-checks (#1857)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10022=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 s390x x86_64):
trivy-0.28.0-bp154.2.3.1
References:
https://www.suse.com/security/cve/CVE-2022-23648.html
https://www.suse.com/security/cve/CVE-2022-28946.html
https://bugzilla.suse.com/1199760
1
0
openSUSE-SU-2022:10020-1: moderate: Security update for neomutt
by opensuse-security@opensuse.org 21 Jun '22
by opensuse-security@opensuse.org 21 Jun '22
21 Jun '22
openSUSE Security Update: Security update for neomutt
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10020-1
Rating: moderate
References: #1184787 #1185705
Cross-References: CVE-2021-32055 CVE-2022-1328
CVSS scores:
CVE-2021-32055 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CVE-2021-32055 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-1328 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2022-1328 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for neomutt fixes the following issues:
neomutt was updated to 20220429:
* Bug Fixes
* Do not crash on an invalid use_threads/sort combination
* Fix: stuck browser cursor
* Resolve (move) the cursor after <edit-label>
* Index: fix menu size on new mail
* Don't overlimit LMDB mmap size
* OpenBSD y/n translation fix
* Generic: split out OP_EXIT binding
* Fix parsing of sendmail cmd
* Fix: crash with menu_move_off=no
* Newsrc: bugfix; nntp_user and nntp_pass ignored
* Menu: ensure config changes cause a repaint
* Mbox: fix sync duplicates
* Make sure the index redraws all that's needed
* Translations
* 100% Chinese (Simplified)
* 100% Czech
* 100% German
* 100% Hungarian
* 100% Lithuanian
* 100% Serbian
* 100% Turkish
* Docs
* add missing pattern modifier ~I for external_search_command
* Code
* menu: eliminate custom_redraw()
* modernise mixmaster
* Kill global and Propagate display attach status through State-
neomutt was updated to 20220415:
* Security
* Fix uudecode buffer overflow (CVE-2022-1328)
* Features
* Colours, colours, colours
* Bug Fixes
* Pager: fix pager_stop
* Merge colours with normal
* Color: disable mono command
* Fix forwarding text attachments when honor_disposition is set
* Pager: drop the nntp change-group bindings
* Use mailbox_check flags coherently, add IMMEDIATE flag
* Fix: tagging in attachment list
* Fix: misalignment of mini-index
* Make sure to update the menu size after a resort
* Translations
* 100% Hungarian
* Build
* Update acutest
* Code
* Unify pipe functions
* Index: notify if navigation fails
* Gui: set colour to be merged with normal
* Fix: leak in tls_check_one_certificate()
* Upstream
* Flush iconv() in mutt_convert_string()
* Fix integer overflow in mutt_convert_string()
* Fix uudecode cleanup on unexpected eof
update to 20220408:
* Compose multipart emails
* Fix screen mode after attempting decryption
* imap: increase max size of oauth2 token
* Fix autocrypt
* Unify Alias/Query workflow
* Fix colours
* Say which file exists when saving attachments
* Force SMTP authentication if `smtp_user` is set
* Fix selecting the right email after limiting
* Make sure we have enough memory for a new email
* Don't overwrite with zeroes after unlinking the file
* Fix crash when forwarding attachments
* Fix help reformatting on window resize
* Fix poll to use PollFdsCount and not PollFdsLen
* regex: range check arrays strictly
* Fix Coverity defects
* Fix out of bounds write with long log lines
* Apply `fast_reply` to 'to', 'cc', or 'bcc'
* Prevent warning on empty emails
* New default: `set rfc2047_parameters = yes`
* 100% German
* 100% Lithuanian
* 100% Serbian
* 100% Czech
* 100% Turkish
* 72% Hungarian
* Improve header cache explanation
* Improve description of some notmuch variables
* Explain how timezones and `!`s work inside `%{}`, `%[]` and `%()`
* Document config synonyms and deprecations
* Create lots of GitHub Actions
* Drop TravisCI
* Add automated Fuzzing tests
* Add automated ASAN tests
* Create Dockers for building Centos/Fedora
* Build fixes for Solaris 10
* New libraries: browser, enter, envelope
* New configure options: `--fuzzing` `--debug-color` `--debug-queue`
* Split Index/Pager GUIs/functions
* Add lots of function dispatchers
* Eliminate `menu_loop()`
* Refactor function opcodes
* Refactor cursor setting
* Unify Alias/Query functions
* Refactor Compose/Envelope functions
* Modernise the Colour handling
* Refactor the Attachment View
* Eliminate the global `Context`
* Upgrade `mutt_get_field()`
* Refactor the `color quoted` code
* Fix lots of memory leaks
* Refactor Index resolve code
* Refactor PatternList parsing
* Refactor Mailbox freeing
* Improve key mapping
* Factor out charset hooks
* Expose mutt_file_seek API
* Improve API of `strto*` wrappers
* imap QRESYNC fixes
* Allow an empty To: address prompt
* Fix argc==0 handling
* Don't queue IMAP close commands
* Fix IMAP UTF-7 for code points >= U+10000
* Don't include inactive messages in msgset generation
update to 20211029 (boo#1185705, CVE-2021-32055):
* Notmuch: support separate database and mail roots without .notmuch
* fix notmuch crash on open failure
* fix crypto crash handling pgp keys
* fix ncrypt/pgp file_get_size return check
* fix restore case-insensitive header sort
* fix pager redrawing of long lines
* fix notmuch: check database dir for xapian dir
* fix notmuch: update index count after <entire-thread>
* fix protect hash table against empty keys
* fix prevent real_subj being set but empty
* fix leak when saving fcc
* fix leak after <edit-or-view-raw-message>
* fix leak after trash to hidden mailbox
* fix leak restoring postponed emails
* fix new mail notifications
* fix pattern compilation error for ( !>(~P) )
* fix menu display on window resize
* Stop batch mode emails with no argument or recipients
* Add sanitize call in print mailcap function
* fix hdr_order to use the longest match
* fix (un)setenv to not return an error with unset env vars
* fix Imap sync when closing a mailbox
* fix segfault on OpenBSD current
* sidebar: restore sidebar_spoolfile colour
* fix assert when displaying a file from the browser
* fix exec command in compose
* fix check_stats for Notmuch mailboxes
* Fallback: Open Notmuch database without config
* fix gui hook commands on startup
* threads: implement the $use_threads feature
* https://neomutt.org/feature/use-threads
* hooks: allow a -noregex param to folder and mbox hooks
* mailing lists: implement list-(un)subscribe using RFC2369 headers
* mailcap: implement x-neomutt-nowrap flag
* pager: add $local_date_header option
* imap, smtp: add support for authenticating using XOAUTH2
* Allow <sync-mailbox> to fail quietly
* imap: speed up server-side searches
* pager: improve skip-quoted and skip-headers
* notmuch: open database with user's configuration
* notmuch: implement <vfolder-window-reset>
* config: allow += modification of my_ variables
* notmuch: tolerate file renames behind neomutt's back
* pager: implement $pager_read_delay
* notmuch: validate nm_query_window_timebase
* notmuch: make $nm_record work in non-notmuch mailboxes
* compose: add $greeting - a welcome message on top of emails
* notmuch: show additional mail in query windows
* imap: fix crash on external IMAP events
* notmuch: handle missing libnotmuch version bumps
* imap: add sanity check for qresync
* notmuch: allow windows with 0 duration
* index: fix index selection on <collapse-all>
* imap: fix crash when sync'ing labels
* search: fix searching by Message-Id in <mark-message>
* threads: fix double sorting of threads
* stats: don't check mailbox stats unless told
* alias: fix crash on empty query
* pager: honor mid-message config changes
* mailbox: don't propagate read-only state across reopens
* hcache: fix caching new labels in the header cache
* crypto: set invalidity flags for gpgme/smime keys
* notmuch: fix parsing of multiple type=
* notmuch: validate $nm_default_url
* messages: avoid unnecessary opening of messages
* imap: fix seqset iterator when it ends in a comma
* build: refuse to build without pcre2 when pcre2 is linked in ncurses
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10020=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 ppc64le s390x x86_64):
neomutt-20220429-bp154.2.3.1
- openSUSE Backports SLE-15-SP4 (noarch):
neomutt-doc-20220429-bp154.2.3.1
neomutt-lang-20220429-bp154.2.3.1
References:
https://www.suse.com/security/cve/CVE-2021-32055.html
https://www.suse.com/security/cve/CVE-2022-1328.html
https://bugzilla.suse.com/1184787
https://bugzilla.suse.com/1185705
1
0
openSUSE-SU-2022:10019-1: important: Security update for atheme
by opensuse-security@opensuse.org 20 Jun '22
by opensuse-security@opensuse.org 20 Jun '22
20 Jun '22
openSUSE Security Update: Security update for atheme
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10019-1
Rating: important
References: #1195989
Cross-References: CVE-2022-24976
CVSS scores:
CVE-2022-24976 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for atheme fixes the following issues:
atheme was updated to release 7.2.12:
* CVE-2022-24976: Fixed General authentication bypass in Atheme IRC
services with InspIRCd 3 [boo#1195989]
* Track SASL login EID
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10019=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
atheme-7.2.12-bp154.2.3.1
atheme-devel-7.2.12-bp154.2.3.1
libathemecore1-7.2.12-bp154.2.3.1
References:
https://www.suse.com/security/cve/CVE-2022-24976.html
https://bugzilla.suse.com/1195989
1
0
openSUSE-SU-2022:10018-1: important: Security update for atheme
by opensuse-security@opensuse.org 20 Jun '22
by opensuse-security@opensuse.org 20 Jun '22
20 Jun '22
openSUSE Security Update: Security update for atheme
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10018-1
Rating: important
References: #1174075 #1195989
Cross-References: CVE-2022-24976
CVSS scores:
CVE-2022-24976 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for atheme fixes the following issues:
atheme was updated to release 7.2.12:
* CVE-2022-24976: Fixed General authentication bypass in Atheme IRC
services with InspIRCd 3 [boo#1195989]
* Track SASL login EID
Update to release 7.2.11
* Add a preliminary Turkish translation
* Add HMAC-MD5 verify-only support to crypto/pbkdf2v2
* modules/chanserv/akick: fix unload crash with akicks that have timeouts
* modules/nickserv/multimark: use IRC case canonicalisation for restored
nicks
* modules/nickserv/multimark: forbid unloading due to the potential for
data loss
* CA_ constants: include CA_EXEMPT (+e) where appropriate
Update to new upstream release 7.2.10.r2
* Fix potential NULL dereference in modules/crypto/posix.
* Bump E-Mail address maximum length to 254 characters.
* Use flags setter information in modules/chanserv/access &
modules/chanserv/flags.
* Fix issue where modules/misc/httpd was not closing its listening socket
on deinit.
* Fix GroupServ data loss issue when a group was the founder of another
group.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10018=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64):
atheme-7.2.12-bp153.2.3.1
atheme-devel-7.2.12-bp153.2.3.1
libathemecore1-7.2.12-bp153.2.3.1
References:
https://www.suse.com/security/cve/CVE-2022-24976.html
https://bugzilla.suse.com/1174075
https://bugzilla.suse.com/1195989
1
0
SUSE-SU-2022:2140-1: important: Security update for node_exporter
by opensuse-security@opensuse.org 20 Jun '22
by opensuse-security@opensuse.org 20 Jun '22
20 Jun '22
SUSE Security Update: Security update for node_exporter
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2140-1
Rating: important
References: #1190535 #1196338 SLE-24238 SLE-24239
Cross-References: CVE-2022-21698
CVSS scores:
CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability, contains two
features and has one errata is now available.
Description:
This security update for golang-github-prometheus-node_exporter provides:
Update golang-github-prometheus-node_exporter from version 1.1.2 to
version 1.3.0 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239)
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter
- Update vendor tarball with prometheus/client_golang 1.11.1
- Update to 1.3.0
* [CHANGE] Add path label to rapl collector #2146
* [CHANGE] Exclude filesystems under /run/credentials #2157
* [CHANGE] Add TCPTimeouts to netstat default filter #2189
* [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771
* [FEATURE] Add darwin powersupply collector #1777
* [FEATURE] Add support for monitoring GPUs on Linux #1998
* [FEATURE] Add Darwin thermal collector #2032
* [FEATURE] Add os release collector #2094
* [FEATURE] Add netdev.address-info collector #2105
* [FEATURE] Add clocksource metrics to time collector #2197
* [ENHANCEMENT] Support glob textfile collector directories #1985
* [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080
* [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165
* [ENHANCEMENT] Add flag to disable guest CPU metrics #2123
* [ENHANCEMENT] Add DMI collector #2131
* [ENHANCEMENT] Add threads metrics to processes collector #2164
* [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector
#2169
* [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189
* [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208
* [BUGFIX] ethtool: Sanitize metric names #2093
* [BUGFIX] Fix ethtool collector for multiple interfaces #2126
* [BUGFIX] Fix possible panic on macOS #2133
* [BUGFIX] Collect flag_info and bug_info only for one core #2156
* [BUGFIX] Prevent duplicate ethtool metric names #2187
- Update to 1.2.2
* Bug fixes Fix processes collector long int parsing #2112
- Update to 1.2.1
* Removed Remove obsolete capture permission denied error fix already
included upstream
* Bug fixes Fix zoneinfo parsing prometheus/procfs#386 Fix nvme
collector log noise #2091 Fix rapl collector log noise #2092
- Update to 1.2.0
* Changes Rename filesystem collector flags to match other collectors
#2012 Make node_exporter print usage to STDOUT #203
* Features Add conntrack statistics metrics #1155 Add ethtool stats
collector #1832 Add flag to ignore network speed if it is unknown
#1989 Add tapestats collector for Linux #2044 Add nvme collector #2062
* Enhancements Add ErrorLog plumbing to promhttp #1887 Add more
Infiniband counters #2019 netclass: retrieve interface names and
filter before parsing #2033 Add time zone offset metric #2060
* Bug fixes Handle errors from disabled PSI subsystem #1983 Fix panic
when using backwards compatible flags #2000 Fix wrong value for
OpenBSD memory buffer cache #2015 Only initiate collectors once #2048
Handle small backwards jumps in CPU idle #2067
- Capture permission denied error for "energy_uj" file (bsc#1190535)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2140=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2140=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2140=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2140=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2140=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2140=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2140=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2140=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2140=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2140=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2140=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2140=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2140=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2140=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2140=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2140=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2140=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-2140=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-2140=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Manager Proxy 4.1 (x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE CaaS Platform 4.0 (x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
References:
https://www.suse.com/security/cve/CVE-2022-21698.html
https://bugzilla.suse.com/1190535
https://bugzilla.suse.com/1196338
1
0
SUSE-SU-2022:2139-1: important: Security update for golang-github-prometheus-alertmanager
by opensuse-security@opensuse.org 20 Jun '22
by opensuse-security@opensuse.org 20 Jun '22
20 Jun '22
SUSE Security Update: Security update for golang-github-prometheus-alertmanager
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2139-1
Rating: important
References: #1181400 #1196338 SLE-24077
Cross-References: CVE-2022-21698
CVSS scores:
CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Enterprise Storage 6
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Tools 15
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability, contains one
feature and has one errata is now available.
Description:
This update for golang-github-prometheus-alertmanager fixes the following
issues:
Update golang-github-prometheus-alertmanager from version 0.21.0 to
version 0.23.0 (bsc#1196338, jsc#SLE-24077)
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter
- Update vendor tarball with prometheus/client_golang 1.11.1
- Update required Go version to 1.16
- Use %autosetup macro
- Update to version 0.23.0:
* Release 0.23.0
* Release 0.23.0-rc.0
* amtool: Detect version drift and warn users (#2672)
* Add ability to skip TLS verification for amtool (#2663)
* Fix empty isEqual in amtool. (#2668)
* Fix main tests (#2670)
* cli: add new template render command (#2538)
* OpsGenie: refer to alert instead of incident (#2609)
* Docs: target_match and source_match are DEPRECATED (#2665)
* Fix test not waiting for cluster member to be ready
- Add go_modules to _service.
- Added hardening to systemd service(s) with a modified
prometheus-alertmanager.service (bsc#1181400)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2139=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2139=1
- SUSE Manager Tools 15:
zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-2139=1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-2139=1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-2139=1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-2139=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-2139=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1
- SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1
References:
https://www.suse.com/security/cve/CVE-2022-21698.html
https://bugzilla.suse.com/1181400
https://bugzilla.suse.com/1196338
1
0
openSUSE-SU-2022:10015-1: important: Security update for firejail
by opensuse-security@opensuse.org 20 Jun '22
by opensuse-security@opensuse.org 20 Jun '22
20 Jun '22
openSUSE Security Update: Security update for firejail
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10015-1
Rating: important
References: #1199148
Cross-References: CVE-2022-31214
CVSS scores:
CVE-2022-31214 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for firejail fixes the following issues:
firejail was updated to version 0.9.70:
-CVE-2022-31214: - root escalation in --join logic (boo#1199148) Reported
by Matthias Gerstner, working exploit code was provided to our
development team. In the same time frame, the problem was independently
reported by Birk Blechschmidt. Full working exploit code was also
provided.
- feature: enable shell tab completion with --tab (#4936)
- feature: disable user profiles at compile time (#4990)
- feature: Allow resolution of .local names with avahi-daemon in the
apparmor
- profile (#5088)
- feature: always log seccomp errors (#5110)
- feature: firecfg --guide, guided user configuration (#5111)
- feature: --oom, kernel OutOfMemory-killer (#5122)
- modif: --ids feature needs to be enabled at compile time (#5155)
- modif: --nettrace only available to root user
- rework: whitelist restructuring (#4985)
- rework: firemon, speed up and lots of fixes
- bugfix: --private-cwd not expanding macros, broken hyperrogue (#4910)
- bugfix: nogroups + wrc prints confusing messages (#4930 #4933)
- bugfix: openSUSE Leap - whitelist-run-common.inc (#4954)
- bugfix: fix printing in evince (#5011)
- bugfix: gcov: fix gcov functions always declared as dummy (#5028)
- bugfix: Stop warning on safe supplementary group clean (#5114)
- build: remove ultimately unused INSTALL and RANLIB check macros (#5133)
- build: mkdeb.sh.in: pass remaining arguments to ./configure (#5154)
- ci: replace centos (EOL) with almalinux (#4912)
- ci: fix --version not printing compile-time features (#5147)
- ci: print version after install & fix apparmor support on build_apparmor
(#5148)
- docs: Refer to firejail.config in configuration files (#4916)
- docs: firejail.config: add warning about allow-tray (#4946)
- docs: mention that the protocol command accumulates (#5043)
- docs: mention inconsistent homedir bug involving --private=dir (#5052)
- docs: mention capabilities(7) on --caps (#5078)
- new profiles: onionshare, onionshare-cli, opera-developer, songrec
- new profiles: node-gyp, npx, semver, ping-hardened
- removed profiles: nvm
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10015=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64):
firejail-0.9.70-bp153.2.6.1
References:
https://www.suse.com/security/cve/CVE-2022-31214.html
https://bugzilla.suse.com/1199148
1
0
openSUSE-SU-2022:10017-1: important: Security update for chafa
by opensuse-security@opensuse.org 20 Jun '22
by opensuse-security@opensuse.org 20 Jun '22
20 Jun '22
openSUSE Security Update: Security update for chafa
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10017-1
Rating: important
References: #1200510
Cross-References: CVE-2022-2061
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for chafa fixes the following issues:
- CVE-2022-2061: Fix heap based buffer overflow in lzw_decode (boo#1200510)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10017=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
chafa-1.8.0-bp154.3.3.1
chafa-devel-1.8.0-bp154.3.3.1
libchafa0-1.8.0-bp154.3.3.1
- openSUSE Backports SLE-15-SP4 (noarch):
chafa-doc-1.8.0-bp154.3.3.1
References:
https://www.suse.com/security/cve/CVE-2022-2061.html
https://bugzilla.suse.com/1200510
1
0
openSUSE-SU-2022:10016-1: important: Security update for firejail
by opensuse-security@opensuse.org 20 Jun '22
by opensuse-security@opensuse.org 20 Jun '22
20 Jun '22
openSUSE Security Update: Security update for firejail
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10016-1
Rating: important
References: #1199148
Cross-References: CVE-2022-31214
CVSS scores:
CVE-2022-31214 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for firejail fixes the following issues:
firejail was updated to version 0.9.70:
- CVE-2022-31214 - root escalation in --join logic (boo#1199148)
Reported by Matthias Gerstner, working exploit code was provided to our
development team. In the same time frame, the problem was independently
reported by Birk Blechschmidt. Full working exploit code was also provided.
- feature: enable shell tab completion with --tab (#4936)
- feature: disable user profiles at compile time (#4990)
- feature: Allow resolution of .local names with avahi-daemon in the
apparmor
- profile (#5088)
- feature: always log seccomp errors (#5110)
- feature: firecfg --guide, guided user configuration (#5111)
- feature: --oom, kernel OutOfMemory-killer (#5122)
- modif: --ids feature needs to be enabled at compile time (#5155)
- modif: --nettrace only available to root user
- rework: whitelist restructuring (#4985)
- rework: firemon, speed up and lots of fixes
- bugfix: --private-cwd not expanding macros, broken hyperrogue (#4910)
- bugfix: nogroups + wrc prints confusing messages (#4930 #4933)
- bugfix: openSUSE Leap - whitelist-run-common.inc (#4954)
- bugfix: fix printing in evince (#5011)
- bugfix: gcov: fix gcov functions always declared as dummy (#5028)
- bugfix: Stop warning on safe supplementary group clean (#5114)
- build: remove ultimately unused INSTALL and RANLIB check macros (#5133)
- build: mkdeb.sh.in: pass remaining arguments to ./configure (#5154)
- ci: replace centos (EOL) with almalinux (#4912)
- ci: fix --version not printing compile-time features (#5147)
- ci: print version after install & fix apparmor support on build_apparmor
(#5148)
- docs: Refer to firejail.config in configuration files (#4916)
- docs: firejail.config: add warning about allow-tray (#4946)
- docs: mention that the protocol command accumulates (#5043)
- docs: mention inconsistent homedir bug involving --private=dir (#5052)
- docs: mention capabilities(7) on --caps (#5078)
- new profiles: onionshare, onionshare-cli, opera-developer, songrec
- new profiles: node-gyp, npx, semver, ping-hardened
- removed profiles: nvm
update to firejail 0.9.68:
- security: on Ubuntu, the PPA is now recommended over the distro package
(see README.md) (#4748)
- security: bugfix: private-cwd leaks access to the entire filesystem
(#4780); reported by Hugo Osvaldo Barrera
- feature: remove (some) environment variables with auth-tokens (#4157)
- feature: ALLOW_TRAY condition (#4510 #4599)
- feature: add basic Firejail support to AppArmor base abstraction (#3226
#4628)
- feature: intrusion detection system (--ids-init, --ids-check)
- feature: deterministic shutdown command (--deterministic-exit-code,
--deterministic-shutdown) (#928 #3042 #4635)
- feature: noprinters command (#4607 #4827)
- feature: network monitor (--nettrace)
- feature: network locker (--netlock) (#4848)
- feature: whitelist-ro profile command (#4740)
- feature: disable pipewire with --nosound (#4855)
- feature: Unset TMP if it doesn't exist inside of sandbox (#4151)
- feature: Allow apostrophe in whitelist and blacklist (#4614)
- feature: AppImage support in --build command (#4878)
- modifs: exit code: distinguish fatal signals by adding 128 (#4533)
- modifs: firecfg.config is now installed to /etc/firejail/ (#408 #4669)
- modifs: close file descriptors greater than 2 (--keep-fd) (#4845)
- modifs: nogroups now stopped causing certain system groups to be
dropped,
- which are now controlled by the relevant "no" options instead (such as
- nosound -> drop audio group), which fixes device access issues on
systems
- not using (e)logind (such as with seatd) (#4632 #4725 #4732 #4851)
- removal: --disable-whitelist at compile time
- removal: whitelist=yes/no in /etc/firejail/firejail.config
- bugfix: Fix sndio support (#4362 #4365)
- bugfix: Error mounting tmpfs (MS_REMOUNT flag not being cleared) (#4387)
- bugfix: --build clears the environment (#4460 #4467)
- bugfix: firejail hangs with net parameter (#3958 #4476)
- bugfix: Firejail does not work with a custom hosts file (#2758 #4560)
- bugfix: --tracelog and --trace override /etc/ld.so.preload (#4558 #4586)
- bugfix: PATH_MAX is undeclared on musl libc (#4578 #4579 #4583 #4606)
- bugfix: firejail symlinks are not skipped with private-bin + globs
(#4626)
- bugfix: Firejail rejects empty arguments (#4395)
- bugfix: firecfg does not work with symlinks (discord.desktop) (#4235)
- bugfix: Seccomp list output goes to stdout instead of stderr (#4328)
- bugfix: private-etc does not work with symlinks (#4887)
- bugfix: Hardware key not detected on keepassxc (#4883)
- build: allow building with address sanitizer (#4594)
- build: Stop linking pthread (#4695)
- build: Configure cleanup and improvements (#4712)
- ci: add profile checks for sorting disable-programs.inc and
- firecfg.config and for the required arguments in private-etc (#2739
#4643)
- ci: pin GitHub actions to SHAs and use Dependabot to update them (#4774)
- docs: Add new command checklist to CONTRIBUTING.md (#4413)
- docs: Rework bug report issue template and add both a question and a
- feature request template (#4479 #4515 #4561)
- docs: fix contradictory descriptions of machine-id ("preserves" vs
"spoofs") (#4689)
- docs: Document that private-bin and private-etc always accumulate
(#4078)
- new includes: whitelist-run-common.inc (#4288), disable-X11.inc (#4462)
- new includes: disable-proc.inc (#4521)
- removed includes: disable-passwordmgr.inc (#4454 #4461)
- new profiles: microsoft-edge-beta, clion-eap, lifeograph, zim
- new profiles: io.github.lainsce.Notejot, rednotebook, gallery-dl
- new profiles: yt-dlp, goldendict, goldendict, bundle, cmake
- new profiles: make, meson, pip, codium, telnet, ftp, OpenStego
- new profiles: imv, retroarch, torbrowser, CachyBrowser,
- new profiles: notable, RPCS3, wget2, raincat, conitop, 1passwd,
- new profiles: Seafile, neovim, com.github.tchx84.Flatseal
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10016=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
firejail-0.9.70-bp154.2.3.1
firejail-bash-completion-0.9.70-bp154.2.3.1
firejail-zsh-completion-0.9.70-bp154.2.3.1
References:
https://www.suse.com/security/cve/CVE-2022-31214.html
https://bugzilla.suse.com/1199148
1
0
openSUSE-SU-2022:10014-1: moderate: Security update for tensorflow2
by opensuse-security@opensuse.org 18 Jun '22
by opensuse-security@opensuse.org 18 Jun '22
18 Jun '22
openSUSE Security Update: Security update for tensorflow2
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10014-1
Rating: moderate
References: #1173128 #1173314 #1178287 #1178564 #1179455
#1181864 #1186860 #1189423
Cross-References: CVE-2020-26266 CVE-2020-26267 CVE-2020-26268
CVE-2020-26270 CVE-2020-26271 CVE-2021-37635
CVE-2021-37636 CVE-2021-37637 CVE-2021-37638
CVE-2021-37639 CVE-2021-37640 CVE-2021-37641
CVE-2021-37642 CVE-2021-37643 CVE-2021-37644
CVE-2021-37645 CVE-2021-37646 CVE-2021-37647
CVE-2021-37648 CVE-2021-37649 CVE-2021-37650
CVE-2021-37651 CVE-2021-37652 CVE-2021-37653
CVE-2021-37654 CVE-2021-37655 CVE-2021-37656
CVE-2021-37657 CVE-2021-37658 CVE-2021-37659
CVE-2021-37660 CVE-2021-37661 CVE-2021-37662
CVE-2021-37663 CVE-2021-37664 CVE-2021-37665
CVE-2021-37666 CVE-2021-37667 CVE-2021-37668
CVE-2021-37669 CVE-2021-37670 CVE-2021-37671
CVE-2021-37672 CVE-2021-37673 CVE-2021-37674
CVE-2021-37675 CVE-2021-37676 CVE-2021-37677
CVE-2021-37678 CVE-2021-37679 CVE-2021-37680
CVE-2021-37681 CVE-2021-37682 CVE-2021-37683
CVE-2021-37684 CVE-2021-37685 CVE-2021-37686
CVE-2021-37687 CVE-2021-37688 CVE-2021-37689
CVE-2021-37690 CVE-2021-37691 CVE-2021-37692
CVSS scores:
CVE-2020-26266 (NVD) : 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVE-2020-26268 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CVE-2020-26270 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2020-26271 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2021-37639 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes 63 vulnerabilities is now available.
Description:
This update for tensorflow fixes the following issues:
Update to TF2 2.6.0 which fixes multiple CVEs (boo#1189423).
- Introduction of bazel6.3 and basel-skylib1.0.3 as build dependencies.
The latter has been adapted to all a version in its package name (if
%set_ver_suffix is set to 1). This allows multiple versions to exist for
one product (not installed). NOTE: basel-skylib1.0.3 does not exist in
oS:Factory: basel-skylib in oS:Factory - the base version - is 1.0.3.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10014=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 s390x x86_64):
tensorflow2-lite-2.6.0-bp153.2.3.1
tensorflow2-lite-debuginfo-2.6.0-bp153.2.3.1
tensorflow2-lite-debugsource-2.6.0-bp153.2.3.1
tensorflow2-lite-devel-2.6.0-bp153.2.3.1
- openSUSE Backports SLE-15-SP3 (aarch64 x86_64):
bazel3.7-3.7.2-bp153.2.1
libtensorflow2-2.6.0-bp153.2.3.1
libtensorflow2-debuginfo-2.6.0-bp153.2.3.1
libtensorflow2-gnu-hpc-2.6.0-bp153.2.3.1
libtensorflow2-gnu-hpc-debuginfo-2.6.0-bp153.2.3.1
libtensorflow2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1
libtensorflow2-gnu-openmpi2-hpc-debuginfo-2.6.0-bp153.2.3.1
libtensorflow_cc2-2.6.0-bp153.2.3.1
libtensorflow_cc2-debuginfo-2.6.0-bp153.2.3.1
libtensorflow_cc2-gnu-hpc-2.6.0-bp153.2.3.1
libtensorflow_cc2-gnu-hpc-debuginfo-2.6.0-bp153.2.3.1
libtensorflow_cc2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1
libtensorflow_cc2-gnu-openmpi2-hpc-debuginfo-2.6.0-bp153.2.3.1
libtensorflow_framework2-2.6.0-bp153.2.3.1
libtensorflow_framework2-debuginfo-2.6.0-bp153.2.3.1
libtensorflow_framework2-gnu-hpc-2.6.0-bp153.2.3.1
libtensorflow_framework2-gnu-hpc-debuginfo-2.6.0-bp153.2.3.1
libtensorflow_framework2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1
libtensorflow_framework2-gnu-openmpi2-hpc-debuginfo-2.6.0-bp153.2.3.1
tensorflow2-2.6.0-bp153.2.3.1
tensorflow2-debuginfo-2.6.0-bp153.2.3.1
tensorflow2-debugsource-2.6.0-bp153.2.3.1
tensorflow2-devel-2.6.0-bp153.2.3.1
tensorflow2-doc-2.6.0-bp153.2.3.1
tensorflow2-gnu-hpc-2.6.0-bp153.2.3.1
tensorflow2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-hpc-2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-hpc-debuginfo-2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-hpc-debugsource-2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-hpc-devel-2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-hpc-doc-2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-openmpi2-hpc-debuginfo-2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-openmpi2-hpc-debugsource-2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-openmpi2-hpc-devel-2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-openmpi2-hpc-doc-2.6.0-bp153.2.3.1
- openSUSE Backports SLE-15-SP3 (ppc64le):
bazel3.7-3.7.2-bp153.4.1
- openSUSE Backports SLE-15-SP3 (x86_64):
libiomp5-2.6.0-bp153.2.3.1
libiomp5-debuginfo-2.6.0-bp153.2.3.1
libiomp5-gnu-hpc-2.6.0-bp153.2.3.1
libiomp5-gnu-hpc-debuginfo-2.6.0-bp153.2.3.1
libiomp5-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1
libiomp5-gnu-openmpi2-hpc-debuginfo-2.6.0-bp153.2.3.1
- openSUSE Backports SLE-15-SP3 (noarch):
bazel-skylib1.0.3-source-1.0.3-bp153.2.1
References:
https://www.suse.com/security/cve/CVE-2020-26266.html
https://www.suse.com/security/cve/CVE-2020-26267.html
https://www.suse.com/security/cve/CVE-2020-26268.html
https://www.suse.com/security/cve/CVE-2020-26270.html
https://www.suse.com/security/cve/CVE-2020-26271.html
https://www.suse.com/security/cve/CVE-2021-37635.html
https://www.suse.com/security/cve/CVE-2021-37636.html
https://www.suse.com/security/cve/CVE-2021-37637.html
https://www.suse.com/security/cve/CVE-2021-37638.html
https://www.suse.com/security/cve/CVE-2021-37639.html
https://www.suse.com/security/cve/CVE-2021-37640.html
https://www.suse.com/security/cve/CVE-2021-37641.html
https://www.suse.com/security/cve/CVE-2021-37642.html
https://www.suse.com/security/cve/CVE-2021-37643.html
https://www.suse.com/security/cve/CVE-2021-37644.html
https://www.suse.com/security/cve/CVE-2021-37645.html
https://www.suse.com/security/cve/CVE-2021-37646.html
https://www.suse.com/security/cve/CVE-2021-37647.html
https://www.suse.com/security/cve/CVE-2021-37648.html
https://www.suse.com/security/cve/CVE-2021-37649.html
https://www.suse.com/security/cve/CVE-2021-37650.html
https://www.suse.com/security/cve/CVE-2021-37651.html
https://www.suse.com/security/cve/CVE-2021-37652.html
https://www.suse.com/security/cve/CVE-2021-37653.html
https://www.suse.com/security/cve/CVE-2021-37654.html
https://www.suse.com/security/cve/CVE-2021-37655.html
https://www.suse.com/security/cve/CVE-2021-37656.html
https://www.suse.com/security/cve/CVE-2021-37657.html
https://www.suse.com/security/cve/CVE-2021-37658.html
https://www.suse.com/security/cve/CVE-2021-37659.html
https://www.suse.com/security/cve/CVE-2021-37660.html
https://www.suse.com/security/cve/CVE-2021-37661.html
https://www.suse.com/security/cve/CVE-2021-37662.html
https://www.suse.com/security/cve/CVE-2021-37663.html
https://www.suse.com/security/cve/CVE-2021-37664.html
https://www.suse.com/security/cve/CVE-2021-37665.html
https://www.suse.com/security/cve/CVE-2021-37666.html
https://www.suse.com/security/cve/CVE-2021-37667.html
https://www.suse.com/security/cve/CVE-2021-37668.html
https://www.suse.com/security/cve/CVE-2021-37669.html
https://www.suse.com/security/cve/CVE-2021-37670.html
https://www.suse.com/security/cve/CVE-2021-37671.html
https://www.suse.com/security/cve/CVE-2021-37672.html
https://www.suse.com/security/cve/CVE-2021-37673.html
https://www.suse.com/security/cve/CVE-2021-37674.html
https://www.suse.com/security/cve/CVE-2021-37675.html
https://www.suse.com/security/cve/CVE-2021-37676.html
https://www.suse.com/security/cve/CVE-2021-37677.html
https://www.suse.com/security/cve/CVE-2021-37678.html
https://www.suse.com/security/cve/CVE-2021-37679.html
https://www.suse.com/security/cve/CVE-2021-37680.html
https://www.suse.com/security/cve/CVE-2021-37681.html
https://www.suse.com/security/cve/CVE-2021-37682.html
https://www.suse.com/security/cve/CVE-2021-37683.html
https://www.suse.com/security/cve/CVE-2021-37684.html
https://www.suse.com/security/cve/CVE-2021-37685.html
https://www.suse.com/security/cve/CVE-2021-37686.html
https://www.suse.com/security/cve/CVE-2021-37687.html
https://www.suse.com/security/cve/CVE-2021-37688.html
https://www.suse.com/security/cve/CVE-2021-37689.html
https://www.suse.com/security/cve/CVE-2021-37690.html
https://www.suse.com/security/cve/CVE-2021-37691.html
https://www.suse.com/security/cve/CVE-2021-37692.html
https://bugzilla.suse.com/1173128
https://bugzilla.suse.com/1173314
https://bugzilla.suse.com/1178287
https://bugzilla.suse.com/1178564
https://bugzilla.suse.com/1179455
https://bugzilla.suse.com/1181864
https://bugzilla.suse.com/1186860
https://bugzilla.suse.com/1189423
1
0
SUSE-SU-2022:2111-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 17 Jun '22
by opensuse-security@opensuse.org 17 Jun '22
17 Jun '22
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2111-1
Rating: important
References: #1028340 #1055710 #1065729 #1071995 #1084513
#1087082 #1114648 #1158266 #1172456 #1177282
#1182171 #1183723 #1187055 #1191647 #1191958
#1195065 #1195651 #1196018 #1196367 #1196426
#1196999 #1197219 #1197343 #1197663 #1198400
#1198516 #1198577 #1198660 #1198687 #1198742
#1198777 #1198825 #1199012 #1199063 #1199314
#1199399 #1199426 #1199505 #1199507 #1199605
#1199650 #1200143 #1200144 #1200249
Cross-References: CVE-2017-13695 CVE-2018-7755 CVE-2019-19377
CVE-2019-20811 CVE-2020-26541 CVE-2021-20292
CVE-2021-20321 CVE-2021-33061 CVE-2021-38208
CVE-2021-39711 CVE-2021-43389 CVE-2022-1011
CVE-2022-1184 CVE-2022-1353 CVE-2022-1419
CVE-2022-1516 CVE-2022-1652 CVE-2022-1729
CVE-2022-1734 CVE-2022-1974 CVE-2022-1975
CVE-2022-21123 CVE-2022-21125 CVE-2022-21127
CVE-2022-21166 CVE-2022-21180 CVE-2022-21499
CVE-2022-22942 CVE-2022-28748 CVE-2022-30594
CVSS scores:
CVE-2017-13695 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2017-13695 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2018-7755 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2018-7755 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2019-20811 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVE-2019-20811 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CVE-2021-20292 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-20292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-20321 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-20321 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-38208 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-38208 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-39711 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CVE-2021-39711 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-43389 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-43389 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1353 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-1353 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
CVE-2022-1419 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1419 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1516 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1516 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21499 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Availability 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise Module for Live Patching 15-SP1
SUSE Linux Enterprise Server 15-SP1
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP Applications 15-SP1
SUSE Manager Proxy 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Server 4.0
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 30 vulnerabilities and has 14 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 SP1 kernel was updated.
The following security bugs were fixed:
- CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2019-19377: Fixed an user-after-free that could be triggered when an
attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
- CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when
mounting and operating on a corrupted image. (bsc#1198577)
- CVE-2017-13695: Fixed a bug that caused a stack dump allowing local
users to obtain sensitive information from kernel memory and bypass the
KASLR protection mechanism via a crafted ACPI table. (bnc#1055710)
- CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self
(bsc#1199507).
- CVE-2022-1652: Fixed a statically allocated error counter inside the
floppy kernel module (bsc#1199063).
- CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a
possible out of bounds read due to Incorrect Size Value. This could lead
to local information disclosure with System execution privileges needed.
User interaction is not needed for exploitation (bnc#1197219).
- CVE-2022-30594: Fixed restriction bypass on setting the
PT_SUSPEND_SECCOMP flag (bnc#1199505).
- CVE-2021-33061: Fixed insufficient control flow management for the
Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed
an authenticated user to potentially enable denial of service via local
access (bnc#1196426).
- CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect
(bsc#1199012).
- CVE-2021-20321: Fixed a race condition accessing file object in the
OverlayFS subsystem in the way users do rename in specific way with
OverlayFS. A local user could have used this flaw to crash the system
(bnc#1191647).
- CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and
netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference
count is mishandled (bnc#1172456).
- CVE-2022-28748: Fixed memory lead over the network by ax88179_178a
devices (bsc#1196018).
- CVE-2018-7755: Fixed an issue in the fd_locked_ioctl function in
drivers/block/floppy.c. The floppy driver will copy a kernel pointer to
user memory in response to the FDGETPRM ioctl. An attacker can send the
FDGETPRM ioctl and use the obtained kernel pointer to discover the
location of kernel code and data and bypass kernel security protections
such as KASLR (bnc#1084513).
- CVE-2022-22942: Fixed stale file descriptors on failed usercopy
(bsc#1195065).
- CVE-2022-1419: Fixed a concurrency use-after-free in
vgem_gem_dumb_create (bsc#1198742).
- CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the
detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
- CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and
BUG) by making a getsockname call after a certain type of failure of a
bind call (bnc#1187055).
- CVE-2022-1353: Fixed access controll to kernel memory in the
pfkey_register function in net/key/af_key.c (bnc#1198516).
- CVE-2021-20292: Fixed object validation prior to performing operations
on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem
(bnc#1183723).
- CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a
local attacker to retireve (partial) /etc/shadow hashes or any other
data from filesystem when he can mount a FUSE filesystems. (bnc#1197343)
- CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by
simulating an nfc device from user-space. (bsc#1200144).
- CVE-2020-26541: Enforce the secure boot forbidden signature database
(aka dbx) protection mechanism. (bnc#1177282)
- CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux
kernel by simulating nfc device from user-space. (bsc#1200143)
- CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's
been trivial to break out of it with kgdb or kdb. (bsc#1199426)
- CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between
cleanup routine and firmware download routine. (bnc#1199605).
The following non-security bugs were fixed:
- btrfs: relocation: Only remove reloc rb_trees if reloc control has been
initialized (bsc#1199399).
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- net: ena: A typo fix in the file ena_com.h (bsc#1198777).
- net: ena: Add capabilities field with support for ENI stats capability
(bsc#1198777).
- net: ena: Add debug prints for invalid req_id resets (bsc#1198777).
- net: ena: add device distinct log prefix to files (bsc#1198777).
- net: ena: add jiffies of last napi call to stats (bsc#1198777).
- net: ena: aggregate doorbell common operations into a function
(bsc#1198777).
- net: ena: aggregate stats increase into a function (bsc#1198777).
- net: ena: Change ENI stats support check to use capabilities field
(bsc#1198777).
- net: ena: Change return value of ena_calc_io_queue_size() to void
(bsc#1198777).
- net: ena: Change the name of bad_csum variable (bsc#1198777).
- net: ena: Extract recurring driver reset code into a function
(bsc#1198777).
- net: ena: fix coding style nits (bsc#1198777).
- net: ena: fix DMA mapping function issues in XDP (bsc#1198777).
- net: ena: Fix error handling when calculating max IO queues number
(bsc#1198777).
- net: ena: fix inaccurate print type (bsc#1198777).
- net: ena: Fix undefined state when tx request id is out of bounds
(bsc#1198777).
- net: ena: Fix wrong rx request id by resetting device (bsc#1198777).
- net: ena: Improve error logging in driver (bsc#1198777).
- net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT
(bsc#1198777).
- net: ena: introduce XDP redirect implementation (bsc#1198777).
- net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198777).
- net: ena: Move reset completion print to the reset function
(bsc#1198777).
- net: ena: optimize data access in fast-path code (bsc#1198777).
- net: ena: re-organize code to improve readability (bsc#1198777).
- net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198777).
- net: ena: remove extra words from comments (bsc#1198777).
- net: ena: Remove module param and change message severity (bsc#1198777).
- net: ena: Remove rcu_read_lock() around XDP program invocation
(bsc#1198777).
- net: ena: Remove redundant return code check (bsc#1198777).
- net: ena: Remove unused code (bsc#1198777).
- net: ena: store values in their appropriate variables types
(bsc#1198777).
- net: ena: Update XDP verdict upon failure (bsc#1198777).
- net: ena: use build_skb() in RX path (bsc#1198777).
- net: ena: use constant value for net_device allocation (bsc#1198777).
- net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198777).
- net: ena: Use pci_sriov_configure_simple() to enable VFs (bsc#1198777).
- net: ena: use xdp_frame in XDP TX flow (bsc#1198777).
- net: ena: use xdp_return_frame() to free xdp frames (bsc#1198777).
- net: mana: Add counter for packet dropped by XDP (bsc#1195651).
- net: mana: Add counter for XDP_TX (bsc#1195651).
- net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
- net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe()
(bsc#1195651).
- net: mana: Reuse XDP dropped page (bsc#1195651).
- net: mana: Use struct_size() helper in mana_gd_create_dma_region()
(bsc#1195651).
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time
(bsc#1199314).
- powerpc/64: Fix kernel stack 16-byte alignment (bsc#1196999 ltc#196609S
git-fixes).
- powerpc/64: Interrupts save PPR on stack rather than thread_struct
(bsc#1196999 ltc#196609).
- powerpc/pseries: extract host bridge from pci_bus prior to bus removal
(bsc#1182171 ltc#190900 bsc#1198660 ltc#197803).
- powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729
bsc#1198660 ltc#197803).
- scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340
bsc#1198825).
- SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
- x86/pm: Save the MSR validity status at context setup (bsc#1114648).
- x86/speculation: Restore speculation related MSRs during S3 resume
(bsc#1114648).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2111=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2111=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2111=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2111=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2111=1
- SUSE Linux Enterprise Module for Live Patching 15-SP1:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-2111=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2111=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2111=1
- SUSE Linux Enterprise High Availability 15-SP1:
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2111=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-2111=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
kernel-default-base-debuginfo-4.12.14-150100.197.114.2
kernel-vanilla-4.12.14-150100.197.114.2
kernel-vanilla-base-4.12.14-150100.197.114.2
kernel-vanilla-base-debuginfo-4.12.14-150100.197.114.2
kernel-vanilla-debuginfo-4.12.14-150100.197.114.2
kernel-vanilla-debugsource-4.12.14-150100.197.114.2
kernel-vanilla-devel-4.12.14-150100.197.114.2
kernel-vanilla-devel-debuginfo-4.12.14-150100.197.114.2
kernel-vanilla-livepatch-devel-4.12.14-150100.197.114.2
- openSUSE Leap 15.4 (ppc64le x86_64):
kernel-debug-base-4.12.14-150100.197.114.2
kernel-debug-base-debuginfo-4.12.14-150100.197.114.2
- openSUSE Leap 15.4 (x86_64):
kernel-kvmsmall-base-4.12.14-150100.197.114.2
kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.114.2
- openSUSE Leap 15.4 (s390x):
kernel-default-man-4.12.14-150100.197.114.2
kernel-zfcpdump-man-4.12.14-150100.197.114.2
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
kernel-default-base-debuginfo-4.12.14-150100.197.114.2
kernel-vanilla-4.12.14-150100.197.114.2
kernel-vanilla-base-4.12.14-150100.197.114.2
kernel-vanilla-base-debuginfo-4.12.14-150100.197.114.2
kernel-vanilla-debuginfo-4.12.14-150100.197.114.2
kernel-vanilla-debugsource-4.12.14-150100.197.114.2
kernel-vanilla-devel-4.12.14-150100.197.114.2
kernel-vanilla-devel-debuginfo-4.12.14-150100.197.114.2
kernel-vanilla-livepatch-devel-4.12.14-150100.197.114.2
- openSUSE Leap 15.3 (ppc64le x86_64):
kernel-debug-base-4.12.14-150100.197.114.2
kernel-debug-base-debuginfo-4.12.14-150100.197.114.2
- openSUSE Leap 15.3 (x86_64):
kernel-kvmsmall-base-4.12.14-150100.197.114.2
kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.114.2
- openSUSE Leap 15.3 (s390x):
kernel-default-man-4.12.14-150100.197.114.2
kernel-zfcpdump-man-4.12.14-150100.197.114.2
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
kernel-default-4.12.14-150100.197.114.2
kernel-default-base-4.12.14-150100.197.114.2
kernel-default-base-debuginfo-4.12.14-150100.197.114.2
kernel-default-debuginfo-4.12.14-150100.197.114.2
kernel-default-debugsource-4.12.14-150100.197.114.2
kernel-default-devel-4.12.14-150100.197.114.2
kernel-default-devel-debuginfo-4.12.14-150100.197.114.2
kernel-obs-build-4.12.14-150100.197.114.2
kernel-obs-build-debugsource-4.12.14-150100.197.114.2
kernel-syms-4.12.14-150100.197.114.2
reiserfs-kmp-default-4.12.14-150100.197.114.2
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.114.2
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
kernel-devel-4.12.14-150100.197.114.2
kernel-docs-4.12.14-150100.197.114.2
kernel-macros-4.12.14-150100.197.114.2
kernel-source-4.12.14-150100.197.114.2
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-150100.197.114.2
kernel-default-base-4.12.14-150100.197.114.2
kernel-default-base-debuginfo-4.12.14-150100.197.114.2
kernel-default-debuginfo-4.12.14-150100.197.114.2
kernel-default-debugsource-4.12.14-150100.197.114.2
kernel-default-devel-4.12.14-150100.197.114.2
kernel-default-devel-debuginfo-4.12.14-150100.197.114.2
kernel-obs-build-4.12.14-150100.197.114.2
kernel-obs-build-debugsource-4.12.14-150100.197.114.2
kernel-syms-4.12.14-150100.197.114.2
reiserfs-kmp-default-4.12.14-150100.197.114.2
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.114.2
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
kernel-devel-4.12.14-150100.197.114.2
kernel-docs-4.12.14-150100.197.114.2
kernel-macros-4.12.14-150100.197.114.2
kernel-source-4.12.14-150100.197.114.2
- SUSE Linux Enterprise Server 15-SP1-LTSS (s390x):
kernel-default-man-4.12.14-150100.197.114.2
kernel-zfcpdump-debuginfo-4.12.14-150100.197.114.2
kernel-zfcpdump-debugsource-4.12.14-150100.197.114.2
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
kernel-default-4.12.14-150100.197.114.2
kernel-default-base-4.12.14-150100.197.114.2
kernel-default-base-debuginfo-4.12.14-150100.197.114.2
kernel-default-debuginfo-4.12.14-150100.197.114.2
kernel-default-debugsource-4.12.14-150100.197.114.2
kernel-default-devel-4.12.14-150100.197.114.2
kernel-default-devel-debuginfo-4.12.14-150100.197.114.2
kernel-obs-build-4.12.14-150100.197.114.2
kernel-obs-build-debugsource-4.12.14-150100.197.114.2
kernel-syms-4.12.14-150100.197.114.2
reiserfs-kmp-default-4.12.14-150100.197.114.2
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.114.2
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
kernel-devel-4.12.14-150100.197.114.2
kernel-docs-4.12.14-150100.197.114.2
kernel-macros-4.12.14-150100.197.114.2
kernel-source-4.12.14-150100.197.114.2
- SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
kernel-default-debuginfo-4.12.14-150100.197.114.2
kernel-default-debugsource-4.12.14-150100.197.114.2
kernel-default-livepatch-4.12.14-150100.197.114.2
kernel-default-livepatch-devel-4.12.14-150100.197.114.2
kernel-livepatch-4_12_14-150100_197_114-default-1-150100.3.3.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
kernel-default-4.12.14-150100.197.114.2
kernel-default-base-4.12.14-150100.197.114.2
kernel-default-base-debuginfo-4.12.14-150100.197.114.2
kernel-default-debuginfo-4.12.14-150100.197.114.2
kernel-default-debugsource-4.12.14-150100.197.114.2
kernel-default-devel-4.12.14-150100.197.114.2
kernel-default-devel-debuginfo-4.12.14-150100.197.114.2
kernel-obs-build-4.12.14-150100.197.114.2
kernel-obs-build-debugsource-4.12.14-150100.197.114.2
kernel-syms-4.12.14-150100.197.114.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
kernel-devel-4.12.14-150100.197.114.2
kernel-docs-4.12.14-150100.197.114.2
kernel-macros-4.12.14-150100.197.114.2
kernel-source-4.12.14-150100.197.114.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
kernel-default-4.12.14-150100.197.114.2
kernel-default-base-4.12.14-150100.197.114.2
kernel-default-base-debuginfo-4.12.14-150100.197.114.2
kernel-default-debuginfo-4.12.14-150100.197.114.2
kernel-default-debugsource-4.12.14-150100.197.114.2
kernel-default-devel-4.12.14-150100.197.114.2
kernel-default-devel-debuginfo-4.12.14-150100.197.114.2
kernel-obs-build-4.12.14-150100.197.114.2
kernel-obs-build-debugsource-4.12.14-150100.197.114.2
kernel-syms-4.12.14-150100.197.114.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
kernel-devel-4.12.14-150100.197.114.2
kernel-docs-4.12.14-150100.197.114.2
kernel-macros-4.12.14-150100.197.114.2
kernel-source-4.12.14-150100.197.114.2
- SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-150100.197.114.2
cluster-md-kmp-default-debuginfo-4.12.14-150100.197.114.2
dlm-kmp-default-4.12.14-150100.197.114.2
dlm-kmp-default-debuginfo-4.12.14-150100.197.114.2
gfs2-kmp-default-4.12.14-150100.197.114.2
gfs2-kmp-default-debuginfo-4.12.14-150100.197.114.2
kernel-default-debuginfo-4.12.14-150100.197.114.2
kernel-default-debugsource-4.12.14-150100.197.114.2
ocfs2-kmp-default-4.12.14-150100.197.114.2
ocfs2-kmp-default-debuginfo-4.12.14-150100.197.114.2
- SUSE Enterprise Storage 6 (aarch64 x86_64):
kernel-default-4.12.14-150100.197.114.2
kernel-default-base-4.12.14-150100.197.114.2
kernel-default-base-debuginfo-4.12.14-150100.197.114.2
kernel-default-debuginfo-4.12.14-150100.197.114.2
kernel-default-debugsource-4.12.14-150100.197.114.2
kernel-default-devel-4.12.14-150100.197.114.2
kernel-default-devel-debuginfo-4.12.14-150100.197.114.2
kernel-obs-build-4.12.14-150100.197.114.2
kernel-obs-build-debugsource-4.12.14-150100.197.114.2
kernel-syms-4.12.14-150100.197.114.2
reiserfs-kmp-default-4.12.14-150100.197.114.2
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.114.2
- SUSE Enterprise Storage 6 (noarch):
kernel-devel-4.12.14-150100.197.114.2
kernel-docs-4.12.14-150100.197.114.2
kernel-macros-4.12.14-150100.197.114.2
kernel-source-4.12.14-150100.197.114.2
- SUSE CaaS Platform 4.0 (x86_64):
kernel-default-4.12.14-150100.197.114.2
kernel-default-base-4.12.14-150100.197.114.2
kernel-default-base-debuginfo-4.12.14-150100.197.114.2
kernel-default-debuginfo-4.12.14-150100.197.114.2
kernel-default-debugsource-4.12.14-150100.197.114.2
kernel-default-devel-4.12.14-150100.197.114.2
kernel-default-devel-debuginfo-4.12.14-150100.197.114.2
kernel-obs-build-4.12.14-150100.197.114.2
kernel-obs-build-debugsource-4.12.14-150100.197.114.2
kernel-syms-4.12.14-150100.197.114.2
reiserfs-kmp-default-4.12.14-150100.197.114.2
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.114.2
- SUSE CaaS Platform 4.0 (noarch):
kernel-devel-4.12.14-150100.197.114.2
kernel-docs-4.12.14-150100.197.114.2
kernel-macros-4.12.14-150100.197.114.2
kernel-source-4.12.14-150100.197.114.2
References:
https://www.suse.com/security/cve/CVE-2017-13695.html
https://www.suse.com/security/cve/CVE-2018-7755.html
https://www.suse.com/security/cve/CVE-2019-19377.html
https://www.suse.com/security/cve/CVE-2019-20811.html
https://www.suse.com/security/cve/CVE-2020-26541.html
https://www.suse.com/security/cve/CVE-2021-20292.html
https://www.suse.com/security/cve/CVE-2021-20321.html
https://www.suse.com/security/cve/CVE-2021-33061.html
https://www.suse.com/security/cve/CVE-2021-38208.html
https://www.suse.com/security/cve/CVE-2021-39711.html
https://www.suse.com/security/cve/CVE-2021-43389.html
https://www.suse.com/security/cve/CVE-2022-1011.html
https://www.suse.com/security/cve/CVE-2022-1184.html
https://www.suse.com/security/cve/CVE-2022-1353.html
https://www.suse.com/security/cve/CVE-2022-1419.html
https://www.suse.com/security/cve/CVE-2022-1516.html
https://www.suse.com/security/cve/CVE-2022-1652.html
https://www.suse.com/security/cve/CVE-2022-1729.html
https://www.suse.com/security/cve/CVE-2022-1734.html
https://www.suse.com/security/cve/CVE-2022-1974.html
https://www.suse.com/security/cve/CVE-2022-1975.html
https://www.suse.com/security/cve/CVE-2022-21123.html
https://www.suse.com/security/cve/CVE-2022-21125.html
https://www.suse.com/security/cve/CVE-2022-21127.html
https://www.suse.com/security/cve/CVE-2022-21166.html
https://www.suse.com/security/cve/CVE-2022-21180.html
https://www.suse.com/security/cve/CVE-2022-21499.html
https://www.suse.com/security/cve/CVE-2022-22942.html
https://www.suse.com/security/cve/CVE-2022-28748.html
https://www.suse.com/security/cve/CVE-2022-30594.html
https://bugzilla.suse.com/1028340
https://bugzilla.suse.com/1055710
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1071995
https://bugzilla.suse.com/1084513
https://bugzilla.suse.com/1087082
https://bugzilla.suse.com/1114648
https://bugzilla.suse.com/1158266
https://bugzilla.suse.com/1172456
https://bugzilla.suse.com/1177282
https://bugzilla.suse.com/1182171
https://bugzilla.suse.com/1183723
https://bugzilla.suse.com/1187055
https://bugzilla.suse.com/1191647
https://bugzilla.suse.com/1191958
https://bugzilla.suse.com/1195065
https://bugzilla.suse.com/1195651
https://bugzilla.suse.com/1196018
https://bugzilla.suse.com/1196367
https://bugzilla.suse.com/1196426
https://bugzilla.suse.com/1196999
https://bugzilla.suse.com/1197219
https://bugzilla.suse.com/1197343
https://bugzilla.suse.com/1197663
https://bugzilla.suse.com/1198400
https://bugzilla.suse.com/1198516
https://bugzilla.suse.com/1198577
https://bugzilla.suse.com/1198660
https://bugzilla.suse.com/1198687
https://bugzilla.suse.com/1198742
https://bugzilla.suse.com/1198777
https://bugzilla.suse.com/1198825
https://bugzilla.suse.com/1199012
https://bugzilla.suse.com/1199063
https://bugzilla.suse.com/1199314
https://bugzilla.suse.com/1199399
https://bugzilla.suse.com/1199426
https://bugzilla.suse.com/1199505
https://bugzilla.suse.com/1199507
https://bugzilla.suse.com/1199605
https://bugzilla.suse.com/1199650
https://bugzilla.suse.com/1200143
https://bugzilla.suse.com/1200144
https://bugzilla.suse.com/1200249
1
0
SUSE-SU-2022:2107-1: important: Security update for mariadb
by opensuse-security@opensuse.org 16 Jun '22
by opensuse-security@opensuse.org 16 Jun '22
16 Jun '22
SUSE Security Update: Security update for mariadb
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2107-1
Rating: important
References: #1198603 #1198604 #1198606 #1198607 #1198610
#1198611 #1198612 #1198613 #1198629 #1199928
Cross-References: CVE-2021-46669 CVE-2022-21427 CVE-2022-27377
CVE-2022-27378 CVE-2022-27380 CVE-2022-27381
CVE-2022-27383 CVE-2022-27384 CVE-2022-27386
CVE-2022-27387 CVE-2022-27445
CVSS scores:
CVE-2021-46669 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21427 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27377 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27377 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27378 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27378 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27380 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27380 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27381 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27381 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27383 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27383 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27384 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27384 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27386 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27386 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27387 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27387 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-27445 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27445 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 11 vulnerabilities is now available.
Description:
This update for mariadb fixes the following issues:
- CVE-2021-46669 (bsc#1199928)
- CVE-2022-21427 (bsc#1199928)
- CVE-2022-27377 (bsc#1198603)
- CVE-2022-27378 (bsc#1198604)
- CVE-2022-27380 (bsc#1198606)
- CVE-2022-27381 (bsc#1198607)
- CVE-2022-27383 (bsc#1198610)
- CVE-2022-27384 (bsc#1198611)
- CVE-2022-27386 (bsc#1198612)
- CVE-2022-27387 (bsc#1198613)
- CVE-2022-27445 (bsc#1198629)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2107=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2107=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2107=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2107=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2107=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2107=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2107=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2107=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2107=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2107=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-2107=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libmysqld-devel-10.2.44-150000.3.54.1
libmysqld19-10.2.44-150000.3.54.1
libmysqld19-debuginfo-10.2.44-150000.3.54.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
libmysqld-devel-10.2.44-150000.3.54.1
libmysqld19-10.2.44-150000.3.54.1
libmysqld19-debuginfo-10.2.44-150000.3.54.1
mariadb-10.2.44-150000.3.54.1
mariadb-client-10.2.44-150000.3.54.1
mariadb-client-debuginfo-10.2.44-150000.3.54.1
mariadb-debuginfo-10.2.44-150000.3.54.1
mariadb-debugsource-10.2.44-150000.3.54.1
mariadb-tools-10.2.44-150000.3.54.1
mariadb-tools-debuginfo-10.2.44-150000.3.54.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
mariadb-errormessages-10.2.44-150000.3.54.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
libmysqld-devel-10.2.44-150000.3.54.1
libmysqld19-10.2.44-150000.3.54.1
libmysqld19-debuginfo-10.2.44-150000.3.54.1
mariadb-10.2.44-150000.3.54.1
mariadb-client-10.2.44-150000.3.54.1
mariadb-client-debuginfo-10.2.44-150000.3.54.1
mariadb-debuginfo-10.2.44-150000.3.54.1
mariadb-debugsource-10.2.44-150000.3.54.1
mariadb-tools-10.2.44-150000.3.54.1
mariadb-tools-debuginfo-10.2.44-150000.3.54.1
- SUSE Linux Enterprise Server for SAP 15 (noarch):
mariadb-errormessages-10.2.44-150000.3.54.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
libmysqld-devel-10.2.44-150000.3.54.1
libmysqld19-10.2.44-150000.3.54.1
libmysqld19-debuginfo-10.2.44-150000.3.54.1
mariadb-10.2.44-150000.3.54.1
mariadb-client-10.2.44-150000.3.54.1
mariadb-client-debuginfo-10.2.44-150000.3.54.1
mariadb-debuginfo-10.2.44-150000.3.54.1
mariadb-debugsource-10.2.44-150000.3.54.1
mariadb-tools-10.2.44-150000.3.54.1
mariadb-tools-debuginfo-10.2.44-150000.3.54.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
mariadb-errormessages-10.2.44-150000.3.54.1
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
mariadb-errormessages-10.2.44-150000.3.54.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
libmysqld-devel-10.2.44-150000.3.54.1
libmysqld19-10.2.44-150000.3.54.1
libmysqld19-debuginfo-10.2.44-150000.3.54.1
mariadb-10.2.44-150000.3.54.1
mariadb-client-10.2.44-150000.3.54.1
mariadb-client-debuginfo-10.2.44-150000.3.54.1
mariadb-debuginfo-10.2.44-150000.3.54.1
mariadb-debugsource-10.2.44-150000.3.54.1
mariadb-tools-10.2.44-150000.3.54.1
mariadb-tools-debuginfo-10.2.44-150000.3.54.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
libmysqld-devel-10.2.44-150000.3.54.1
libmysqld19-10.2.44-150000.3.54.1
libmysqld19-debuginfo-10.2.44-150000.3.54.1
mariadb-10.2.44-150000.3.54.1
mariadb-client-10.2.44-150000.3.54.1
mariadb-client-debuginfo-10.2.44-150000.3.54.1
mariadb-debuginfo-10.2.44-150000.3.54.1
mariadb-debugsource-10.2.44-150000.3.54.1
mariadb-tools-10.2.44-150000.3.54.1
mariadb-tools-debuginfo-10.2.44-150000.3.54.1
- SUSE Linux Enterprise Server 15-LTSS (noarch):
mariadb-errormessages-10.2.44-150000.3.54.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
libmysqld-devel-10.2.44-150000.3.54.1
libmysqld19-10.2.44-150000.3.54.1
libmysqld19-debuginfo-10.2.44-150000.3.54.1
mariadb-10.2.44-150000.3.54.1
mariadb-client-10.2.44-150000.3.54.1
mariadb-client-debuginfo-10.2.44-150000.3.54.1
mariadb-debuginfo-10.2.44-150000.3.54.1
mariadb-debugsource-10.2.44-150000.3.54.1
mariadb-tools-10.2.44-150000.3.54.1
mariadb-tools-debuginfo-10.2.44-150000.3.54.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
mariadb-errormessages-10.2.44-150000.3.54.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
libmysqld-devel-10.2.44-150000.3.54.1
libmysqld19-10.2.44-150000.3.54.1
libmysqld19-debuginfo-10.2.44-150000.3.54.1
mariadb-10.2.44-150000.3.54.1
mariadb-client-10.2.44-150000.3.54.1
mariadb-client-debuginfo-10.2.44-150000.3.54.1
mariadb-debuginfo-10.2.44-150000.3.54.1
mariadb-debugsource-10.2.44-150000.3.54.1
mariadb-tools-10.2.44-150000.3.54.1
mariadb-tools-debuginfo-10.2.44-150000.3.54.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
mariadb-errormessages-10.2.44-150000.3.54.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
libmysqld-devel-10.2.44-150000.3.54.1
libmysqld19-10.2.44-150000.3.54.1
libmysqld19-debuginfo-10.2.44-150000.3.54.1
mariadb-10.2.44-150000.3.54.1
mariadb-client-10.2.44-150000.3.54.1
mariadb-client-debuginfo-10.2.44-150000.3.54.1
mariadb-debuginfo-10.2.44-150000.3.54.1
mariadb-debugsource-10.2.44-150000.3.54.1
mariadb-tools-10.2.44-150000.3.54.1
mariadb-tools-debuginfo-10.2.44-150000.3.54.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):
mariadb-errormessages-10.2.44-150000.3.54.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
libmysqld-devel-10.2.44-150000.3.54.1
libmysqld19-10.2.44-150000.3.54.1
libmysqld19-debuginfo-10.2.44-150000.3.54.1
mariadb-10.2.44-150000.3.54.1
mariadb-client-10.2.44-150000.3.54.1
mariadb-client-debuginfo-10.2.44-150000.3.54.1
mariadb-debuginfo-10.2.44-150000.3.54.1
mariadb-debugsource-10.2.44-150000.3.54.1
mariadb-tools-10.2.44-150000.3.54.1
mariadb-tools-debuginfo-10.2.44-150000.3.54.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):
mariadb-errormessages-10.2.44-150000.3.54.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
libmysqld-devel-10.2.44-150000.3.54.1
libmysqld19-10.2.44-150000.3.54.1
libmysqld19-debuginfo-10.2.44-150000.3.54.1
mariadb-10.2.44-150000.3.54.1
mariadb-client-10.2.44-150000.3.54.1
mariadb-client-debuginfo-10.2.44-150000.3.54.1
mariadb-debuginfo-10.2.44-150000.3.54.1
mariadb-debugsource-10.2.44-150000.3.54.1
mariadb-tools-10.2.44-150000.3.54.1
mariadb-tools-debuginfo-10.2.44-150000.3.54.1
- SUSE Enterprise Storage 6 (noarch):
mariadb-errormessages-10.2.44-150000.3.54.1
- SUSE CaaS Platform 4.0 (x86_64):
libmysqld-devel-10.2.44-150000.3.54.1
libmysqld19-10.2.44-150000.3.54.1
libmysqld19-debuginfo-10.2.44-150000.3.54.1
mariadb-10.2.44-150000.3.54.1
mariadb-client-10.2.44-150000.3.54.1
mariadb-client-debuginfo-10.2.44-150000.3.54.1
mariadb-debuginfo-10.2.44-150000.3.54.1
mariadb-debugsource-10.2.44-150000.3.54.1
mariadb-tools-10.2.44-150000.3.54.1
mariadb-tools-debuginfo-10.2.44-150000.3.54.1
- SUSE CaaS Platform 4.0 (noarch):
mariadb-errormessages-10.2.44-150000.3.54.1
References:
https://www.suse.com/security/cve/CVE-2021-46669.html
https://www.suse.com/security/cve/CVE-2022-21427.html
https://www.suse.com/security/cve/CVE-2022-27377.html
https://www.suse.com/security/cve/CVE-2022-27378.html
https://www.suse.com/security/cve/CVE-2022-27380.html
https://www.suse.com/security/cve/CVE-2022-27381.html
https://www.suse.com/security/cve/CVE-2022-27383.html
https://www.suse.com/security/cve/CVE-2022-27384.html
https://www.suse.com/security/cve/CVE-2022-27386.html
https://www.suse.com/security/cve/CVE-2022-27387.html
https://www.suse.com/security/cve/CVE-2022-27445.html
https://bugzilla.suse.com/1198603
https://bugzilla.suse.com/1198604
https://bugzilla.suse.com/1198606
https://bugzilla.suse.com/1198607
https://bugzilla.suse.com/1198610
https://bugzilla.suse.com/1198611
https://bugzilla.suse.com/1198612
https://bugzilla.suse.com/1198613
https://bugzilla.suse.com/1198629
https://bugzilla.suse.com/1199928
1
0
SUSE-SU-2022:2102-1: important: Security update for vim
by opensuse-security@opensuse.org 16 Jun '22
by opensuse-security@opensuse.org 16 Jun '22
16 Jun '22
SUSE Security Update: Security update for vim
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2102-1
Rating: important
References: #1070955 #1191770 #1192167 #1192902 #1192903
#1192904 #1193466 #1193905 #1194093 #1194216
#1194217 #1194388 #1194872 #1194885 #1195004
#1195203 #1195332 #1195354 #1196361 #1198596
#1198748 #1199331 #1199333 #1199334 #1199651
#1199655 #1199693 #1199745 #1199747 #1199936
#1200010 #1200011 #1200012
Cross-References: CVE-2017-17087 CVE-2021-3778 CVE-2021-3796
CVE-2021-3872 CVE-2021-3875 CVE-2021-3903
CVE-2021-3927 CVE-2021-3928 CVE-2021-3968
CVE-2021-3973 CVE-2021-3974 CVE-2021-3984
CVE-2021-4019 CVE-2021-4069 CVE-2021-4136
CVE-2021-4166 CVE-2021-4192 CVE-2021-4193
CVE-2021-46059 CVE-2022-0128 CVE-2022-0213
CVE-2022-0261 CVE-2022-0318 CVE-2022-0319
CVE-2022-0351 CVE-2022-0359 CVE-2022-0361
CVE-2022-0392 CVE-2022-0407 CVE-2022-0413
CVE-2022-0696 CVE-2022-1381 CVE-2022-1420
CVE-2022-1616 CVE-2022-1619 CVE-2022-1620
CVE-2022-1733 CVE-2022-1735 CVE-2022-1771
CVE-2022-1785 CVE-2022-1796 CVE-2022-1851
CVE-2022-1897 CVE-2022-1898 CVE-2022-1927
CVSS scores:
CVE-2017-17087 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2017-17087 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2021-3778 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-3778 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2021-3796 (NVD) : 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H
CVE-2021-3796 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2021-3872 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-3872 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-3875 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-3875 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2021-3903 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3903 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-3927 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-3927 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-3928 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3928 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-3968 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2021-3973 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-3974 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-3974 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3984 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-3984 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-4019 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-4019 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-4069 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-4069 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CVE-2021-4136 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-4136 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-4166 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CVE-2021-4166 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
CVE-2021-4192 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-4192 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2021-4193 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2021-4193 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2021-46059 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0128 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-0128 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2022-0213 (NVD) : 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
CVE-2022-0213 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0261 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-0261 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0319 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-0319 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2022-0351 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-0351 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-0359 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-0359 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
CVE-2022-0361 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-0361 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
CVE-2022-0392 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-0392 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CVE-2022-0407 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-0407 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-0413 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-0413 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-0696 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0696 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-1381 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-1381 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2022-1420 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-1420 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-1616 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-1616 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2022-1619 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-1619 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2022-1620 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1620 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2022-1733 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1733 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2022-1735 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-1735 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2022-1771 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-1771 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-1785 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1785 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-1796 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-1796 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-1851 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-1851 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-1897 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-1897 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2022-1898 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-1898 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2022-1927 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1927 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 45 vulnerabilities is now available.
Description:
This update for vim fixes the following issues:
- CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955).
- CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770).
- CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167).
- CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902).
- CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903).
- CVE-2021-3974: Fixed use-after-free (bsc#1192904).
- CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c
(bsc#1193466).
- CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905).
- CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093).
- CVE-2021-4192: Fixed use-after-free (bsc#1194217).
- CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216).
- CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388).
- CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885).
- CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872).
- CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004).
- CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in
ex_getln.c (bsc#1195203).
- CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332).
- CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354).
- CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361).
- CVE-2022-1381: Fixed global heap buffer overflow in skip_range
(bsc#1198596).
- CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748).
- CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331).
- CVE-2022-1619: Fixed heap-based Buffer Overflow in function
cmdline_erase_chars (bsc#1199333).
- CVE-2022-1620: Fixed NULL pointer dereference in function
vim_regexec_string (bsc#1199334).
- CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c
(bsc#1199655).
- CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651).
- CVE-2022-1771: Fixed stack exhaustion (bsc#1199693).
- CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745).
- CVE-2022-1796: Fixed use-after-free in find_pattern_in_path
(bsc#1199747).
- CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936).
- CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010).
- CVE-2022-1898: Fixed use-after-free (bsc#1200011).
- CVE-2022-1927: Fixed buffer over-read (bsc#1200012).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2102=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2102=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2102=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2102=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2102=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2102=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2102=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2102=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2102=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2102=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2102=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2102=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2102=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2102=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2102=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2102=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2102=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2102=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2102=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2102=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2102=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2102=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2102=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2102=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2102=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-2102=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-2102=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
gvim-8.2.5038-150000.5.21.1
gvim-debuginfo-8.2.5038-150000.5.21.1
vim-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
vim-small-8.2.5038-150000.5.21.1
vim-small-debuginfo-8.2.5038-150000.5.21.1
- openSUSE Leap 15.4 (noarch):
vim-data-8.2.5038-150000.5.21.1
vim-data-common-8.2.5038-150000.5.21.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
gvim-8.2.5038-150000.5.21.1
gvim-debuginfo-8.2.5038-150000.5.21.1
vim-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
vim-small-8.2.5038-150000.5.21.1
vim-small-debuginfo-8.2.5038-150000.5.21.1
- openSUSE Leap 15.3 (noarch):
vim-data-8.2.5038-150000.5.21.1
vim-data-common-8.2.5038-150000.5.21.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
gvim-8.2.5038-150000.5.21.1
gvim-debuginfo-8.2.5038-150000.5.21.1
vim-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
- SUSE Manager Server 4.1 (noarch):
vim-data-8.2.5038-150000.5.21.1
vim-data-common-8.2.5038-150000.5.21.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
vim-data-8.2.5038-150000.5.21.1
vim-data-common-8.2.5038-150000.5.21.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
gvim-8.2.5038-150000.5.21.1
gvim-debuginfo-8.2.5038-150000.5.21.1
vim-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
- SUSE Manager Proxy 4.1 (x86_64):
gvim-8.2.5038-150000.5.21.1
gvim-debuginfo-8.2.5038-150000.5.21.1
vim-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
- SUSE Manager Proxy 4.1 (noarch):
vim-data-8.2.5038-150000.5.21.1
vim-data-common-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
gvim-8.2.5038-150000.5.21.1
gvim-debuginfo-8.2.5038-150000.5.21.1
vim-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
vim-data-8.2.5038-150000.5.21.1
vim-data-common-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
gvim-8.2.5038-150000.5.21.1
gvim-debuginfo-8.2.5038-150000.5.21.1
vim-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
vim-data-8.2.5038-150000.5.21.1
vim-data-common-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
gvim-8.2.5038-150000.5.21.1
gvim-debuginfo-8.2.5038-150000.5.21.1
vim-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Server for SAP 15 (noarch):
vim-data-8.2.5038-150000.5.21.1
vim-data-common-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
gvim-8.2.5038-150000.5.21.1
gvim-debuginfo-8.2.5038-150000.5.21.1
vim-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
vim-data-8.2.5038-150000.5.21.1
vim-data-common-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
vim-data-8.2.5038-150000.5.21.1
vim-data-common-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
gvim-8.2.5038-150000.5.21.1
gvim-debuginfo-8.2.5038-150000.5.21.1
vim-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
gvim-8.2.5038-150000.5.21.1
gvim-debuginfo-8.2.5038-150000.5.21.1
vim-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
vim-data-8.2.5038-150000.5.21.1
vim-data-common-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
vim-data-8.2.5038-150000.5.21.1
vim-data-common-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
gvim-8.2.5038-150000.5.21.1
gvim-debuginfo-8.2.5038-150000.5.21.1
vim-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
gvim-8.2.5038-150000.5.21.1
gvim-debuginfo-8.2.5038-150000.5.21.1
vim-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Server 15-LTSS (noarch):
vim-data-8.2.5038-150000.5.21.1
vim-data-common-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
gvim-8.2.5038-150000.5.21.1
gvim-debuginfo-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
gvim-8.2.5038-150000.5.21.1
gvim-debuginfo-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
vim-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
vim-small-8.2.5038-150000.5.21.1
vim-small-debuginfo-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):
vim-data-8.2.5038-150000.5.21.1
vim-data-common-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
vim-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
vim-small-8.2.5038-150000.5.21.1
vim-small-debuginfo-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
vim-data-8.2.5038-150000.5.21.1
vim-data-common-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
vim-small-8.2.5038-150000.5.21.1
vim-small-debuginfo-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Micro 5.2 (noarch):
vim-data-common-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
vim-small-8.2.5038-150000.5.21.1
vim-small-debuginfo-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise Micro 5.1 (noarch):
vim-data-common-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
gvim-8.2.5038-150000.5.21.1
gvim-debuginfo-8.2.5038-150000.5.21.1
vim-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
vim-data-8.2.5038-150000.5.21.1
vim-data-common-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
gvim-8.2.5038-150000.5.21.1
gvim-debuginfo-8.2.5038-150000.5.21.1
vim-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
vim-data-8.2.5038-150000.5.21.1
vim-data-common-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
gvim-8.2.5038-150000.5.21.1
gvim-debuginfo-8.2.5038-150000.5.21.1
vim-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
vim-data-8.2.5038-150000.5.21.1
vim-data-common-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
gvim-8.2.5038-150000.5.21.1
gvim-debuginfo-8.2.5038-150000.5.21.1
vim-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
vim-data-8.2.5038-150000.5.21.1
vim-data-common-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
gvim-8.2.5038-150000.5.21.1
gvim-debuginfo-8.2.5038-150000.5.21.1
vim-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):
vim-data-8.2.5038-150000.5.21.1
vim-data-common-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
gvim-8.2.5038-150000.5.21.1
gvim-debuginfo-8.2.5038-150000.5.21.1
vim-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):
vim-data-8.2.5038-150000.5.21.1
vim-data-common-8.2.5038-150000.5.21.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
gvim-8.2.5038-150000.5.21.1
gvim-debuginfo-8.2.5038-150000.5.21.1
vim-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
- SUSE Enterprise Storage 7 (noarch):
vim-data-8.2.5038-150000.5.21.1
vim-data-common-8.2.5038-150000.5.21.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
gvim-8.2.5038-150000.5.21.1
gvim-debuginfo-8.2.5038-150000.5.21.1
vim-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
- SUSE Enterprise Storage 6 (noarch):
vim-data-8.2.5038-150000.5.21.1
vim-data-common-8.2.5038-150000.5.21.1
- SUSE CaaS Platform 4.0 (noarch):
vim-data-8.2.5038-150000.5.21.1
vim-data-common-8.2.5038-150000.5.21.1
- SUSE CaaS Platform 4.0 (x86_64):
gvim-8.2.5038-150000.5.21.1
gvim-debuginfo-8.2.5038-150000.5.21.1
vim-8.2.5038-150000.5.21.1
vim-debuginfo-8.2.5038-150000.5.21.1
vim-debugsource-8.2.5038-150000.5.21.1
References:
https://www.suse.com/security/cve/CVE-2017-17087.html
https://www.suse.com/security/cve/CVE-2021-3778.html
https://www.suse.com/security/cve/CVE-2021-3796.html
https://www.suse.com/security/cve/CVE-2021-3872.html
https://www.suse.com/security/cve/CVE-2021-3875.html
https://www.suse.com/security/cve/CVE-2021-3903.html
https://www.suse.com/security/cve/CVE-2021-3927.html
https://www.suse.com/security/cve/CVE-2021-3928.html
https://www.suse.com/security/cve/CVE-2021-3968.html
https://www.suse.com/security/cve/CVE-2021-3973.html
https://www.suse.com/security/cve/CVE-2021-3974.html
https://www.suse.com/security/cve/CVE-2021-3984.html
https://www.suse.com/security/cve/CVE-2021-4019.html
https://www.suse.com/security/cve/CVE-2021-4069.html
https://www.suse.com/security/cve/CVE-2021-4136.html
https://www.suse.com/security/cve/CVE-2021-4166.html
https://www.suse.com/security/cve/CVE-2021-4192.html
https://www.suse.com/security/cve/CVE-2021-4193.html
https://www.suse.com/security/cve/CVE-2021-46059.html
https://www.suse.com/security/cve/CVE-2022-0128.html
https://www.suse.com/security/cve/CVE-2022-0213.html
https://www.suse.com/security/cve/CVE-2022-0261.html
https://www.suse.com/security/cve/CVE-2022-0318.html
https://www.suse.com/security/cve/CVE-2022-0319.html
https://www.suse.com/security/cve/CVE-2022-0351.html
https://www.suse.com/security/cve/CVE-2022-0359.html
https://www.suse.com/security/cve/CVE-2022-0361.html
https://www.suse.com/security/cve/CVE-2022-0392.html
https://www.suse.com/security/cve/CVE-2022-0407.html
https://www.suse.com/security/cve/CVE-2022-0413.html
https://www.suse.com/security/cve/CVE-2022-0696.html
https://www.suse.com/security/cve/CVE-2022-1381.html
https://www.suse.com/security/cve/CVE-2022-1420.html
https://www.suse.com/security/cve/CVE-2022-1616.html
https://www.suse.com/security/cve/CVE-2022-1619.html
https://www.suse.com/security/cve/CVE-2022-1620.html
https://www.suse.com/security/cve/CVE-2022-1733.html
https://www.suse.com/security/cve/CVE-2022-1735.html
https://www.suse.com/security/cve/CVE-2022-1771.html
https://www.suse.com/security/cve/CVE-2022-1785.html
https://www.suse.com/security/cve/CVE-2022-1796.html
https://www.suse.com/security/cve/CVE-2022-1851.html
https://www.suse.com/security/cve/CVE-2022-1897.html
https://www.suse.com/security/cve/CVE-2022-1898.html
https://www.suse.com/security/cve/CVE-2022-1927.html
https://bugzilla.suse.com/1070955
https://bugzilla.suse.com/1191770
https://bugzilla.suse.com/1192167
https://bugzilla.suse.com/1192902
https://bugzilla.suse.com/1192903
https://bugzilla.suse.com/1192904
https://bugzilla.suse.com/1193466
https://bugzilla.suse.com/1193905
https://bugzilla.suse.com/1194093
https://bugzilla.suse.com/1194216
https://bugzilla.suse.com/1194217
https://bugzilla.suse.com/1194388
https://bugzilla.suse.com/1194872
https://bugzilla.suse.com/1194885
https://bugzilla.suse.com/1195004
https://bugzilla.suse.com/1195203
https://bugzilla.suse.com/1195332
https://bugzilla.suse.com/1195354
https://bugzilla.suse.com/1196361
https://bugzilla.suse.com/1198596
https://bugzilla.suse.com/1198748
https://bugzilla.suse.com/1199331
https://bugzilla.suse.com/1199333
https://bugzilla.suse.com/1199334
https://bugzilla.suse.com/1199651
https://bugzilla.suse.com/1199655
https://bugzilla.suse.com/1199693
https://bugzilla.suse.com/1199745
https://bugzilla.suse.com/1199747
https://bugzilla.suse.com/1199936
https://bugzilla.suse.com/1200010
https://bugzilla.suse.com/1200011
https://bugzilla.suse.com/1200012
1
0
SUSE-SU-2022:2108-1: important: Security update for rubygem-actionpack-5_1, rubygem-activesupport-5_1
by opensuse-security@opensuse.org 16 Jun '22
by opensuse-security@opensuse.org 16 Jun '22
16 Jun '22
SUSE Security Update: Security update for rubygem-actionpack-5_1, rubygem-activesupport-5_1
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2108-1
Rating: important
References: #1185780 #1196182
Cross-References: CVE-2021-22904 CVE-2022-23633
CVSS scores:
CVE-2021-22904 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-22904 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-23633 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-23633 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
SUSE Linux Enterprise High Availability 15
SUSE Linux Enterprise High Availability 15-SP1
SUSE Linux Enterprise High Availability 15-SP2
SUSE Linux Enterprise High Availability 15-SP3
SUSE Linux Enterprise High Availability 15-SP4
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise High Performance Computing 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP2
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15-SP1
SUSE Linux Enterprise Server 15-SP2
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15-SP1
SUSE Linux Enterprise Server for SAP Applications 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.0
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.0
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.0
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for rubygem-actionpack-5_1 and rubygem-activesupport-5_1 fixes
the following issues:
- CVE-2021-22904: Fixed possible DoS Vulnerability in Action Controller
Token Authentication (bsc#1185780)
- CVE-2022-23633: Fixed possible exposure of information vulnerability in
Action Pack (bsc#1196182)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2108=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2108=1
- SUSE Linux Enterprise High Availability 15-SP4:
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2108=1
- SUSE Linux Enterprise High Availability 15-SP3:
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2108=1
- SUSE Linux Enterprise High Availability 15-SP2:
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2108=1
- SUSE Linux Enterprise High Availability 15-SP1:
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2108=1
- SUSE Linux Enterprise High Availability 15:
zypper in -t patch SUSE-SLE-Product-HA-15-2022-2108=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1
ruby2.5-rubygem-actionpack-doc-5_1-5.1.4-150000.3.12.1
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1
ruby2.5-rubygem-activesupport-doc-5_1-5.1.4-150000.3.6.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1
ruby2.5-rubygem-actionpack-doc-5_1-5.1.4-150000.3.12.1
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1
ruby2.5-rubygem-activesupport-doc-5_1-5.1.4-150000.3.6.1
- SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1
- SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1
- SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1
- SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1
- SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1
References:
https://www.suse.com/security/cve/CVE-2021-22904.html
https://www.suse.com/security/cve/CVE-2022-23633.html
https://bugzilla.suse.com/1185780
https://bugzilla.suse.com/1196182
1
0
openSUSE-SU-2022:10005-1: important: Security update for chromium
by opensuse-security@opensuse.org 15 Jun '22
by opensuse-security@opensuse.org 15 Jun '22
15 Jun '22
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10005-1
Rating: important
References: #1199893
Cross-References: CVE-2022-1853 CVE-2022-1854 CVE-2022-1855
CVE-2022-1856 CVE-2022-1857 CVE-2022-1858
CVE-2022-1859 CVE-2022-1860 CVE-2022-1861
CVE-2022-1862 CVE-2022-1863 CVE-2022-1864
CVE-2022-1865 CVE-2022-1866 CVE-2022-1867
CVE-2022-1868 CVE-2022-1869 CVE-2022-1870
CVE-2022-1871 CVE-2022-1872 CVE-2022-1873
CVE-2022-1874 CVE-2022-1875 CVE-2022-1876
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes 24 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium 102.0.5001.61 (boo#1199893)
* CVE-2022-1853: Use after free in Indexed DB
* CVE-2022-1854: Use after free in ANGLE
* CVE-2022-1855: Use after free in Messaging
* CVE-2022-1856: Use after free in User Education
* CVE-2022-1857: Insufficient policy enforcement in File System API
* CVE-2022-1858: Out of bounds read in DevTools
* CVE-2022-1859: Use after free in Performance Manager
* CVE-2022-1860: Use after free in UI Foundations
* CVE-2022-1861: Use after free in Sharing
* CVE-2022-1862: Inappropriate implementation in Extensions
* CVE-2022-1863: Use after free in Tab Groups
* CVE-2022-1864: Use after free in WebApp Installs
* CVE-2022-1865: Use after free in Bookmarks
* CVE-2022-1866: Use after free in Tablet Mode
* CVE-2022-1867: Insufficient validation of untrusted input in Data
Transfer
* CVE-2022-1868: Inappropriate implementation in Extensions API
* CVE-2022-1869: Type Confusion in V8
* CVE-2022-1870: Use after free in App Service
* CVE-2022-1871: Insufficient policy enforcement in File System API
* CVE-2022-1872: Insufficient policy enforcement in Extensions API
* CVE-2022-1873: Insufficient policy enforcement in COOP
* CVE-2022-1874: Insufficient policy enforcement in Safe Browsing
* CVE-2022-1875: Inappropriate implementation in PDF
* CVE-2022-1876: Heap buffer overflow in DevTools
- Chromium 101.0.4951.67
* fixes for other platforms
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10005=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 x86_64):
chromedriver-102.0.5005.61-bp154.2.5.3
chromedriver-debuginfo-102.0.5005.61-bp154.2.5.3
chromium-102.0.5005.61-bp154.2.5.3
chromium-debuginfo-102.0.5005.61-bp154.2.5.3
References:
https://www.suse.com/security/cve/CVE-2022-1853.html
https://www.suse.com/security/cve/CVE-2022-1854.html
https://www.suse.com/security/cve/CVE-2022-1855.html
https://www.suse.com/security/cve/CVE-2022-1856.html
https://www.suse.com/security/cve/CVE-2022-1857.html
https://www.suse.com/security/cve/CVE-2022-1858.html
https://www.suse.com/security/cve/CVE-2022-1859.html
https://www.suse.com/security/cve/CVE-2022-1860.html
https://www.suse.com/security/cve/CVE-2022-1861.html
https://www.suse.com/security/cve/CVE-2022-1862.html
https://www.suse.com/security/cve/CVE-2022-1863.html
https://www.suse.com/security/cve/CVE-2022-1864.html
https://www.suse.com/security/cve/CVE-2022-1865.html
https://www.suse.com/security/cve/CVE-2022-1866.html
https://www.suse.com/security/cve/CVE-2022-1867.html
https://www.suse.com/security/cve/CVE-2022-1868.html
https://www.suse.com/security/cve/CVE-2022-1869.html
https://www.suse.com/security/cve/CVE-2022-1870.html
https://www.suse.com/security/cve/CVE-2022-1871.html
https://www.suse.com/security/cve/CVE-2022-1872.html
https://www.suse.com/security/cve/CVE-2022-1873.html
https://www.suse.com/security/cve/CVE-2022-1874.html
https://www.suse.com/security/cve/CVE-2022-1875.html
https://www.suse.com/security/cve/CVE-2022-1876.html
https://bugzilla.suse.com/1199893
1
0
openSUSE-SU-2022:10010-1: critical: Security update for chromium
by opensuse-security@opensuse.org 15 Jun '22
by opensuse-security@opensuse.org 15 Jun '22
15 Jun '22
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10010-1
Rating: critical
References: #1200139 #1200423
Cross-References: CVE-2022-2007 CVE-2022-2008 CVE-2022-2010
CVE-2022-2011
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
- Chromium 102.0.5005.115 (boo#1200423)
* CVE-2022-2007: Use after free in WebGPU
* CVE-2022-2008: Out of bounds memory access in WebGL
* CVE-2022-2010: Out of bounds read in compositing
* CVE-2022-2011: Use after free in ANGLE
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10010=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 x86_64):
chromedriver-102.0.5005.115-bp154.2.8.1
chromium-102.0.5005.115-bp154.2.8.1
References:
https://www.suse.com/security/cve/CVE-2022-2007.html
https://www.suse.com/security/cve/CVE-2022-2008.html
https://www.suse.com/security/cve/CVE-2022-2010.html
https://www.suse.com/security/cve/CVE-2022-2011.html
https://bugzilla.suse.com/1200139
https://bugzilla.suse.com/1200423
1
0
openSUSE-SU-2022:10002-1: important: Security update for librecad
by opensuse-security@opensuse.org 15 Jun '22
by opensuse-security@opensuse.org 15 Jun '22
15 Jun '22
openSUSE Security Update: Security update for librecad
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10002-1
Rating: important
References: #1195105 #1195122 #1197664
Cross-References: CVE-2021-45341 CVE-2021-45342
CVSS scores:
CVE-2021-45341 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-45342 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that solves two vulnerabilities and has one
errata is now available.
Description:
This update for librecad fixes the following issues:
- CVE-2021-45341: Fixed a buffer overflow vulnerability in LibreCAD allows
an attacker to achieve remote code execution via a crafted JWW document
[boo#1195105]
- CVE-2021-45342: Fixed a buffer overflow vulnerability in jwwlib in
LibreCAD allows an attacker to achieve remote code execution via a
crafted JWW document [boo#1195122]
- Strip excess blank fields from librecad.desktop:MimeType [boo#1197664]
Update to 2.2.0-rc3
* major release
* DWG imports are more reliable now
* and a lot more of bugfixes and improvements
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10002=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
libdxfrw-debuginfo-1.0.1+git.20220109-bp154.2.3.1
libdxfrw-debugsource-1.0.1+git.20220109-bp154.2.3.1
libdxfrw-devel-1.0.1+git.20220109-bp154.2.3.1
libdxfrw-tools-1.0.1+git.20220109-bp154.2.3.1
libdxfrw-tools-debuginfo-1.0.1+git.20220109-bp154.2.3.1
libdxfrw1-1.0.1+git.20220109-bp154.2.3.1
libdxfrw1-debuginfo-1.0.1+git.20220109-bp154.2.3.1
- openSUSE Backports SLE-15-SP4 (aarch64 ppc64le s390x x86_64):
librecad-2.2.0~rc3-bp154.3.3.1
- openSUSE Backports SLE-15-SP4 (noarch):
librecad-parts-2.2.0~rc3-bp154.3.3.1
References:
https://www.suse.com/security/cve/CVE-2021-45341.html
https://www.suse.com/security/cve/CVE-2021-45342.html
https://bugzilla.suse.com/1195105
https://bugzilla.suse.com/1195122
https://bugzilla.suse.com/1197664
1
0
openSUSE-SU-2022:10007-1: moderate: Security update for caddy
by opensuse-security@opensuse.org 15 Jun '22
by opensuse-security@opensuse.org 15 Jun '22
15 Jun '22
openSUSE Security Update: Security update for caddy
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10007-1
Rating: moderate
References: #1200279
Cross-References: CVE-2022-297182
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for caddy fixes the following issues:
Update to version 2.5.1:
* Fixed regression in Unix socket admin endpoints.
* Fixed regression in caddy trust commands.
* Hash-based load balancing policies (ip_hash, uri_hash, header, and
cookie) use an improved highest-random-weight (HRW) algorithm for
increased consistency.
* Dynamic upstreams, which is the ability to get the list of upstreams at
every request (more specifically, every iteration in the proxy loop of
every request) rather than just once at config-load time.
* Caddy will automatically try to get relevant certificates from the local
Tailscale instance.
* New OpenTelemetry integration.
* Added new endpoints /pki/ca/<id> and /pki/ca/<id>/certificates for
getting information about Caddy's managed CAs.
* Rename _caddy to zsh-completion
* Fix MatchPath sanitizing [bsc#1200279, CVE-2022-29718]
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10007=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
caddy-2.5.1-bp154.2.5.1
References:
https://www.suse.com/security/cve/CVE-2022-297182.html
https://bugzilla.suse.com/1200279
1
0
openSUSE-SU-2022:0155-1: moderate: Security update for libredwg
by opensuse-security@opensuse.org 15 Jun '22
by opensuse-security@opensuse.org 15 Jun '22
15 Jun '22
openSUSE Security Update: Security update for libredwg
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0155-1
Rating: moderate
References: #1193372
Cross-References: CVE-2021-28237
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libredwg fixes the following issues:
Update to release 0.12.5 [boo#1193372] [CVE-2021-28237]
* Restricted accepted DXF objects to all stable and unstable classes,
minus MATERIAL, ARC_DIMENSION, SUN, PROXY*. I.e. most unstable objects
do not allow unknown DXF codes anymore. This fixed most oss-fuzz errors.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-155=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
libredwg-devel-0.12.5-bp154.2.3.1
libredwg-tools-0.12.5-bp154.2.3.1
libredwg0-0.12.5-bp154.2.3.1
References:
https://www.suse.com/security/cve/CVE-2021-28237.html
https://bugzilla.suse.com/1193372
1
0
openSUSE-SU-2022:0144-1: moderate: Security update for varnish
by opensuse-security@opensuse.org 15 Jun '22
by opensuse-security@opensuse.org 15 Jun '22
15 Jun '22
SUSE Security Update: Security update for varnish
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0144-1
Rating: moderate
References: #1194469 #1195188
Cross-References: CVE-2021-4122 CVE-2022-23959
CVSS scores:
CVE-2021-4122 (SUSE): 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2022-23959 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2022-23959 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
openSUSE Backports SLE-15-SP4
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for varnish fixes the following issues:
varnish was updated to release 7.1.0 [boo#1195188] [CVE-2022-23959]
* VCL: It is now possible to assign a BLOB value to a BODY variable, in
addition to STRING as before.
* VMOD: New STRING strftime(TIME time, STRING format) function for UTC
formatting.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-144=1
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-144=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
cryptsetup-2.3.7-150300.3.5.1
cryptsetup-debuginfo-2.3.7-150300.3.5.1
cryptsetup-debugsource-2.3.7-150300.3.5.1
libcryptsetup-devel-2.3.7-150300.3.5.1
libcryptsetup12-2.3.7-150300.3.5.1
libcryptsetup12-debuginfo-2.3.7-150300.3.5.1
libcryptsetup12-hmac-2.3.7-150300.3.5.1
- openSUSE Leap 15.3 (x86_64):
libcryptsetup12-32bit-2.3.7-150300.3.5.1
libcryptsetup12-32bit-debuginfo-2.3.7-150300.3.5.1
libcryptsetup12-hmac-32bit-2.3.7-150300.3.5.1
- openSUSE Leap 15.3 (noarch):
cryptsetup-lang-2.3.7-150300.3.5.1
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
libvarnishapi3-7.1.0-bp154.2.3.1
varnish-7.1.0-bp154.2.3.1
varnish-devel-7.1.0-bp154.2.3.1
References:
https://www.suse.com/security/cve/CVE-2021-4122.html
https://www.suse.com/security/cve/CVE-2022-23959.html
https://bugzilla.suse.com/1194469
https://bugzilla.suse.com/1195188
1
0
openSUSE-SU-2022:10009-1: critical: Security update for chromium
by opensuse-security@opensuse.org 15 Jun '22
by opensuse-security@opensuse.org 15 Jun '22
15 Jun '22
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10009-1
Rating: critical
References: #1199893 #1200139 #1200423
Cross-References: CVE-2022-1853 CVE-2022-1854 CVE-2022-1855
CVE-2022-1856 CVE-2022-1857 CVE-2022-1858
CVE-2022-1859 CVE-2022-1860 CVE-2022-1861
CVE-2022-1862 CVE-2022-1863 CVE-2022-1864
CVE-2022-1865 CVE-2022-1866 CVE-2022-1867
CVE-2022-1868 CVE-2022-1869 CVE-2022-1870
CVE-2022-1871 CVE-2022-1872 CVE-2022-1873
CVE-2022-1874 CVE-2022-1875 CVE-2022-1876
CVE-2022-2007 CVE-2022-2008 CVE-2022-2010
CVE-2022-2011
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes 28 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium 102.0.5005.115 (boo#1200423)
* CVE-2022-2007: Use after free in WebGPU
* CVE-2022-2008: Out of bounds memory access in WebGL
* CVE-2022-2010: Out of bounds read in compositing
* CVE-2022-2011: Use after free in ANGLE
Chromium 102.0.5001.61 (boo#1199893)
* CVE-2022-1853: Use after free in Indexed DB
* CVE-2022-1854: Use after free in ANGLE
* CVE-2022-1855: Use after free in Messaging
* CVE-2022-1856: Use after free in User Education
* CVE-2022-1857: Insufficient policy enforcement in File System API
* CVE-2022-1858: Out of bounds read in DevTools
* CVE-2022-1859: Use after free in Performance Manager
* CVE-2022-1860: Use after free in UI Foundations
* CVE-2022-1861: Use after free in Sharing
* CVE-2022-1862: Inappropriate implementation in Extensions
* CVE-2022-1863: Use after free in Tab Groups
* CVE-2022-1864: Use after free in WebApp Installs
* CVE-2022-1865: Use after free in Bookmarks
* CVE-2022-1866: Use after free in Tablet Mode
* CVE-2022-1867: Insufficient validation of untrusted input in Data
Transfer
* CVE-2022-1868: Inappropriate implementation in Extensions API
* CVE-2022-1869: Type Confusion in V8
* CVE-2022-1870: Use after free in App Service
* CVE-2022-1871: Insufficient policy enforcement in File System API
* CVE-2022-1872: Insufficient policy enforcement in Extensions API
* CVE-2022-1873: Insufficient policy enforcement in COOP
* CVE-2022-1874: Insufficient policy enforcement in Safe Browsing
* CVE-2022-1875: Inappropriate implementation in PDF
* CVE-2022-1876: Heap buffer overflow in DevTools
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10009=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 x86_64):
chromedriver-102.0.5005.115-bp153.2.101.1
chromedriver-debuginfo-102.0.5005.115-bp153.2.101.1
chromium-102.0.5005.115-bp153.2.101.1
chromium-debuginfo-102.0.5005.115-bp153.2.101.1
References:
https://www.suse.com/security/cve/CVE-2022-1853.html
https://www.suse.com/security/cve/CVE-2022-1854.html
https://www.suse.com/security/cve/CVE-2022-1855.html
https://www.suse.com/security/cve/CVE-2022-1856.html
https://www.suse.com/security/cve/CVE-2022-1857.html
https://www.suse.com/security/cve/CVE-2022-1858.html
https://www.suse.com/security/cve/CVE-2022-1859.html
https://www.suse.com/security/cve/CVE-2022-1860.html
https://www.suse.com/security/cve/CVE-2022-1861.html
https://www.suse.com/security/cve/CVE-2022-1862.html
https://www.suse.com/security/cve/CVE-2022-1863.html
https://www.suse.com/security/cve/CVE-2022-1864.html
https://www.suse.com/security/cve/CVE-2022-1865.html
https://www.suse.com/security/cve/CVE-2022-1866.html
https://www.suse.com/security/cve/CVE-2022-1867.html
https://www.suse.com/security/cve/CVE-2022-1868.html
https://www.suse.com/security/cve/CVE-2022-1869.html
https://www.suse.com/security/cve/CVE-2022-1870.html
https://www.suse.com/security/cve/CVE-2022-1871.html
https://www.suse.com/security/cve/CVE-2022-1872.html
https://www.suse.com/security/cve/CVE-2022-1873.html
https://www.suse.com/security/cve/CVE-2022-1874.html
https://www.suse.com/security/cve/CVE-2022-1875.html
https://www.suse.com/security/cve/CVE-2022-1876.html
https://www.suse.com/security/cve/CVE-2022-2007.html
https://www.suse.com/security/cve/CVE-2022-2008.html
https://www.suse.com/security/cve/CVE-2022-2010.html
https://www.suse.com/security/cve/CVE-2022-2011.html
https://bugzilla.suse.com/1199893
https://bugzilla.suse.com/1200139
https://bugzilla.suse.com/1200423
1
0
SUSE-SU-2022:2078-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 14 Jun '22
by opensuse-security@opensuse.org 14 Jun '22
14 Jun '22
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2078-1
Rating: important
References: #1055117 #1061840 #1065729 #1103269 #1118212
#1153274 #1154353 #1156395 #1158266 #1167773
#1176447 #1178134 #1180100 #1183405 #1188885
#1195826 #1196426 #1196478 #1196570 #1196840
#1197446 #1197472 #1197601 #1197675 #1198438
#1198577 #1198971 #1198989 #1199035 #1199052
#1199063 #1199114 #1199314 #1199505 #1199507
#1199564 #1199626 #1199631 #1199650 #1199670
#1199839 #1200019 #1200045 #1200046 #1200192
#1200216 SLE-13521 SLE-16387
Cross-References: CVE-2019-19377 CVE-2021-33061 CVE-2022-0168
CVE-2022-1184 CVE-2022-1652 CVE-2022-1729
CVE-2022-1972 CVE-2022-20008 CVE-2022-21123
CVE-2022-21125 CVE-2022-21127 CVE-2022-21166
CVE-2022-21180 CVE-2022-30594
CVSS scores:
CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-0168 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CVE-2022-1972 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20008 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-20008 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Availability 15-SP3
SUSE Linux Enterprise High Performance Computing
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Legacy Software 15-SP3
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Server
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 14 vulnerabilities, contains two
features and has 32 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-0168: Fixed a NULL pointer dereference in
smb2_ioctl_query_info. (bsc#1197472)
- CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to
uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564)
- CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to
privilege escalation. (bsc#1200019)
- CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2019-19377: Fixed an user-after-free that could be triggered when an
attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
- CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self
(bsc#1199507).
- CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when
mounting and operating on a corrupted image. (bsc#1198577)
- CVE-2022-1652: Fixed a statically allocated error counter inside the
floppy kernel module (bsc#1199063).
- CVE-2022-30594: Fixed restriction bypass on setting the
PT_SUSPEND_SECCOMP flag (bnc#1199505).
- CVE-2021-33061: Fixed insufficient control flow management for the
Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed
an authenticated user to potentially enable denial of service via local
access (bnc#1196426).
The following non-security bugs were fixed:
- ACPI: property: Release subnode properties with data nodes (git-fixes).
- ALSA: ctxfi: Add SB046x PCI ID (git-fixes).
- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
(git-fixes).
- ALSA: hda - fix unused Realtek function when PM is not enabled
(git-fixes).
- ALSA: hda/realtek - Add new type for ALC245 (git-fixes).
- ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
(git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop
(git-fixes).
- ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes).
- ALSA: pcm: Check for null pointer of pointer substream before
dereferencing it (git-fixes).
- ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes).
- ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes).
- ALSA: usb-audio: Configure sync endpoints before data (git-fixes).
- ALSA: usb-audio: Fix undefined behavior due to shift overflowing the
constant (git-fixes).
- ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes).
- ALSA: wavefront: Proper check of get_user() error (git-fixes).
- ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling
(git-fixes)
- ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes)
- ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes)
- ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes)
- ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes)
- ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes)
- ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes)
- ARM: dts: at91: fix pinctrl phandles (git-fixes)
- ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes)
- ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes)
- ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes)
- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes)
- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes)
- ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED
(git-fixes)
- ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C
(git-fixes)
- ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes)
- ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes)
- ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes)
- ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group
(git-fixes)
- ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes)
- ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes)
- ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes)
- ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes)
- ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes)
- ARM: dts: meson: Fix the UART compatible strings (git-fixes)
- ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes)
- ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes)
- ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes)
- ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes)
- ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes)
- ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes)
- arm: mediatek: select arch timer for mt7629 (git-fixes)
- ARM: omap: remove debug-leds driver (git-fixes)
- ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes)
- ARM: socfpga: dts: fix qspi node compatible (git-fixes)
- ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes)
- ARM: tegra: Move panels to AUX bus (git-fixes)
- arm64: dts: broadcom: Fix sata nodename (git-fixes)
- arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes)
- arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes)
- arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes).
- arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions
(git-fixes)
- arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes)
- ASoC: atmel-classd: Remove endianness flag on class d component
(git-fixes).
- ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes).
- ASoC: da7219: Fix change notifications for tone generator frequency
(git-fixes).
- ASoC: dmaengine: Restore NULL prepare_slave_config() callback
(git-fixes).
- ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes).
- ASoC: max98090: Generate notifications on changes for custom control
(git-fixes).
- ASoC: max98090: Move check for invalid values before casting in
max98090_put_enab_tlv() (git-fixes).
- ASoC: max98090: Reject invalid values in custom control put()
(git-fixes).
- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
(git-fixes).
- ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
(git-fixes).
- ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes).
- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes).
- ASoC: ops: Validate input values in snd_soc_put_volsw_range()
(git-fixes).
- ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes).
- ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
(git-fixes).
- ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes).
- ASoC: wm2000: fix missing clk_disable_unprepare() on error in
wm2000_anc_transition() (git-fixes).
- ASoC: wm8958: Fix change notifications for DSP controls (git-fixes).
- assoc_array: Fix BUG_ON during garbage collect (git-fixes).
- ata: pata_hpt37x: fix PCI clock detection (git-fixes).
- ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes).
- ath9k_htc: fix potential out of bounds access with invalid
rxstatus->rs_keyix (git-fixes).
- ath9k: fix ar9003_get_eepmisc (git-fixes).
- batman-adv: Do not skb_split skbuffs with frag_list (git-fixes).
- blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045).
- Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed
(git-fixes).
- Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
(git-fixes).
- Bluetooth: Fix the creation of hdev->name (git-fixes).
- Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes).
- bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag
(jsc#SLE-8371 bsc#1153274).
- bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075).
- brcmfmac: sdio: Fix undefined behavior due to shift overflowing the
constant (git-fixes).
- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create()
(git-fixes).
- bus: ti-sysc: Fix warnings for unbind for serial (git-fixes).
- can: grcan: grcan_close(): fix deadlock (git-fixes).
- can: grcan: use ofdev->dev when allocating DMA memory (git-fixes).
- carl9170: tx: fix an incorrect use of list iterator (git-fixes).
- ceph: fix setting of xattrs on async created inodes (bsc#1200192).
- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in
cpuset_init_smp() (bsc#1199839).
- clk: at91: generated: consider range when calculating best rate
(git-fixes).
- clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes).
- clk: imx8mp: fix usb_root_clk parent (git-fixes).
- clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes).
- clk: sunxi: sun9i-mmc: check return value after calling
platform_get_resource() (git-fixes).
- copy_process(): Move fd_install() out of sighand->siglock critical
section (bsc#1199626).
- crypto: caam - fix i.MX6SX entropy delay value (git-fixes).
- crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes).
- crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes).
- crypto: x86 - eliminate anonymous module_init and module_exit
(git-fixes).
- crypto: x86/chacha20 - Avoid spurious jumps to other functions
(git-fixes).
- dim: initialize all struct fields (git-fixes).
- dmaengine: idxd: Fix the error handling path in idxd_cdev_register()
(git-fixes).
- dmaengine: stm32-mdma: remove GISR1 register (git-fixes).
- docs: powerpc: Fix misspellings and grammar errors (bsc#1055117
ltc#159753).
- docs: submitting-patches: Fix crossref to 'The canonical patch format'
(git-fixes).
- drbd: fix an invalid memory access caused by incorrect use of list
iterator (git-fixes).
- drbd: fix duplicate array initializer (git-fixes).
- drbd: Fix five use after free bugs in get_initial_state (git-fixes).
- drbd: remove assign_p_sizes_qlim (git-fixes).
- drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes).
- drbd: use bdev_alignment_offset instead of queue_alignment_offset
(git-fixes).
- driver: core: fix deadlock in __device_attach (git-fixes).
- driver: base: fix UAF when driver_attach failed (git-fixes).
- drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION()
(git-fixes)
- drivers/base/memory: fix an unlikely reference counting issue in
__add_memory_block() (git-fixes).
- drivers/base/node.c: fix compaction sysfs file leak (git-fixes).
- drm: mali-dp: potential dereference of null pointer (git-fixes).
- drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes).
- drm: sti: do not use kernel-doc markers (git-fixes).
- drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version,
environment} types (git-fixes).
- drm/amdkfd: Fix GWS queue count (git-fixes).
- drm/blend: fix typo in the comment (git-fixes).
- drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes).
- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
(git-fixes).
- drm/bridge: Fix error handling in analogix_dp_probe (git-fixes).
- drm/edid: fix invalid EDID extension block filtering (git-fixes).
- drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes).
- drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes).
- drm/komeda: Fix an undefined behavior bug in komeda_plane_add()
(git-fixes).
- drm/mediatek: Fix mtk_cec_mask() (git-fixes).
- drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
(git-fixes).
- drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes).
- drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory
free during pm runtime resume (git-fixes).
- drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes).
- drm/msm/dsi: fix error checks and return values for DSI xmit functions
(git-fixes).
- drm/msm/hdmi: check return value after calling
platform_get_resource_byname() (git-fixes).
- drm/msm/hdmi: fix error check return value of irq_of_parse_and_map()
(git-fixes).
- drm/msm/mdp5: check the return of kzalloc() (git-fixes).
- drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is
detected (git-fixes).
- drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is
detected (git-fixes).
- drm/nouveau: Fix a potential theorical leak in
nouveau_get_backlight_name() (git-fixes).
- drm/nouveau/clk: Fix an incorrect NULL check on list iterator
(git-fixes).
- drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list
iterator (git-fixes).
- drm/nouveau/tegra: Stop using iommu_present() (git-fixes).
- drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01
(git-fixes).
- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes).
- drm/vc4: hvs: Reset muxes at probe time (git-fixes).
- drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes).
- drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes).
- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes).
- EDAC/synopsys: Read the error count from the correct register
(bsc#1178134).
- firewire: core: extend card->lock in fw_core_handle_bus_reset
(git-fixes).
- firewire: fix potential uaf in outbound_phy_packet_callback()
(git-fixes).
- firewire: remove check of list iterator against head past the loop body
(git-fixes).
- firmware: arm_scmi: Fix list protocols enumeration in the base protocol
(git-fixes).
- firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response
(git-fixes).
- firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
(git-fixes).
- firmware: stratix10-svc: fix a missing check on list iterator
(git-fixes).
- genirq: Fix reference leaks on irq affinity notifiers (git-fixes)
- genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes)
- genirq/affinity: Consider that CPUs on nodes can be (git-fixes)
- genirq/affinity: Handle affinity setting on inactive (git-fixes)
- genirq/msi: Ensure deactivation on teardown (git-fixes)
- genirq/proc: Reject invalid affinity masks (again) (git-fixes)
- genirq/timings: Fix error return code in (git-fixes)
- genirq/timings: Prevent potential array overflow in (git-fixes)
- gma500: fix an incorrect NULL check on list iterator (git-fixes).
- gpio: adp5588: Remove support for platform setup and teardown callbacks
(git-fixes).
- gpio: gpio-vf610: do not touch other bits when set the target bit
(git-fixes).
- gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes).
- gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask
not set) (git-fixes).
- gpio: pca953x: use the correct register address to do regcache sync
(git-fixes).
- gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes).
- hex2bin: fix access beyond string end (git-fixes).
- HID: elan: Fix potential double free in elan_input_configured
(git-fixes).
- HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes).
- hinic: fix bug of wq out of bound access (bsc#1176447).
- hwmon: (f71882fg) Fix negative temperature (git-fixes).
- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes).
- hwmon: (tmp401) Add OF device ID table (git-fixes).
- i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes).
- i2c: at91: use dma safe buffers (git-fixes).
- i2c: mt7621: fix missing clk_disable_unprepare() on error in
mtk_i2c_probe() (git-fixes).
- i40e: stop disabling VFs due to PF error responses (git-fixes).
- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (jsc#SLE-12878).
- ice: Clear default forwarding VSI during VSI release (jsc#SLE-12878).
- ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (jsc#SLE-7926).
- ice: Fix race conditions between virtchnl handling and VF ndo ops
(git-fixes).
- ice: synchronize_rcu() when terminating rings (jsc#SLE-7926).
- iio: adc: ad7124: Remove shift from scan_type (git-fixes).
- iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes).
- iio: adc: sc27xx: fix read big scale voltage not right (git-fixes).
- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check
(git-fixes).
- iio: dac: ad5446: Fix read_raw not returning set value (git-fixes).
- iio: dac: ad5592r: Fix the missing return value (git-fixes).
- iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on()
(git-fixes).
- Input: add bounds checking to input_set_capability() (git-fixes).
- Input: ili210x - fix reset timing (git-fixes).
- Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes).
- Input: stmfts - do not leave device disabled in stmfts_input_open
(git-fixes).
- Input: stmfts - fix reference leak in stmfts_input_open (git-fixes).
- iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052).
- ionic: avoid races in ionic_heartbeat_check (bsc#1167773).
- ionic: Cleanups in the Tx hotpath code (bsc#1167773).
- ionic: disable napi when ionic_lif_init() fails (bsc#1167773).
- ionic: Do not send reset commands if FW isn't running (bsc#1167773).
- ionic: fix missing pci_release_regions() on error in ionic_probe()
(bsc#1167773).
- ionic: fix type complaint in ionic_dev_cmd_clean() (jsc#SLE-16649).
- ionic: monitor fw status generation (bsc#1167773).
- ionic: remove the dbid_inuse bitmap (bsc#1167773).
- ionic: start watchdog after all is setup (bsc#1167773).
- ivtv: fix incorrect device_caps for ivtvfb (git-fixes).
- iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes).
- iwlwifi: mvm: fix the return type for DSM functions 1 and 2 (git-fixes).
- jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971).
- kABI: ivtv: restore caps member (git-fixes).
- KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
- KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state
(git-fixes).
- lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes).
- lan743x: remove redundant assignment to variable rx_process_result
(git-fixes).
- lib/raid6/test: fix multiple definition linking error (git-fixes).
- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
(git-fixes).
- mac80211: fix rx reordering with non explicit / psmp ack policy
(git-fixes).
- mac80211: Reset MBSSID parameters upon connection (git-fixes).
- media: davinci: Make use of the helper function
devm_platform_ioremap_resource() (git-fixes).
- media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes).
- media: davinci: vpif: fix use-after-free on driver unbind (git-fixes).
- media: media-entity.h: Fix documentation for media_create_intf_link
(git-fixes).
- media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes).
- media: platform: add missing put_device() call in mtk_jpeg_probe() and
mtk_jpeg_remove() (git-fixes).
- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
(git-fixes).
- media: saa7134: fix incorrect use to determine if list is empty
(git-fixes).
- media: uvcvideo: Fix missing check to determine if element is found in
list (git-fixes).
- media: videobuf2: Fix the size printk format (git-fixes).
- media: vim2m: Register video device after setting up internals
(git-fixes).
- mfd: ipaq-micro: Fix error check return value of platform_get_irq()
(git-fixes).
- misc: ocxl: fix possible double free in ocxl_file_register_afu
(git-fixes).
- mm, page_alloc: fix build_zonerefs_node() (git-fixes).
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove()
(jsc#SLE-15176, jsc#SLE-16387).
- mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD
(git-fixes).
- mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
(git-fixes).
- mt76: Fix undefined behavior due to shift overflowing the constant
(git-fixes).
- mt76: mt7663s: fix rx buffer refcounting (git-fixes).
- mtd: rawnand: fix ecc parameters for mt7622 (git-fixes).
- mtd: rawnand: Fix return value check of wait_for_completion_timeout
(git-fixes).
- mtd: spi-nor: core: Check written SR value in
spi_nor_write_16bit_sr_and_check() (git-fixes).
- net: bcmgenet: Fix a resource leak in an error handling path in the
probe functin (git-fixes).
- net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs
(git-fixes).
- net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes).
- net: ethernet: Fix memleak in ethoc_probe (git-fixes).
- net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered
(git-fixes).
- net: hdlc_ppp: Fix issues when mod_timer is called while timer is
running (git-fixes).
- net: hns3: add a check for index in hclge_get_rss_key() (git-fixes).
- net: hns3: clear inited state and stop client after failed to register
netdev (bsc#1154353).
- net: hns3: fix bug when PF set the duplicate MAC address for VFs
(jsc#SLE-14777).
- net: hns3: fix kernel crash when unload VF while it is being reset
(git-fixes).
- net: korina: fix return value (git-fixes).
- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
(bsc#1183405).
- net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes).
- net: stmmac: dwmac-sun8i: Balance internal PHY resource references
(git-fixes).
- net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes).
- net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes).
- net/mlx5: Fix a race on command flush flow (jsc#SLE-15172).
- net/mlx5e: Fix the calling of update_buffer_lossy() API (jsc#SLE-15172).
- netdevice: demote the type of some dev_addr_set() helpers (bsc#1200216).
- netfilter: conntrack: connection timeout after re-register (bsc#1199035).
- netfilter: conntrack: move synack init code to helper (bsc#1199035).
- netfilter: conntrack: re-init state for retransmitted syn-ack
(bsc#1199035).
- netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
(bsc#1199035).
- netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035).
- netfilter: nft_set_rbtree: overlap detection with element re-addition
after deletion (bsc#1176447).
- NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx
(git-fixes).
- NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
(git-fixes).
- NFC: netlink: fix sleep in atomic bug when firmware download timeout
(git-fixes).
- NFC: nfcmrvl: main: reorder destructive operations in
nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes).
- NFC: NULL out the dev->rfkill to prevent UAF (git-fixes).
- NFS: limit use of ACCESS cache for negative responses (bsc#1196570).
- NFS: Do not invalidate inode attributes on delegation return (git-fixes).
- nl80211: show SSID for P2P_GO interfaces (git-fixes).
- nvdimm/region: always show the 'align' attribute (bsc#1199114).
- nvme-tcp: allow selecting the network interface for connections
(bsc#1199670).
- nvme-tcp: use __dev_get_by_name instead dev_get_by_name for
OPT_HOST_IFACE (bsc#1199670).
- objtool: Fix type of reloc::addend (git-fixes).
- PCI: aardvark: Clear all MSIs at setup (git-fixes).
- PCI: cadence: Fix find_first_zero_bit() limit (git-fixes).
- PCI: Do not enable AtomicOps on VFs (git-fixes).
- PCI: dwc: Fix setting error return on MSI DMA mapping failure
(git-fixes).
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time
(bsc#1199314).
- PCI: imx6: Fix PERST# start-up sequence (git-fixes).
- PCI: iproc: Set affinity mask on MSI interrupts (git-fixes).
- PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes).
- PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes).
- PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes).
- PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes).
- PCI/PM: Power up all devices during runtime resume (git-fixes).
- phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe
(git-fixes).
- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes).
- phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes).
- phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes).
- phy: samsung: exynos5250-sata: fix missing device put in probe error
paths (git-fixes).
- phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
(git-fixes).
- phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe
(git-fixes).
- phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks
(git-fixes).
- pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes).
- pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes).
- pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes).
- pinctrl/rockchip: support deferring other gpio params (git-fixes).
- ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826).
- ping: remove pr_err from ping_lookup (bsc#1195826).
- platform/chrome: cros_ec_debugfs: detach log reader wq from devm
(git-fixes).
- platform/x86: samsung-laptop: Fix an unsigned comparison which can never
be negative (git-fixes).
- powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117
ltc#159753).
- powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521
git-fixes).
- powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask
(bsc#1061840 git-fixes).
- powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395).
- powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269
ltc#169948 git-fixes).
- powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885
ltc#193722 git-fixes).
- powerpc/powernv: Get L1D flush requirements from device-tree
(bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Get STF barrier requirements from device-tree
(bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess
flushes (bsc#1188885 ltc#193722 git-fixes).
- powerpc/xive: Add some error handling code to 'xive_spapr_init()'
(git-fixes).
- powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes).
- pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes).
- pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes).
- qlcnic: Fix error code in probe (git-fixes).
- regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET
(git-fixes).
- regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
(git-fixes).
- reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes).
- revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438).
- rtc: fix use-after-free on device removal (git-fixes).
- rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes).
- rtc: mt6397: check return value after calling platform_get_resource()
(git-fixes).
- sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes).
- sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl
(git-fixes).
- sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes)
- sched/topology: Skip updating masks for non-online nodes (bsc#1197446
ltc#183000).
- scsi: dc395x: Fix a missing check on list iterator (git-fixes).
- scsi: fnic: Fix a tracing statement (git-fixes).
- scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631).
- scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes).
- scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045).
- scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045).
- scsi: lpfc: Change VMID registration to be based on fabric parameters
(bsc#1200045).
- scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI
(bsc#1200045).
- scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045).
- scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE
(bsc#1200045 bsc#1198989 bsc#1197675).
- scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045).
- scsi: lpfc: Decrement outstanding gidft_inp counter if
lpfc_err_lost_link() (bsc#1200045).
- scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE
(bsc#1200045).
- scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045).
- scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els()
(bsc#1200045).
- scsi: lpfc: Fix call trace observed during I/O with CMF enabled
(bsc#1200045).
- scsi: lpfc: Fix diagnostic fw logging after a function reset
(bsc#1200045).
- scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event()
(bsc#1200045).
- scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4()
(bsc#1200045).
- scsi: lpfc: Fix field overload in lpfc_iocbq data structure
(bsc#1200045).
- scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045).
- scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI
and PLOGI (bsc#1200045).
- scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp()
(bsc#1200045).
- scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock
(bsc#1200045).
- scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045 bsc#1198989
bsc#1197675).
- scsi: lpfc: Inhibit aborts if external loopback plug is inserted
(bsc#1200045).
- scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN
completion (bsc#1200045).
- scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg()
(bsc#1200045).
- scsi: lpfc: Move MI module parameter check to handle dynamic disable
(bsc#1200045).
- scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT
(bsc#1200045).
- scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045).
- scsi: lpfc: Register for Application Services FC-4 type in Fabric
topology (bsc#1200045).
- scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports
(bsc#1200045).
- scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045).
- scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe()
(bsc#1200045).
- scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path
(bsc#1200045).
- scsi: lpfc: Remove unneeded variable (bsc#1200045).
- scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down
(bsc#1200045).
- scsi: lpfc: Revise FDMI reporting of supported port speed for trunk
groups (bsc#1200045).
- scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045).
- scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or
aborted (bsc#1200045).
- scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan
(bsc#1200045).
- scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB
submit (bsc#1200045).
- scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045).
- scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045).
- scsi: lpfc: Update stat accounting for READ_STATUS mbox command
(bsc#1200045).
- scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check()
(bsc#1200045).
- scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O
(bsc#1200045).
- scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045).
- scsi: pm8001: Fix abort all task initialization (git-fixes).
- scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
(git-fixes).
- scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
(git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req()
(git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req()
(git-fixes).
- scsi: pm8001: Fix le32 values handling in
pm80xx_set_sas_protocol_timer_config() (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes).
- scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update()
(git-fixes).
- scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
(git-fixes).
- scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes).
- scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes).
- scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046).
- scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046).
- scsi: qla2xxx: Remove free_sg command flag (bsc#1200046).
- scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046).
- scsi: sr: Do not leak information in ioctl (git-fixes).
- scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes).
- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
(git-fixes).
- scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes).
- scsi: virtio-scsi: Eliminate anonymous module_init & module_exit
(git-fixes).
- scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes).
- selftests: firmware: Use smaller dictionary for XZ compression
(git-fixes).
- serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes).
- serial: 8250_mtk: Fix register address for XON/XOFF character
(git-fixes).
- serial: 8250_mtk: Fix UART_EFR register address (git-fixes).
- serial: 8250: Also set sticky MCR bits in console restoration
(git-fixes).
- serial: 8250: core: Remove unneeded <linux/pm_runtime.h> (git-fixes).
- serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
(git-fixes).
- serial: 8250: pxa: Remove unneeded <linux/pm_runtime.h> (git-fixes).
- serial: digicolor-usart: Do not allow CS5-6 (git-fixes).
- serial: imx: fix overrun interrupts in DMA mode (git-fixes).
- serial: meson: acquire port->lock in startup() (git-fixes).
- serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes).
- serial: rda-uart: Do not allow CS5-6 (git-fixes).
- serial: sh-sci: Do not allow CS5-6 (git-fixes).
- serial: sifive: Sanitize CSIZE and c_iflag (git-fixes).
- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes).
- serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes).
- serial: txx9: Do not allow CS5-6 (git-fixes).
- slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes).
- smp: Fix offline cpu check in flush_smp_call_function_queue()
(git-fixes).
- smsc911x: allow using IRQ0 (git-fixes).
- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
(git-fixes).
- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes).
- soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes).
- spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes).
- spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes).
- spi: spi-fsl-qspi: check return value after calling
platform_get_resource_byname() (git-fixes).
- spi: spi-ti-qspi: Fix return value handling of
wait_for_completion_timeout (git-fixes).
- staging: fieldbus: Fix the error handling path in
anybuss_host_common_probe() (git-fixes).
- SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
- SUNRPC: Ensure that the gssproxy client can start in a connected state
(git-fixes).
- thermal: int340x: Fix attr.show callback prototype (git-fixes).
- thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes).
- thermal/drivers/broadcom: Fix potential NULL dereference in
sr_thermal_probe (git-fixes).
- timekeeping: Really make sure wall_to_monotonic isn't (git-fixes)
- timers: Fix warning condition in __run_timers() (git-fixes)
- tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes).
- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
(bsc#1065729).
- tracing: Fix potential double free in create_var_ref() (git-fixes).
- tracing: Fix return value of trace_pid_write() (git-fixes).
- tty: fix deadlock caused by calling printk() under tty_port->lock
(git-fixes).
- tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes).
- tty: serial: fsl_lpuart: fix potential bug when using both
of_alias_get_id and ida_simple_get (git-fixes).
- tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe
(git-fixes).
- tty/serial: digicolor: fix possible null-ptr-deref in
digicolor_uart_probe() (git-fixes).
- usb: cdc-wdm: fix reading stuck on device close (git-fixes).
- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes).
- usb: ehci-omap: drop unused ehci_read() function (git-fixes).
- usb: gadget: configfs: clear deactivation flag in
configfs_composite_unbind() (git-fixes).
- usb: misc: fix improper handling of refcount in uss720_probe()
(git-fixes).
- usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes).
- usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes).
- usb: quirks: add a Realtek card reader (git-fixes).
- usb: quirks: add STRING quirk for VCOM device (git-fixes).
- usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes).
- usb: serial: option: add Fibocom L610 modem (git-fixes).
- usb: serial: option: add Fibocom MA510 modem (git-fixes).
- usb: serial: option: add support for Cinterion MV32-WA/MV32-WB
(git-fixes).
- usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
(git-fixes).
- usb: serial: pl2303: add device id for HP LM930 Display (git-fixes).
- usb: serial: qcserial: add support for Sierra Wireless EM7590
(git-fixes).
- usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
(git-fixes).
- usb: storage: karma: fix rio_karma_init return (git-fixes).
- usb: typec: mux: Check dev_set_name() return value (git-fixes).
- usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes).
- usb: typec: ucsi: Fix reuse of completion structure (git-fixes).
- usb: typec: ucsi: Fix role swapping (git-fixes).
- usb: usbip: add missing device lock on tweak configuration cmd
(git-fixes).
- usb: usbip: fix a refcount leak in stub_probe() (git-fixes).
- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
(git-fixes).
- watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes).
- wifi: mac80211: fix use-after-free in chanctx code (git-fixes).
- wireguard: device: check for metadata_dst with skb_valid_dst()
(git-fixes).
- xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms
(git-fixes).
- xhci: stop polling roothubs after shutdown (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2078=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2078=1
- SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2078=1
- SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2078=1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2078=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2078=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2078=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2078=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2078=1
- SUSE Linux Enterprise High Availability 15-SP3:
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2078=1
Package List:
- openSUSE Leap 15.4 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-150300.59.71.2
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.71.2
dlm-kmp-preempt-5.3.18-150300.59.71.2
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.71.2
gfs2-kmp-preempt-5.3.18-150300.59.71.2
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.71.2
kernel-preempt-5.3.18-150300.59.71.2
kernel-preempt-debuginfo-5.3.18-150300.59.71.2
kernel-preempt-debugsource-5.3.18-150300.59.71.2
kernel-preempt-devel-5.3.18-150300.59.71.2
kernel-preempt-devel-debuginfo-5.3.18-150300.59.71.2
kernel-preempt-extra-5.3.18-150300.59.71.2
kernel-preempt-extra-debuginfo-5.3.18-150300.59.71.2
kernel-preempt-livepatch-devel-5.3.18-150300.59.71.2
kernel-preempt-optional-5.3.18-150300.59.71.2
kernel-preempt-optional-debuginfo-5.3.18-150300.59.71.2
kselftests-kmp-preempt-5.3.18-150300.59.71.2
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.71.2
ocfs2-kmp-preempt-5.3.18-150300.59.71.2
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.71.2
reiserfs-kmp-preempt-5.3.18-150300.59.71.2
reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.71.2
- openSUSE Leap 15.4 (aarch64):
dtb-al-5.3.18-150300.59.71.1
dtb-zte-5.3.18-150300.59.71.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-150300.59.71.2
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.71.2
dlm-kmp-default-5.3.18-150300.59.71.2
dlm-kmp-default-debuginfo-5.3.18-150300.59.71.2
gfs2-kmp-default-5.3.18-150300.59.71.2
gfs2-kmp-default-debuginfo-5.3.18-150300.59.71.2
kernel-default-5.3.18-150300.59.71.2
kernel-default-base-5.3.18-150300.59.71.2.150300.18.43.2
kernel-default-base-rebuild-5.3.18-150300.59.71.2.150300.18.43.2
kernel-default-debuginfo-5.3.18-150300.59.71.2
kernel-default-debugsource-5.3.18-150300.59.71.2
kernel-default-devel-5.3.18-150300.59.71.2
kernel-default-devel-debuginfo-5.3.18-150300.59.71.2
kernel-default-extra-5.3.18-150300.59.71.2
kernel-default-extra-debuginfo-5.3.18-150300.59.71.2
kernel-default-livepatch-5.3.18-150300.59.71.2
kernel-default-livepatch-devel-5.3.18-150300.59.71.2
kernel-default-optional-5.3.18-150300.59.71.2
kernel-default-optional-debuginfo-5.3.18-150300.59.71.2
kernel-obs-build-5.3.18-150300.59.71.2
kernel-obs-build-debugsource-5.3.18-150300.59.71.2
kernel-obs-qa-5.3.18-150300.59.71.1
kernel-syms-5.3.18-150300.59.71.1
kselftests-kmp-default-5.3.18-150300.59.71.2
kselftests-kmp-default-debuginfo-5.3.18-150300.59.71.2
ocfs2-kmp-default-5.3.18-150300.59.71.2
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.71.2
reiserfs-kmp-default-5.3.18-150300.59.71.2
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.71.2
- openSUSE Leap 15.3 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-150300.59.71.2
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.71.2
dlm-kmp-preempt-5.3.18-150300.59.71.2
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.71.2
gfs2-kmp-preempt-5.3.18-150300.59.71.2
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.71.2
kernel-preempt-5.3.18-150300.59.71.2
kernel-preempt-debuginfo-5.3.18-150300.59.71.2
kernel-preempt-debugsource-5.3.18-150300.59.71.2
kernel-preempt-devel-5.3.18-150300.59.71.2
kernel-preempt-devel-debuginfo-5.3.18-150300.59.71.2
kernel-preempt-extra-5.3.18-150300.59.71.2
kernel-preempt-extra-debuginfo-5.3.18-150300.59.71.2
kernel-preempt-livepatch-devel-5.3.18-150300.59.71.2
kernel-preempt-optional-5.3.18-150300.59.71.2
kernel-preempt-optional-debuginfo-5.3.18-150300.59.71.2
kselftests-kmp-preempt-5.3.18-150300.59.71.2
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.71.2
ocfs2-kmp-preempt-5.3.18-150300.59.71.2
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.71.2
reiserfs-kmp-preempt-5.3.18-150300.59.71.2
reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.71.2
- openSUSE Leap 15.3 (ppc64le x86_64):
kernel-debug-5.3.18-150300.59.71.2
kernel-debug-debuginfo-5.3.18-150300.59.71.2
kernel-debug-debugsource-5.3.18-150300.59.71.2
kernel-debug-devel-5.3.18-150300.59.71.2
kernel-debug-devel-debuginfo-5.3.18-150300.59.71.2
kernel-debug-livepatch-devel-5.3.18-150300.59.71.2
kernel-kvmsmall-5.3.18-150300.59.71.2
kernel-kvmsmall-debuginfo-5.3.18-150300.59.71.2
kernel-kvmsmall-debugsource-5.3.18-150300.59.71.2
kernel-kvmsmall-devel-5.3.18-150300.59.71.2
kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.71.2
kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.71.2
- openSUSE Leap 15.3 (aarch64):
cluster-md-kmp-64kb-5.3.18-150300.59.71.2
cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.71.2
dlm-kmp-64kb-5.3.18-150300.59.71.2
dlm-kmp-64kb-debuginfo-5.3.18-150300.59.71.2
dtb-al-5.3.18-150300.59.71.1
dtb-allwinner-5.3.18-150300.59.71.1
dtb-altera-5.3.18-150300.59.71.1
dtb-amd-5.3.18-150300.59.71.1
dtb-amlogic-5.3.18-150300.59.71.1
dtb-apm-5.3.18-150300.59.71.1
dtb-arm-5.3.18-150300.59.71.1
dtb-broadcom-5.3.18-150300.59.71.1
dtb-cavium-5.3.18-150300.59.71.1
dtb-exynos-5.3.18-150300.59.71.1
dtb-freescale-5.3.18-150300.59.71.1
dtb-hisilicon-5.3.18-150300.59.71.1
dtb-lg-5.3.18-150300.59.71.1
dtb-marvell-5.3.18-150300.59.71.1
dtb-mediatek-5.3.18-150300.59.71.1
dtb-nvidia-5.3.18-150300.59.71.1
dtb-qcom-5.3.18-150300.59.71.1
dtb-renesas-5.3.18-150300.59.71.1
dtb-rockchip-5.3.18-150300.59.71.1
dtb-socionext-5.3.18-150300.59.71.1
dtb-sprd-5.3.18-150300.59.71.1
dtb-xilinx-5.3.18-150300.59.71.1
dtb-zte-5.3.18-150300.59.71.1
gfs2-kmp-64kb-5.3.18-150300.59.71.2
gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.71.2
kernel-64kb-5.3.18-150300.59.71.2
kernel-64kb-debuginfo-5.3.18-150300.59.71.2
kernel-64kb-debugsource-5.3.18-150300.59.71.2
kernel-64kb-devel-5.3.18-150300.59.71.2
kernel-64kb-devel-debuginfo-5.3.18-150300.59.71.2
kernel-64kb-extra-5.3.18-150300.59.71.2
kernel-64kb-extra-debuginfo-5.3.18-150300.59.71.2
kernel-64kb-livepatch-devel-5.3.18-150300.59.71.2
kernel-64kb-optional-5.3.18-150300.59.71.2
kernel-64kb-optional-debuginfo-5.3.18-150300.59.71.2
kselftests-kmp-64kb-5.3.18-150300.59.71.2
kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.71.2
ocfs2-kmp-64kb-5.3.18-150300.59.71.2
ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.71.2
reiserfs-kmp-64kb-5.3.18-150300.59.71.2
reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.71.2
- openSUSE Leap 15.3 (noarch):
kernel-devel-5.3.18-150300.59.71.2
kernel-docs-5.3.18-150300.59.71.2
kernel-docs-html-5.3.18-150300.59.71.2
kernel-macros-5.3.18-150300.59.71.2
kernel-source-5.3.18-150300.59.71.2
kernel-source-vanilla-5.3.18-150300.59.71.2
- openSUSE Leap 15.3 (s390x):
kernel-zfcpdump-5.3.18-150300.59.71.2
kernel-zfcpdump-debuginfo-5.3.18-150300.59.71.2
kernel-zfcpdump-debugsource-5.3.18-150300.59.71.2
- SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
kernel-default-debuginfo-5.3.18-150300.59.71.2
kernel-default-debugsource-5.3.18-150300.59.71.2
kernel-default-extra-5.3.18-150300.59.71.2
kernel-default-extra-debuginfo-5.3.18-150300.59.71.2
kernel-preempt-debuginfo-5.3.18-150300.59.71.2
kernel-preempt-debugsource-5.3.18-150300.59.71.2
kernel-preempt-extra-5.3.18-150300.59.71.2
kernel-preempt-extra-debuginfo-5.3.18-150300.59.71.2
- SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):
kernel-default-debuginfo-5.3.18-150300.59.71.2
kernel-default-debugsource-5.3.18-150300.59.71.2
kernel-default-livepatch-5.3.18-150300.59.71.2
kernel-default-livepatch-devel-5.3.18-150300.59.71.2
kernel-livepatch-5_3_18-150300_59_71-default-1-150300.7.3.2
- SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-default-debuginfo-5.3.18-150300.59.71.2
kernel-default-debugsource-5.3.18-150300.59.71.2
reiserfs-kmp-default-5.3.18-150300.59.71.2
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.71.2
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-5.3.18-150300.59.71.2
kernel-obs-build-debugsource-5.3.18-150300.59.71.2
kernel-syms-5.3.18-150300.59.71.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):
kernel-preempt-debuginfo-5.3.18-150300.59.71.2
kernel-preempt-debugsource-5.3.18-150300.59.71.2
kernel-preempt-devel-5.3.18-150300.59.71.2
kernel-preempt-devel-debuginfo-5.3.18-150300.59.71.2
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):
kernel-docs-5.3.18-150300.59.71.2
kernel-source-5.3.18-150300.59.71.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-default-5.3.18-150300.59.71.2
kernel-default-base-5.3.18-150300.59.71.2.150300.18.43.2
kernel-default-debuginfo-5.3.18-150300.59.71.2
kernel-default-debugsource-5.3.18-150300.59.71.2
kernel-default-devel-5.3.18-150300.59.71.2
kernel-default-devel-debuginfo-5.3.18-150300.59.71.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):
kernel-preempt-5.3.18-150300.59.71.2
kernel-preempt-debuginfo-5.3.18-150300.59.71.2
kernel-preempt-debugsource-5.3.18-150300.59.71.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64):
kernel-64kb-5.3.18-150300.59.71.2
kernel-64kb-debuginfo-5.3.18-150300.59.71.2
kernel-64kb-debugsource-5.3.18-150300.59.71.2
kernel-64kb-devel-5.3.18-150300.59.71.2
kernel-64kb-devel-debuginfo-5.3.18-150300.59.71.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
kernel-devel-5.3.18-150300.59.71.2
kernel-macros-5.3.18-150300.59.71.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x):
kernel-zfcpdump-5.3.18-150300.59.71.2
kernel-zfcpdump-debuginfo-5.3.18-150300.59.71.2
kernel-zfcpdump-debugsource-5.3.18-150300.59.71.2
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
kernel-default-5.3.18-150300.59.71.2
kernel-default-base-5.3.18-150300.59.71.2.150300.18.43.2
kernel-default-debuginfo-5.3.18-150300.59.71.2
kernel-default-debugsource-5.3.18-150300.59.71.2
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
kernel-default-5.3.18-150300.59.71.2
kernel-default-base-5.3.18-150300.59.71.2.150300.18.43.2
kernel-default-debuginfo-5.3.18-150300.59.71.2
kernel-default-debugsource-5.3.18-150300.59.71.2
- SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-150300.59.71.2
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.71.2
dlm-kmp-default-5.3.18-150300.59.71.2
dlm-kmp-default-debuginfo-5.3.18-150300.59.71.2
gfs2-kmp-default-5.3.18-150300.59.71.2
gfs2-kmp-default-debuginfo-5.3.18-150300.59.71.2
kernel-default-debuginfo-5.3.18-150300.59.71.2
kernel-default-debugsource-5.3.18-150300.59.71.2
ocfs2-kmp-default-5.3.18-150300.59.71.2
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.71.2
References:
https://www.suse.com/security/cve/CVE-2019-19377.html
https://www.suse.com/security/cve/CVE-2021-33061.html
https://www.suse.com/security/cve/CVE-2022-0168.html
https://www.suse.com/security/cve/CVE-2022-1184.html
https://www.suse.com/security/cve/CVE-2022-1652.html
https://www.suse.com/security/cve/CVE-2022-1729.html
https://www.suse.com/security/cve/CVE-2022-1972.html
https://www.suse.com/security/cve/CVE-2022-20008.html
https://www.suse.com/security/cve/CVE-2022-21123.html
https://www.suse.com/security/cve/CVE-2022-21125.html
https://www.suse.com/security/cve/CVE-2022-21127.html
https://www.suse.com/security/cve/CVE-2022-21166.html
https://www.suse.com/security/cve/CVE-2022-21180.html
https://www.suse.com/security/cve/CVE-2022-30594.html
https://bugzilla.suse.com/1055117
https://bugzilla.suse.com/1061840
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1103269
https://bugzilla.suse.com/1118212
https://bugzilla.suse.com/1153274
https://bugzilla.suse.com/1154353
https://bugzilla.suse.com/1156395
https://bugzilla.suse.com/1158266
https://bugzilla.suse.com/1167773
https://bugzilla.suse.com/1176447
https://bugzilla.suse.com/1178134
https://bugzilla.suse.com/1180100
https://bugzilla.suse.com/1183405
https://bugzilla.suse.com/1188885
https://bugzilla.suse.com/1195826
https://bugzilla.suse.com/1196426
https://bugzilla.suse.com/1196478
https://bugzilla.suse.com/1196570
https://bugzilla.suse.com/1196840
https://bugzilla.suse.com/1197446
https://bugzilla.suse.com/1197472
https://bugzilla.suse.com/1197601
https://bugzilla.suse.com/1197675
https://bugzilla.suse.com/1198438
https://bugzilla.suse.com/1198577
https://bugzilla.suse.com/1198971
https://bugzilla.suse.com/1198989
https://bugzilla.suse.com/1199035
https://bugzilla.suse.com/1199052
https://bugzilla.suse.com/1199063
https://bugzilla.suse.com/1199114
https://bugzilla.suse.com/1199314
https://bugzilla.suse.com/1199505
https://bugzilla.suse.com/1199507
https://bugzilla.suse.com/1199564
https://bugzilla.suse.com/1199626
https://bugzilla.suse.com/1199631
https://bugzilla.suse.com/1199650
https://bugzilla.suse.com/1199670
https://bugzilla.suse.com/1199839
https://bugzilla.suse.com/1200019
https://bugzilla.suse.com/1200045
https://bugzilla.suse.com/1200046
https://bugzilla.suse.com/1200192
https://bugzilla.suse.com/1200216
1
0
SUSE-SU-2022:2079-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 14 Jun '22
by opensuse-security@opensuse.org 14 Jun '22
14 Jun '22
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2079-1
Rating: important
References: #1055117 #1061840 #1065729 #1103269 #1118212
#1152472 #1152489 #1153274 #1154353 #1156395
#1158266 #1167773 #1176447 #1178134 #1180100
#1183405 #1188885 #1195612 #1195651 #1195826
#1196426 #1196478 #1196570 #1196840 #1197446
#1197472 #1197601 #1197675 #1198438 #1198534
#1198577 #1198971 #1198989 #1199035 #1199052
#1199063 #1199114 #1199314 #1199505 #1199507
#1199564 #1199626 #1199631 #1199650 #1199670
#1199839 #1200019 #1200045 #1200046 #1200192
#1200216 SLE-13521 SLE-16387
Cross-References: CVE-2019-19377 CVE-2021-33061 CVE-2022-0168
CVE-2022-1184 CVE-2022-1652 CVE-2022-1729
CVE-2022-1972 CVE-2022-20008 CVE-2022-21123
CVE-2022-21125 CVE-2022-21127 CVE-2022-21166
CVE-2022-21180 CVE-2022-24448 CVE-2022-30594
CVSS scores:
CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-0168 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CVE-2022-1972 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20008 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-20008 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-24448 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2022-24448 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Public Cloud 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves 15 vulnerabilities, contains two
features and has 36 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to
privilege escalation. (bsc#1200019)
- CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self
(bsc#1199507).
- CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when
mounting and operating on a corrupted image. (bsc#1198577)
- CVE-2022-1652: Fixed a statically allocated error counter inside the
floppy kernel module (bsc#1199063).
- CVE-2022-30594: Fixed restriction bypass on setting the
PT_SUSPEND_SECCOMP flag (bnc#1199505).
- CVE-2021-33061: Fixed insufficient control flow management for the
Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed
an authenticated user to potentially enable denial of service via local
access (bnc#1196426).
- CVE-2019-19377: Fixed an user-after-free that could be triggered when an
attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
- CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to
uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564)
- CVE-2022-0168: Fixed a NULL pointer dereference in
smb2_ioctl_query_info. (bsc#1197472)
- CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY
flag, and tries to open a regular file, nfs_atomic_open() performs a
regular lookup. If a regular file is found, ENOTDIR should have occured,
but the server instead returned uninitialized data in the file
descriptor (bsc#1195612).
The following non-security bugs were fixed:
- ACPI: property: Release subnode properties with data nodes (git-fixes).
- ALSA: ctxfi: Add SB046x PCI ID (git-fixes).
- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
(git-fixes).
- ALSA: hda - fix unused Realtek function when PM is not enabled
(git-fixes).
- ALSA: hda/realtek - Add new type for ALC245 (git-fixes).
- ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
(git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop
(git-fixes).
- ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes).
- ALSA: pcm: Check for null pointer of pointer substream before
dereferencing it (git-fixes).
- ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes).
- ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes).
- ALSA: usb-audio: Configure sync endpoints before data (git-fixes).
- ALSA: usb-audio: Fix undefined behavior due to shift overflowing the
constant (git-fixes).
- ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes).
- ALSA: wavefront: Proper check of get_user() error (git-fixes).
- ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling
(git-fixes)
- ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes)
- ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes)
- ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes)
- ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes)
- ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes)
- ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes)
- ARM: dts: at91: fix pinctrl phandles (git-fixes)
- ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes)
- ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes)
- ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes)
- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes)
- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes)
- ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED
(git-fixes)
- ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C
(git-fixes)
- ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes)
- ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes)
- ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes)
- ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group
(git-fixes)
- ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes)
- ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes)
- ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes)
- ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes)
- ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes)
- ARM: dts: meson: Fix the UART compatible strings (git-fixes)
- ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes)
- ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes)
- ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes)
- ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes)
- ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes)
- ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes)
- ARM: mediatek: select arch timer for mt7629 (git-fixes)
- ARM: omap: remove debug-leds driver (git-fixes)
- ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes)
- ARM: socfpga: dts: fix qspi node compatible (git-fixes)
- ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes)
- ARM: tegra: Move panels to AUX bus (git-fixes)
- arm64: dts: broadcom: Fix sata nodename (git-fixes)
- arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes)
- arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes)
- arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes).
- arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions
(git-fixes)
- arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes)
- ASoC: atmel-classd: Remove endianness flag on class d component
(git-fixes).
- ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes).
- ASoC: da7219: Fix change notifications for tone generator frequency
(git-fixes).
- ASoC: dmaengine: Restore NULL prepare_slave_config() callback
(git-fixes).
- ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes).
- ASoC: max98090: Generate notifications on changes for custom control
(git-fixes).
- ASoC: max98090: Move check for invalid values before casting in
max98090_put_enab_tlv() (git-fixes).
- ASoC: max98090: Reject invalid values in custom control put()
(git-fixes).
- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
(git-fixes).
- ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
(git-fixes).
- ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes).
- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes).
- ASoC: ops: Validate input values in snd_soc_put_volsw_range()
(git-fixes).
- ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes).
- ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
(git-fixes).
- ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes).
- ASoC: wm2000: fix missing clk_disable_unprepare() on error in
wm2000_anc_transition() (git-fixes).
- ASoC: wm8958: Fix change notifications for DSP controls (git-fixes).
- assoc_array: Fix BUG_ON during garbage collect (git-fixes).
- ata: pata_hpt37x: fix PCI clock detection (git-fixes).
- ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes).
- ath9k_htc: fix potential out of bounds access with invalid
rxstatus->rs_keyix (git-fixes).
- ath9k: fix ar9003_get_eepmisc (git-fixes).
- backlight: qcom-wled: Respect enabled-strings in set_brightness
(bsc#1152489)
- batman-adv: Do not skb_split skbuffs with frag_list (git-fixes).
- blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045).
- Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed
(git-fixes).
- Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
(git-fixes).
- Bluetooth: Fix the creation of hdev->name (git-fixes).
- Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes).
- bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag
(jsc#SLE-8371 bsc#1153274).
- bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075).
- brcmfmac: sdio: Fix undefined behavior due to shift overflowing the
constant (git-fixes).
- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create()
(git-fixes).
- bus: ti-sysc: Fix warnings for unbind for serial (git-fixes).
- can: grcan: grcan_close(): fix deadlock (git-fixes).
- can: grcan: use ofdev->dev when allocating DMA memory (git-fixes).
- carl9170: tx: fix an incorrect use of list iterator (git-fixes).
- ceph: fix setting of xattrs on async created inodes (bsc#1200192).
- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in
cpuset_init_smp() (bsc#1199839).
- clk: at91: generated: consider range when calculating best rate
(git-fixes).
- clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes).
- clk: imx8mp: fix usb_root_clk parent (git-fixes).
- clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes).
- clk: sunxi: sun9i-mmc: check return value after calling
platform_get_resource() (git-fixes).
- copy_process(): Move fd_install() out of sighand->siglock critical
section (bsc#1199626).
- crypto: caam - fix i.MX6SX entropy delay value (git-fixes).
- crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes).
- crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes).
- crypto: x86 - eliminate anonymous module_init & module_exit (git-fixes).
- crypto: x86/chacha20 - Avoid spurious jumps to other functions
(git-fixes).
- dim: initialize all struct fields (git-fixes).
- dmaengine: idxd: Fix the error handling path in idxd_cdev_register()
(git-fixes).
- dmaengine: stm32-mdma: remove GISR1 register (git-fixes).
- docs: powerpc: Fix misspellings and grammar errors (bsc#1055117
ltc#159753).
- docs: submitting-patches: Fix crossref to 'The canonical patch format'
(git-fixes).
- drbd: fix an invalid memory access caused by incorrect use of list
iterator (git-fixes).
- drbd: fix duplicate array initializer (git-fixes).
- drbd: Fix five use after free bugs in get_initial_state (git-fixes).
- drbd: remove assign_p_sizes_qlim (git-fixes).
- drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes).
- drbd: use bdev_alignment_offset instead of queue_alignment_offset
(git-fixes).
- driver core: fix deadlock in __device_attach (git-fixes).
- driver: base: fix UAF when driver_attach failed (git-fixes).
- drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION()
(git-fixes)
- drivers/base/memory: fix an unlikely reference counting issue in
__add_memory_block() (git-fixes).
- drivers/base/node.c: fix compaction sysfs file leak (git-fixes).
- drm: mali-dp: potential dereference of null pointer (git-fixes).
- drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes).
- drm: sti: do not use kernel-doc markers (git-fixes).
- drm/amd/display: Fix memory leak in dcn21_clock_source_create
(bsc#1152472)
- drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version,
environment} types (git-fixes).
- drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489)
- drm/amdkfd: Fix GWS queue count (git-fixes).
- drm/blend: fix typo in the comment (git-fixes).
- drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes).
- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
(git-fixes).
- drm/bridge: Fix error handling in analogix_dp_probe (git-fixes).
- drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472)
- drm/edid: fix invalid EDID extension block filtering (git-fixes).
- drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472)
- drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489)
- drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes).
- drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes).
- drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489)
- drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489)
- drm/komeda: Fix an undefined behavior bug in komeda_plane_add()
(git-fixes).
- drm/mediatek: Fix mtk_cec_mask() (git-fixes).
- drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
(git-fixes).
- drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes).
- drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory
free during pm runtime resume (git-fixes).
- drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes).
- drm/msm/dsi: fix error checks and return values for DSI xmit functions
(git-fixes).
- drm/msm/hdmi: check return value after calling
platform_get_resource_byname() (git-fixes).
- drm/msm/hdmi: fix error check return value of irq_of_parse_and_map()
(git-fixes).
- drm/msm/mdp5: check the return of kzalloc() (git-fixes).
- drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is
detected (git-fixes).
- drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is
detected (git-fixes).
- drm/nouveau: Fix a potential theorical leak in
nouveau_get_backlight_name() (git-fixes).
- drm/nouveau/clk: Fix an incorrect NULL check on list iterator
(git-fixes).
- drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list
iterator (git-fixes).
- drm/nouveau/tegra: Stop using iommu_present() (git-fixes).
- drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01
(git-fixes).
- drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472)
- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes).
- drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534)
- drm/vc4: hvs: Reset muxes at probe time (git-fixes).
- drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes).
- drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes).
- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes).
- drm/vmwgfx: Remove unused compile options (bsc#1152472)
- EDAC/synopsys: Read the error count from the correct register
(bsc#1178134).
- firewire: core: extend card->lock in fw_core_handle_bus_reset
(git-fixes).
- firewire: fix potential uaf in outbound_phy_packet_callback()
(git-fixes).
- firewire: remove check of list iterator against head past the loop body
(git-fixes).
- firmware: arm_scmi: Fix list protocols enumeration in the base protocol
(git-fixes).
- firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response
(git-fixes).
- firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
(git-fixes).
- firmware: stratix10-svc: fix a missing check on list iterator
(git-fixes).
- Fix double fget() in vhost_net_set_backend() (git-fixes).
- genirq: Fix reference leaks on irq affinity notifiers (git-fixes)
- genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes)
- genirq/affinity: Consider that CPUs on nodes can be (git-fixes)
- genirq/affinity: Handle affinity setting on inactive (git-fixes)
- genirq/msi: Ensure deactivation on teardown (git-fixes)
- genirq/proc: Reject invalid affinity masks (again) (git-fixes)
- genirq/timings: Fix error return code in (git-fixes)
- genirq/timings: Prevent potential array overflow in (git-fixes)
- gma500: fix an incorrect NULL check on list iterator (git-fixes).
- gpio: adp5588: Remove support for platform setup and teardown callbacks
(git-fixes).
- gpio: gpio-vf610: do not touch other bits when set the target bit
(git-fixes).
- gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes).
- gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask
not set) (git-fixes).
- gpio: pca953x: use the correct register address to do regcache sync
(git-fixes).
- gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes).
- hex2bin: fix access beyond string end (git-fixes).
- HID: elan: Fix potential double free in elan_input_configured
(git-fixes).
- HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes).
- hinic: fix bug of wq out of bound access (bsc#1176447).
- hwmon: (f71882fg) Fix negative temperature (git-fixes).
- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes).
- hwmon: (tmp401) Add OF device ID table (git-fixes).
- i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes).
- i2c: at91: use dma safe buffers (git-fixes).
- i2c: mt7621: fix missing clk_disable_unprepare() on error in
mtk_i2c_probe() (git-fixes).
- i40e: stop disabling VFs due to PF error responses (git-fixes).
- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (jsc#SLE-12878).
- ice: Clear default forwarding VSI during VSI release (jsc#SLE-12878).
- ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (jsc#SLE-7926).
- ice: Fix race conditions between virtchnl handling and VF ndo ops
(git-fixes).
- ice: synchronize_rcu() when terminating rings (jsc#SLE-7926).
- iio: adc: ad7124: Remove shift from scan_type (git-fixes).
- iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes).
- iio: adc: sc27xx: fix read big scale voltage not right (git-fixes).
- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check
(git-fixes).
- iio: dac: ad5446: Fix read_raw not returning set value (git-fixes).
- iio: dac: ad5592r: Fix the missing return value (git-fixes).
- iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on()
(git-fixes).
- Input: add bounds checking to input_set_capability() (git-fixes).
- Input: ili210x - fix reset timing (git-fixes).
- Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes).
- Input: stmfts - do not leave device disabled in stmfts_input_open
(git-fixes).
- Input: stmfts - fix reference leak in stmfts_input_open (git-fixes).
- iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052).
- ionic: avoid races in ionic_heartbeat_check (bsc#1167773).
- ionic: Cleanups in the Tx hotpath code (bsc#1167773).
- ionic: disable napi when ionic_lif_init() fails (bsc#1167773).
- ionic: Do not send reset commands if FW isn't running (bsc#1167773).
- ionic: fix missing pci_release_regions() on error in ionic_probe()
(bsc#1167773).
- ionic: fix type complaint in ionic_dev_cmd_clean() (jsc#SLE-16649).
- ionic: monitor fw status generation (bsc#1167773).
- ionic: remove the dbid_inuse bitmap (bsc#1167773).
- ionic: start watchdog after all is setup (bsc#1167773).
- ivtv: fix incorrect device_caps for ivtvfb (git-fixes).
- iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes).
- iwlwifi: mvm: fix the return type for DSM functions 1 and 2 (git-fixes).
- jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971).
- kABI: ivtv: restore caps member (git-fixes).
- Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH
(git-fixes).
- KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
- KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state
(git-fixes).
- lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes).
- lan743x: remove redundant assignment to variable rx_process_result
(git-fixes).
- lib/raid6/test: fix multiple definition linking error (git-fixes).
- lpfc: Readd update to version 14.2.0.1 (bsc#1197675 bsc#1196478
bsc#1198989) The update was reverted due to some regression on older
hardware. These have been fixed in the meantime, thus update the driver.
- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
(git-fixes).
- mac80211: fix rx reordering with non explicit / psmp ack policy
(git-fixes).
- mac80211: Reset MBSSID parameters upon connection (git-fixes).
- media: davinci: Make use of the helper function
devm_platform_ioremap_resource() (git-fixes).
- media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes).
- media: davinci: vpif: fix use-after-free on driver unbind (git-fixes).
- media: media-entity.h: Fix documentation for media_create_intf_link
(git-fixes).
- media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes).
- media: platform: add missing put_device() call in mtk_jpeg_probe() and
mtk_jpeg_remove() (git-fixes).
- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
(git-fixes).
- media: saa7134: fix incorrect use to determine if list is empty
(git-fixes).
- media: uvcvideo: Fix missing check to determine if element is found in
list (git-fixes).
- media: videobuf2: Fix the size printk format (git-fixes).
- media: vim2m: Register video device after setting up internals
(git-fixes).
- mfd: ipaq-micro: Fix error check return value of platform_get_irq()
(git-fixes).
- misc: ocxl: fix possible double free in ocxl_file_register_afu
(git-fixes).
- mm, page_alloc: fix build_zonerefs_node() (git-fixes).
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove()
(jsc#SLE-15176, jsc#SLE-16387).
- mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD
(git-fixes).
- mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
(git-fixes).
- mt76: Fix undefined behavior due to shift overflowing the constant
(git-fixes).
- mt76: mt7663s: fix rx buffer refcounting (git-fixes).
- mtd: rawnand: fix ecc parameters for mt7622 (git-fixes).
- mtd: rawnand: Fix return value check of wait_for_completion_timeout
(git-fixes).
- mtd: spi-nor: core: Check written SR value in
spi_nor_write_16bit_sr_and_check() (git-fixes).
- net: bcmgenet: Fix a resource leak in an error handling path in the
probe functin (git-fixes).
- net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs
(git-fixes).
- net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes).
- net: ethernet: Fix memleak in ethoc_probe (git-fixes).
- net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered
(git-fixes).
- net: hdlc_ppp: Fix issues when mod_timer is called while timer is
running (git-fixes).
- net: hns3: add a check for index in hclge_get_rss_key() (git-fixes).
- net: hns3: clear inited state and stop client after failed to register
netdev (bsc#1154353).
- net: hns3: fix bug when PF set the duplicate MAC address for VFs
(jsc#SLE-14777).
- net: hns3: fix kernel crash when unload VF while it is being reset
(git-fixes).
- net: korina: fix return value (git-fixes).
- net: mana: Add counter for packet dropped by XDP (bsc#1195651).
- net: mana: Add counter for XDP_TX (bsc#1195651).
- net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
- net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe()
(bsc#1195651).
- net: mana: Reuse XDP dropped page (bsc#1195651).
- net: mana: Use struct_size() helper in mana_gd_create_dma_region()
(bsc#1195651).
- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
(bsc#1183405).
- net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes).
- net: stmmac: dwmac-sun8i: Balance internal PHY resource references
(git-fixes).
- net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes).
- net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes).
- net/mlx5: Fix a race on command flush flow (jsc#SLE-15172).
- net/mlx5e: Fix the calling of update_buffer_lossy() API (jsc#SLE-15172).
- netdevice: demote the type of some dev_addr_set() helpers (bsc#1200216).
- netfilter: conntrack: connection timeout after re-register (bsc#1199035).
- netfilter: conntrack: move synack init code to helper (bsc#1199035).
- netfilter: conntrack: re-init state for retransmitted syn-ack
(bsc#1199035).
- netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
(bsc#1199035).
- netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035).
- netfilter: nft_set_rbtree: overlap detection with element re-addition
after deletion (bsc#1176447).
- NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx
(git-fixes).
- NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
(git-fixes).
- NFC: netlink: fix sleep in atomic bug when firmware download timeout
(git-fixes).
- NFC: nfcmrvl: main: reorder destructive operations in
nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes).
- NFC: NULL out the dev->rfkill to prevent UAF (git-fixes).
- NFS: limit use of ACCESS cache for negative responses (bsc#1196570).
- NFSv4: Do not invalidate inode attributes on delegation return
(git-fixes).
- nl80211: show SSID for P2P_GO interfaces (git-fixes).
- nvdimm/region: always show the 'align' attribute (bsc#1199114).
- nvme-tcp: allow selecting the network interface for connections
(bsc#1199670).
- nvme-tcp: use __dev_get_by_name instead dev_get_by_name for
OPT_HOST_IFACE (bsc#1199670).
- objtool: Fix type of reloc::addend (git-fixes).
- PCI: aardvark: Clear all MSIs at setup (git-fixes).
- PCI: cadence: Fix find_first_zero_bit() limit (git-fixes).
- PCI: Do not enable AtomicOps on VFs (git-fixes).
- PCI: dwc: Fix setting error return on MSI DMA mapping failure
(git-fixes).
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time
(bsc#1199314).
- PCI: imx6: Fix PERST# start-up sequence (git-fixes).
- PCI: iproc: Set affinity mask on MSI interrupts (git-fixes).
- PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes).
- PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes).
- PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes).
- PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes).
- PCI/PM: Power up all devices during runtime resume (git-fixes).
- phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe
(git-fixes).
- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes).
- phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes).
- phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes).
- phy: samsung: exynos5250-sata: fix missing device put in probe error
paths (git-fixes).
- phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
(git-fixes).
- phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe
(git-fixes).
- phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks
(git-fixes).
- pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes).
- pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes).
- pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes).
- pinctrl/rockchip: support deferring other gpio params (git-fixes).
- ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826).
- ping: remove pr_err from ping_lookup (bsc#1195826).
- platform/chrome: cros_ec_debugfs: detach log reader wq from devm
(git-fixes).
- platform/x86: samsung-laptop: Fix an unsigned comparison which can never
be negative (git-fixes).
- powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117
ltc#159753).
- powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521
git-fixes).
- powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask
(bsc#1061840 git-fixes).
- powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395).
- powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269
ltc#169948 git-fixes).
- powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885
ltc#193722 git-fixes).
- powerpc/powernv: Get L1D flush requirements from device-tree
(bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Get STF barrier requirements from device-tree
(bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess
flushes (bsc#1188885 ltc#193722 git-fixes).
- powerpc/xive: Add some error handling code to 'xive_spapr_init()'
(git-fixes).
- powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes).
- pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes).
- pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes).
- qlcnic: Fix error code in probe (git-fixes).
- regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET
(git-fixes).
- regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
(git-fixes).
- reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes).
- rtc: fix use-after-free on device removal (git-fixes).
- rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes).
- rtc: mt6397: check return value after calling platform_get_resource()
(git-fixes).
- sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes).
- sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl
(git-fixes).
- sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes)
- sched/topology: Skip updating masks for non-online nodes (bsc#1197446
ltc#183000).
- scsi: dc395x: Fix a missing check on list iterator (git-fixes).
- scsi: fnic: Fix a tracing statement (git-fixes).
- scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631).
- scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes).
- scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045).
- scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045).
- scsi: lpfc: Change VMID registration to be based on fabric parameters
(bsc#1200045).
- scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI
(bsc#1200045).
- scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045).
- scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE
(bsc#1200045 bsc#1198989 bsc#1197675).
- scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045).
- scsi: lpfc: Decrement outstanding gidft_inp counter if
lpfc_err_lost_link() (bsc#1200045).
- scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE
(bsc#1200045).
- scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045).
- scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els()
(bsc#1200045).
- scsi: lpfc: Fix call trace observed during I/O with CMF enabled
(bsc#1200045).
- scsi: lpfc: Fix diagnostic fw logging after a function reset
(bsc#1200045).
- scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event()
(bsc#1200045).
- scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4()
(bsc#1200045).
- scsi: lpfc: Fix field overload in lpfc_iocbq data structure
(bsc#1200045).
- scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045).
- scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI
and PLOGI (bsc#1200045).
- scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp()
(bsc#1200045).
- scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock
(bsc#1200045).
- scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045 bsc#1198989
bsc#1197675).
- scsi: lpfc: Inhibit aborts if external loopback plug is inserted
(bsc#1200045).
- scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN
completion (bsc#1200045).
- scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg()
(bsc#1200045).
- scsi: lpfc: Move MI module parameter check to handle dynamic disable
(bsc#1200045).
- scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT
(bsc#1200045).
- scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045).
- scsi: lpfc: Register for Application Services FC-4 type in Fabric
topology (bsc#1200045).
- scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports
(bsc#1200045).
- scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045).
- scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe()
(bsc#1200045).
- scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path
(bsc#1200045).
- scsi: lpfc: Remove unneeded variable (bsc#1200045).
- scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down
(bsc#1200045).
- scsi: lpfc: Revise FDMI reporting of supported port speed for trunk
groups (bsc#1200045).
- scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045).
- scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or
aborted (bsc#1200045).
- scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan
(bsc#1200045).
- scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB
submit (bsc#1200045).
- scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045).
- scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045).
- scsi: lpfc: Update stat accounting for READ_STATUS mbox command
(bsc#1200045).
- scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check()
(bsc#1200045).
- scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O
(bsc#1200045).
- scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045).
- scsi: pm8001: Fix abort all task initialization (git-fixes).
- scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
(git-fixes).
- scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
(git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req()
(git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req()
(git-fixes).
- scsi: pm8001: Fix le32 values handling in
pm80xx_set_sas_protocol_timer_config() (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes).
- scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update()
(git-fixes).
- scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
(git-fixes).
- scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes).
- scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes).
- scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046).
- scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046).
- scsi: qla2xxx: Remove free_sg command flag (bsc#1200046).
- scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046).
- scsi: sr: Do not leak information in ioctl (git-fixes).
- scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes).
- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
(git-fixes).
- scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes).
- scsi: virtio-scsi: Eliminate anonymous module_init & module_exit
(git-fixes).
- scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes).
- selftests: firmware: Use smaller dictionary for XZ compression
(git-fixes).
- serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes).
- serial: 8250_mtk: Fix register address for XON/XOFF character
(git-fixes).
- serial: 8250_mtk: Fix UART_EFR register address (git-fixes).
- serial: 8250: Also set sticky MCR bits in console restoration
(git-fixes).
- serial: 8250: core: Remove unneeded <linux/pm_runtime.h> (git-fixes).
- serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
(git-fixes).
- serial: 8250: pxa: Remove unneeded <linux/pm_runtime.h> (git-fixes).
- serial: digicolor-usart: Do not allow CS5-6 (git-fixes).
- serial: imx: fix overrun interrupts in DMA mode (git-fixes).
- serial: meson: acquire port->lock in startup() (git-fixes).
- serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes).
- serial: rda-uart: Do not allow CS5-6 (git-fixes).
- serial: sh-sci: Do not allow CS5-6 (git-fixes).
- serial: sifive: Sanitize CSIZE and c_iflag (git-fixes).
- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes).
- serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes).
- serial: txx9: Do not allow CS5-6 (git-fixes).
- slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes).
- smp: Fix offline cpu check in flush_smp_call_function_queue()
(git-fixes).
- smsc911x: allow using IRQ0 (git-fixes).
- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
(git-fixes).
- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes).
- soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes).
- spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes).
- spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes).
- spi: spi-fsl-qspi: check return value after calling
platform_get_resource_byname() (git-fixes).
- spi: spi-ti-qspi: Fix return value handling of
wait_for_completion_timeout (git-fixes).
- staging: fieldbus: Fix the error handling path in
anybuss_host_common_probe() (git-fixes).
- SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
- SUNRPC: Ensure that the gssproxy client can start in a connected state
(git-fixes).
- thermal: int340x: Fix attr.show callback prototype (git-fixes).
- thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes).
- thermal/drivers/broadcom: Fix potential NULL dereference in
sr_thermal_probe (git-fixes).
- timekeeping: Really make sure wall_to_monotonic isn't (git-fixes)
- timers: Fix warning condition in __run_timers() (git-fixes)
- tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes).
- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
(bsc#1065729).
- tracing: Fix potential double free in create_var_ref() (git-fixes).
- tracing: Fix return value of trace_pid_write() (git-fixes).
- tty: fix deadlock caused by calling printk() under tty_port->lock
(git-fixes).
- tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes).
- tty: serial: fsl_lpuart: fix potential bug when using both
of_alias_get_id and ida_simple_get (git-fixes).
- tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe
(git-fixes).
- tty/serial: digicolor: fix possible null-ptr-deref in
digicolor_uart_probe() (git-fixes).
- usb: cdc-wdm: fix reading stuck on device close (git-fixes).
- usb: dwc3: core: Fix tx/rx threshold settings (git-fixes).
- usb: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
- usb: dwc3: gadget: Return proper request status (git-fixes).
- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes).
- usb: ehci-omap: drop unused ehci_read() function (git-fixes).
- usb: gadget: configfs: clear deactivation flag in
configfs_composite_unbind() (git-fixes).
- usb: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs
(bsc#1152489)
- usb: misc: fix improper handling of refcount in uss720_probe()
(git-fixes).
- usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes).
- usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes).
- usb: quirks: add a Realtek card reader (git-fixes).
- usb: quirks: add STRING quirk for VCOM device (git-fixes).
- usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes).
- usb: serial: option: add Fibocom L610 modem (git-fixes).
- usb: serial: option: add Fibocom MA510 modem (git-fixes).
- usb: serial: option: add support for Cinterion MV32-WA/MV32-WB
(git-fixes).
- usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
(git-fixes).
- usb: serial: pl2303: add device id for HP LM930 Display (git-fixes).
- usb: serial: qcserial: add support for Sierra Wireless EM7590
(git-fixes).
- usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
(git-fixes).
- usb: storage: karma: fix rio_karma_init return (git-fixes).
- usb: typec: mux: Check dev_set_name() return value (git-fixes).
- usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes).
- usb: typec: ucsi: Fix reuse of completion structure (git-fixes).
- usb: typec: ucsi: Fix role swapping (git-fixes).
- usb: usbip: add missing device lock on tweak configuration cmd
(git-fixes).
- usb: usbip: fix a refcount leak in stub_probe() (git-fixes).
- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
(git-fixes).
- watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes).
- wifi: mac80211: fix use-after-free in chanctx code (git-fixes).
- wireguard: device: check for metadata_dst with skb_valid_dst()
(git-fixes).
- xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms
(git-fixes).
- xhci: stop polling roothubs after shutdown (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2079=1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2079=1
Package List:
- openSUSE Leap 15.3 (x86_64):
cluster-md-kmp-azure-5.3.18-150300.38.59.1
cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.59.1
dlm-kmp-azure-5.3.18-150300.38.59.1
dlm-kmp-azure-debuginfo-5.3.18-150300.38.59.1
gfs2-kmp-azure-5.3.18-150300.38.59.1
gfs2-kmp-azure-debuginfo-5.3.18-150300.38.59.1
kernel-azure-5.3.18-150300.38.59.1
kernel-azure-debuginfo-5.3.18-150300.38.59.1
kernel-azure-debugsource-5.3.18-150300.38.59.1
kernel-azure-devel-5.3.18-150300.38.59.1
kernel-azure-devel-debuginfo-5.3.18-150300.38.59.1
kernel-azure-extra-5.3.18-150300.38.59.1
kernel-azure-extra-debuginfo-5.3.18-150300.38.59.1
kernel-azure-livepatch-devel-5.3.18-150300.38.59.1
kernel-azure-optional-5.3.18-150300.38.59.1
kernel-azure-optional-debuginfo-5.3.18-150300.38.59.1
kernel-syms-azure-5.3.18-150300.38.59.1
kselftests-kmp-azure-5.3.18-150300.38.59.1
kselftests-kmp-azure-debuginfo-5.3.18-150300.38.59.1
ocfs2-kmp-azure-5.3.18-150300.38.59.1
ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.59.1
reiserfs-kmp-azure-5.3.18-150300.38.59.1
reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.59.1
- openSUSE Leap 15.3 (noarch):
kernel-devel-azure-5.3.18-150300.38.59.1
kernel-source-azure-5.3.18-150300.38.59.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch):
kernel-devel-azure-5.3.18-150300.38.59.1
kernel-source-azure-5.3.18-150300.38.59.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64):
kernel-azure-5.3.18-150300.38.59.1
kernel-azure-debuginfo-5.3.18-150300.38.59.1
kernel-azure-debugsource-5.3.18-150300.38.59.1
kernel-azure-devel-5.3.18-150300.38.59.1
kernel-azure-devel-debuginfo-5.3.18-150300.38.59.1
kernel-syms-azure-5.3.18-150300.38.59.1
References:
https://www.suse.com/security/cve/CVE-2019-19377.html
https://www.suse.com/security/cve/CVE-2021-33061.html
https://www.suse.com/security/cve/CVE-2022-0168.html
https://www.suse.com/security/cve/CVE-2022-1184.html
https://www.suse.com/security/cve/CVE-2022-1652.html
https://www.suse.com/security/cve/CVE-2022-1729.html
https://www.suse.com/security/cve/CVE-2022-1972.html
https://www.suse.com/security/cve/CVE-2022-20008.html
https://www.suse.com/security/cve/CVE-2022-21123.html
https://www.suse.com/security/cve/CVE-2022-21125.html
https://www.suse.com/security/cve/CVE-2022-21127.html
https://www.suse.com/security/cve/CVE-2022-21166.html
https://www.suse.com/security/cve/CVE-2022-21180.html
https://www.suse.com/security/cve/CVE-2022-24448.html
https://www.suse.com/security/cve/CVE-2022-30594.html
https://bugzilla.suse.com/1055117
https://bugzilla.suse.com/1061840
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1103269
https://bugzilla.suse.com/1118212
https://bugzilla.suse.com/1152472
https://bugzilla.suse.com/1152489
https://bugzilla.suse.com/1153274
https://bugzilla.suse.com/1154353
https://bugzilla.suse.com/1156395
https://bugzilla.suse.com/1158266
https://bugzilla.suse.com/1167773
https://bugzilla.suse.com/1176447
https://bugzilla.suse.com/1178134
https://bugzilla.suse.com/1180100
https://bugzilla.suse.com/1183405
https://bugzilla.suse.com/1188885
https://bugzilla.suse.com/1195612
https://bugzilla.suse.com/1195651
https://bugzilla.suse.com/1195826
https://bugzilla.suse.com/1196426
https://bugzilla.suse.com/1196478
https://bugzilla.suse.com/1196570
https://bugzilla.suse.com/1196840
https://bugzilla.suse.com/1197446
https://bugzilla.suse.com/1197472
https://bugzilla.suse.com/1197601
https://bugzilla.suse.com/1197675
https://bugzilla.suse.com/1198438
https://bugzilla.suse.com/1198534
https://bugzilla.suse.com/1198577
https://bugzilla.suse.com/1198971
https://bugzilla.suse.com/1198989
https://bugzilla.suse.com/1199035
https://bugzilla.suse.com/1199052
https://bugzilla.suse.com/1199063
https://bugzilla.suse.com/1199114
https://bugzilla.suse.com/1199314
https://bugzilla.suse.com/1199505
https://bugzilla.suse.com/1199507
https://bugzilla.suse.com/1199564
https://bugzilla.suse.com/1199626
https://bugzilla.suse.com/1199631
https://bugzilla.suse.com/1199650
https://bugzilla.suse.com/1199670
https://bugzilla.suse.com/1199839
https://bugzilla.suse.com/1200019
https://bugzilla.suse.com/1200045
https://bugzilla.suse.com/1200046
https://bugzilla.suse.com/1200192
https://bugzilla.suse.com/1200216
1
0
SUSE-SU-2022:2081-1: important: Security update for 389-ds
by opensuse-security@opensuse.org 14 Jun '22
by opensuse-security@opensuse.org 14 Jun '22
14 Jun '22
SUSE Security Update: Security update for 389-ds
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2081-1
Rating: important
References: #1195324 #1199889
Cross-References: CVE-2021-4091 CVE-2022-1949
CVSS scores:
CVE-2021-4091 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-4091 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1949 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-1949 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for 389-ds fixes the following issues:
- CVE-2021-4091: Fixed double free in psearch (bsc#1195324).
- CVE-2022-1949: Fixed full access control bypass with simple crafted
query (bsc#1199889).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2081=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2081=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
389-ds-1.4.4.19~git38.9951c1101-150300.3.17.1
389-ds-debuginfo-1.4.4.19~git38.9951c1101-150300.3.17.1
389-ds-debugsource-1.4.4.19~git38.9951c1101-150300.3.17.1
389-ds-devel-1.4.4.19~git38.9951c1101-150300.3.17.1
389-ds-snmp-1.4.4.19~git38.9951c1101-150300.3.17.1
389-ds-snmp-debuginfo-1.4.4.19~git38.9951c1101-150300.3.17.1
lib389-1.4.4.19~git38.9951c1101-150300.3.17.1
libsvrcore0-1.4.4.19~git38.9951c1101-150300.3.17.1
libsvrcore0-debuginfo-1.4.4.19~git38.9951c1101-150300.3.17.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
389-ds-1.4.4.19~git38.9951c1101-150300.3.17.1
389-ds-debuginfo-1.4.4.19~git38.9951c1101-150300.3.17.1
389-ds-debugsource-1.4.4.19~git38.9951c1101-150300.3.17.1
389-ds-devel-1.4.4.19~git38.9951c1101-150300.3.17.1
lib389-1.4.4.19~git38.9951c1101-150300.3.17.1
libsvrcore0-1.4.4.19~git38.9951c1101-150300.3.17.1
libsvrcore0-debuginfo-1.4.4.19~git38.9951c1101-150300.3.17.1
References:
https://www.suse.com/security/cve/CVE-2021-4091.html
https://www.suse.com/security/cve/CVE-2022-1949.html
https://bugzilla.suse.com/1195324
https://bugzilla.suse.com/1199889
1
0
SUSE-SU-2022:2072-1: important: Security update for webkit2gtk3
by opensuse-security@opensuse.org 14 Jun '22
by opensuse-security@opensuse.org 14 Jun '22
14 Jun '22
SUSE Security Update: Security update for webkit2gtk3
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2072-1
Rating: important
References: #1199287 #1200106
Cross-References: CVE-2022-26700 CVE-2022-26709 CVE-2022-26716
CVE-2022-26717 CVE-2022-26719 CVE-2022-30293
CVSS scores:
CVE-2022-26700 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-26709 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-26716 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-26717 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-26719 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-30293 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-30293 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This update for webkit2gtk3 fixes the following issues:
Update to version 2.36.3 (bsc#1200106)
- CVE-2022-30293: Fixed heap-based buffer overflow in
WebCore::TextureMapperLayer::setContentsLayer (bsc#1199287).
- CVE-2022-26700: Fixed memory corruption issue that may lead to code
execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26709: Fixed use after free issue that may lead to code
execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26716: Fixed use after free issue that may lead to code
execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26717: Fixed memory corruption issue that may lead to code
execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26719: Fixed memory corruption issue that may lead to code
execution when processing maliciously crafted web content (bsc#1200106).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2072=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2072=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2072=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2072=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2072=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2072=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2072=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2072=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2072=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2072=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2072=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2072=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-2072=1
Package List:
- openSUSE Leap 15.4 (noarch):
libwebkit2gtk3-lang-2.36.3-150200.35.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1
typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1
webkit-jsc-4-2.36.3-150200.35.1
webkit-jsc-4-debuginfo-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1
webkit2gtk3-debugsource-2.36.3-150200.35.1
webkit2gtk3-devel-2.36.3-150200.35.1
webkit2gtk3-minibrowser-2.36.3-150200.35.1
webkit2gtk3-minibrowser-debuginfo-2.36.3-150200.35.1
- openSUSE Leap 15.3 (x86_64):
libjavascriptcoregtk-4_0-18-32bit-2.36.3-150200.35.1
libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-32bit-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-32bit-debuginfo-2.36.3-150200.35.1
- openSUSE Leap 15.3 (noarch):
libwebkit2gtk3-lang-2.36.3-150200.35.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1
typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1
webkit2gtk3-debugsource-2.36.3-150200.35.1
webkit2gtk3-devel-2.36.3-150200.35.1
- SUSE Manager Server 4.1 (noarch):
libwebkit2gtk3-lang-2.36.3-150200.35.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
libwebkit2gtk3-lang-2.36.3-150200.35.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1
typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1
webkit2gtk3-debugsource-2.36.3-150200.35.1
webkit2gtk3-devel-2.36.3-150200.35.1
- SUSE Manager Proxy 4.1 (noarch):
libwebkit2gtk3-lang-2.36.3-150200.35.1
- SUSE Manager Proxy 4.1 (x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1
typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1
webkit2gtk3-debugsource-2.36.3-150200.35.1
webkit2gtk3-devel-2.36.3-150200.35.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1
typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1
webkit2gtk3-debugsource-2.36.3-150200.35.1
webkit2gtk3-devel-2.36.3-150200.35.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
libwebkit2gtk3-lang-2.36.3-150200.35.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1
typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1
webkit2gtk3-debugsource-2.36.3-150200.35.1
webkit2gtk3-devel-2.36.3-150200.35.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
libwebkit2gtk3-lang-2.36.3-150200.35.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1
typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1
webkit2gtk3-debugsource-2.36.3-150200.35.1
webkit2gtk3-devel-2.36.3-150200.35.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
libwebkit2gtk3-lang-2.36.3-150200.35.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1
webkit2gtk3-debugsource-2.36.3-150200.35.1
webkit2gtk3-devel-2.36.3-150200.35.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1
webkit2gtk3-debugsource-2.36.3-150200.35.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
libwebkit2gtk3-lang-2.36.3-150200.35.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1
typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1
webkit2gtk3-debugsource-2.36.3-150200.35.1
webkit2gtk3-devel-2.36.3-150200.35.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
libwebkit2gtk3-lang-2.36.3-150200.35.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1
typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1
webkit2gtk3-debugsource-2.36.3-150200.35.1
webkit2gtk3-devel-2.36.3-150200.35.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
libwebkit2gtk3-lang-2.36.3-150200.35.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1
typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1
webkit2gtk3-debugsource-2.36.3-150200.35.1
webkit2gtk3-devel-2.36.3-150200.35.1
- SUSE Enterprise Storage 7 (noarch):
libwebkit2gtk3-lang-2.36.3-150200.35.1
References:
https://www.suse.com/security/cve/CVE-2022-26700.html
https://www.suse.com/security/cve/CVE-2022-26709.html
https://www.suse.com/security/cve/CVE-2022-26716.html
https://www.suse.com/security/cve/CVE-2022-26717.html
https://www.suse.com/security/cve/CVE-2022-26719.html
https://www.suse.com/security/cve/CVE-2022-30293.html
https://bugzilla.suse.com/1199287
https://bugzilla.suse.com/1200106
1
0
SUSE-SU-2022:2071-1: important: Security update for webkit2gtk3
by opensuse-security@opensuse.org 14 Jun '22
by opensuse-security@opensuse.org 14 Jun '22
14 Jun '22
SUSE Security Update: Security update for webkit2gtk3
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2071-1
Rating: important
References: #1199287 #1200106
Cross-References: CVE-2022-26700 CVE-2022-26709 CVE-2022-26716
CVE-2022-26717 CVE-2022-26719 CVE-2022-30293
CVSS scores:
CVE-2022-26700 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-26709 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-26716 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-26717 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-26719 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-30293 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-30293 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This update for webkit2gtk3 fixes the following issues:
Update to version 2.36.3 (bsc#1200106)
- CVE-2022-30293: Fixed heap-based buffer overflow in
WebCore::TextureMapperLayer::setContentsLayer (bsc#1199287).
- CVE-2022-26700: Fixed memory corruption issue that may lead to code
execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26709: Fixed use after free issue that may lead to code
execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26716: Fixed use after free issue that may lead to code
execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26717: Fixed memory corruption issue that may lead to code
execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26719: Fixed memory corruption issue that may lead to code
execution when processing maliciously crafted web content (bsc#1200106).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2071=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2071=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2071=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2071=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150400.4.3.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150400.4.3.1
libjavascriptcoregtk-4_1-0-2.36.3-150400.4.3.1
libjavascriptcoregtk-4_1-0-debuginfo-2.36.3-150400.4.3.1
libjavascriptcoregtk-5_0-0-2.36.3-150400.4.3.1
libjavascriptcoregtk-5_0-0-debuginfo-2.36.3-150400.4.3.1
libwebkit2gtk-4_0-37-2.36.3-150400.4.3.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150400.4.3.1
libwebkit2gtk-4_1-0-2.36.3-150400.4.3.1
libwebkit2gtk-4_1-0-debuginfo-2.36.3-150400.4.3.1
libwebkit2gtk-5_0-0-2.36.3-150400.4.3.1
libwebkit2gtk-5_0-0-debuginfo-2.36.3-150400.4.3.1
typelib-1_0-JavaScriptCore-4_0-2.36.3-150400.4.3.1
typelib-1_0-JavaScriptCore-4_1-2.36.3-150400.4.3.1
typelib-1_0-JavaScriptCore-5_0-2.36.3-150400.4.3.1
typelib-1_0-WebKit2-4_0-2.36.3-150400.4.3.1
typelib-1_0-WebKit2-4_1-2.36.3-150400.4.3.1
typelib-1_0-WebKit2-5_0-2.36.3-150400.4.3.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150400.4.3.1
typelib-1_0-WebKit2WebExtension-4_1-2.36.3-150400.4.3.1
typelib-1_0-WebKit2WebExtension-5_0-2.36.3-150400.4.3.1
webkit-jsc-4-2.36.3-150400.4.3.1
webkit-jsc-4-debuginfo-2.36.3-150400.4.3.1
webkit-jsc-4.1-2.36.3-150400.4.3.1
webkit-jsc-4.1-debuginfo-2.36.3-150400.4.3.1
webkit-jsc-5.0-2.36.3-150400.4.3.1
webkit-jsc-5.0-debuginfo-2.36.3-150400.4.3.1
webkit2gtk-4_0-injected-bundles-2.36.3-150400.4.3.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150400.4.3.1
webkit2gtk-4_1-injected-bundles-2.36.3-150400.4.3.1
webkit2gtk-4_1-injected-bundles-debuginfo-2.36.3-150400.4.3.1
webkit2gtk-5_0-injected-bundles-2.36.3-150400.4.3.1
webkit2gtk-5_0-injected-bundles-debuginfo-2.36.3-150400.4.3.1
webkit2gtk3-debugsource-2.36.3-150400.4.3.1
webkit2gtk3-devel-2.36.3-150400.4.3.1
webkit2gtk3-minibrowser-2.36.3-150400.4.3.1
webkit2gtk3-minibrowser-debuginfo-2.36.3-150400.4.3.1
webkit2gtk3-soup2-debugsource-2.36.3-150400.4.3.1
webkit2gtk3-soup2-devel-2.36.3-150400.4.3.1
webkit2gtk3-soup2-minibrowser-2.36.3-150400.4.3.1
webkit2gtk3-soup2-minibrowser-debuginfo-2.36.3-150400.4.3.1
webkit2gtk4-debugsource-2.36.3-150400.4.3.1
webkit2gtk4-devel-2.36.3-150400.4.3.1
webkit2gtk4-minibrowser-2.36.3-150400.4.3.1
webkit2gtk4-minibrowser-debuginfo-2.36.3-150400.4.3.1
- openSUSE Leap 15.4 (x86_64):
libjavascriptcoregtk-4_0-18-32bit-2.36.3-150400.4.3.1
libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.36.3-150400.4.3.1
libjavascriptcoregtk-4_1-0-32bit-2.36.3-150400.4.3.1
libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.36.3-150400.4.3.1
libwebkit2gtk-4_0-37-32bit-2.36.3-150400.4.3.1
libwebkit2gtk-4_0-37-32bit-debuginfo-2.36.3-150400.4.3.1
libwebkit2gtk-4_1-0-32bit-2.36.3-150400.4.3.1
libwebkit2gtk-4_1-0-32bit-debuginfo-2.36.3-150400.4.3.1
- openSUSE Leap 15.4 (noarch):
WebKit2GTK-4.0-lang-2.36.3-150400.4.3.1
WebKit2GTK-4.1-lang-2.36.3-150400.4.3.1
WebKit2GTK-5.0-lang-2.36.3-150400.4.3.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-5_0-0-2.36.3-150400.4.3.1
libjavascriptcoregtk-5_0-0-debuginfo-2.36.3-150400.4.3.1
libwebkit2gtk-5_0-0-2.36.3-150400.4.3.1
libwebkit2gtk-5_0-0-debuginfo-2.36.3-150400.4.3.1
typelib-1_0-JavaScriptCore-5_0-2.36.3-150400.4.3.1
typelib-1_0-WebKit2-5_0-2.36.3-150400.4.3.1
webkit2gtk-5_0-injected-bundles-2.36.3-150400.4.3.1
webkit2gtk-5_0-injected-bundles-debuginfo-2.36.3-150400.4.3.1
webkit2gtk4-debugsource-2.36.3-150400.4.3.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_1-0-2.36.3-150400.4.3.1
libjavascriptcoregtk-4_1-0-debuginfo-2.36.3-150400.4.3.1
libwebkit2gtk-4_1-0-2.36.3-150400.4.3.1
libwebkit2gtk-4_1-0-debuginfo-2.36.3-150400.4.3.1
typelib-1_0-JavaScriptCore-4_1-2.36.3-150400.4.3.1
typelib-1_0-WebKit2-4_1-2.36.3-150400.4.3.1
typelib-1_0-WebKit2WebExtension-4_1-2.36.3-150400.4.3.1
webkit2gtk-4_1-injected-bundles-2.36.3-150400.4.3.1
webkit2gtk-4_1-injected-bundles-debuginfo-2.36.3-150400.4.3.1
webkit2gtk3-debugsource-2.36.3-150400.4.3.1
webkit2gtk3-devel-2.36.3-150400.4.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150400.4.3.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150400.4.3.1
libwebkit2gtk-4_0-37-2.36.3-150400.4.3.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150400.4.3.1
typelib-1_0-JavaScriptCore-4_0-2.36.3-150400.4.3.1
typelib-1_0-WebKit2-4_0-2.36.3-150400.4.3.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150400.4.3.1
webkit2gtk-4_0-injected-bundles-2.36.3-150400.4.3.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150400.4.3.1
webkit2gtk3-soup2-debugsource-2.36.3-150400.4.3.1
webkit2gtk3-soup2-devel-2.36.3-150400.4.3.1
References:
https://www.suse.com/security/cve/CVE-2022-26700.html
https://www.suse.com/security/cve/CVE-2022-26709.html
https://www.suse.com/security/cve/CVE-2022-26716.html
https://www.suse.com/security/cve/CVE-2022-26717.html
https://www.suse.com/security/cve/CVE-2022-26719.html
https://www.suse.com/security/cve/CVE-2022-30293.html
https://bugzilla.suse.com/1199287
https://bugzilla.suse.com/1200106
1
0
SUSE-SU-2022:2070-1: important: Security update for python-Twisted
by opensuse-security@opensuse.org 14 Jun '22
by opensuse-security@opensuse.org 14 Jun '22
14 Jun '22
SUSE Security Update: Security update for python-Twisted
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2070-1
Rating: important
References: #1196739
Cross-References: CVE-2022-21716
CVSS scores:
CVE-2022-21716 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21716 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python-Twisted fixes the following issues:
- CVE-2022-21716: Fixed that ssh server accepts an infinite amount of data
using all the available memory (bsc#1196739).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2070=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2070=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2070=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2070=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2070=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2070=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2070=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2070=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2070=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2070=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2070=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2070=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-2070=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
python-Twisted-debuginfo-19.10.0-150200.3.12.1
python-Twisted-debugsource-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
python-Twisted-debuginfo-19.10.0-150200.3.12.1
python-Twisted-debugsource-19.10.0-150200.3.12.1
python-Twisted-doc-19.10.0-150200.3.12.1
python2-Twisted-19.10.0-150200.3.12.1
python2-Twisted-debuginfo-19.10.0-150200.3.12.1
python3-Twisted-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
python3-Twisted-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
python3-Twisted-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
- SUSE Manager Proxy 4.1 (x86_64):
python3-Twisted-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
python3-Twisted-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
python3-Twisted-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
python3-Twisted-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
python-Twisted-debuginfo-19.10.0-150200.3.12.1
python-Twisted-debugsource-19.10.0-150200.3.12.1
python3-Twisted-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):
python-Twisted-debugsource-19.10.0-150200.3.12.1
python3-Twisted-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
python3-Twisted-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
python3-Twisted-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
python3-Twisted-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
References:
https://www.suse.com/security/cve/CVE-2022-21716.html
https://bugzilla.suse.com/1196739
1
0
SUSE-SU-2022:2063-1: moderate: Security update for gimp
by opensuse-security@opensuse.org 13 Jun '22
by opensuse-security@opensuse.org 13 Jun '22
13 Jun '22
SUSE Security Update: Security update for gimp
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2063-1
Rating: moderate
References: #1199653
Cross-References: CVE-2022-30067
CVSS scores:
CVE-2022-30067 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-30067 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for gimp fixes the following issues:
- CVE-2022-30067: Fixed uncontrolled memory consumption via crafted XCF
file (bsc#1199653).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2063=1
- SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2063=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2063=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
gimp-2.10.12-150300.9.3.1
gimp-debuginfo-2.10.12-150300.9.3.1
gimp-debugsource-2.10.12-150300.9.3.1
gimp-devel-2.10.12-150300.9.3.1
gimp-devel-debuginfo-2.10.12-150300.9.3.1
gimp-plugin-aa-2.10.12-150300.9.3.1
gimp-plugin-aa-debuginfo-2.10.12-150300.9.3.1
libgimp-2_0-0-2.10.12-150300.9.3.1
libgimp-2_0-0-debuginfo-2.10.12-150300.9.3.1
libgimpui-2_0-0-2.10.12-150300.9.3.1
libgimpui-2_0-0-debuginfo-2.10.12-150300.9.3.1
- openSUSE Leap 15.3 (noarch):
gimp-lang-2.10.12-150300.9.3.1
- openSUSE Leap 15.3 (x86_64):
libgimp-2_0-0-32bit-2.10.12-150300.9.3.1
libgimp-2_0-0-32bit-debuginfo-2.10.12-150300.9.3.1
libgimpui-2_0-0-32bit-2.10.12-150300.9.3.1
libgimpui-2_0-0-32bit-debuginfo-2.10.12-150300.9.3.1
- SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
gimp-2.10.12-150300.9.3.1
gimp-debuginfo-2.10.12-150300.9.3.1
gimp-debugsource-2.10.12-150300.9.3.1
gimp-devel-2.10.12-150300.9.3.1
gimp-devel-debuginfo-2.10.12-150300.9.3.1
libgimp-2_0-0-2.10.12-150300.9.3.1
libgimp-2_0-0-debuginfo-2.10.12-150300.9.3.1
libgimpui-2_0-0-2.10.12-150300.9.3.1
libgimpui-2_0-0-debuginfo-2.10.12-150300.9.3.1
- SUSE Linux Enterprise Workstation Extension 15-SP3 (noarch):
gimp-lang-2.10.12-150300.9.3.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x):
gimp-debuginfo-2.10.12-150300.9.3.1
gimp-debugsource-2.10.12-150300.9.3.1
libgimp-2_0-0-2.10.12-150300.9.3.1
libgimp-2_0-0-debuginfo-2.10.12-150300.9.3.1
libgimpui-2_0-0-2.10.12-150300.9.3.1
libgimpui-2_0-0-debuginfo-2.10.12-150300.9.3.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64):
gimp-2.10.12-150300.9.3.1
gimp-devel-2.10.12-150300.9.3.1
gimp-devel-debuginfo-2.10.12-150300.9.3.1
gimp-plugin-aa-2.10.12-150300.9.3.1
gimp-plugin-aa-debuginfo-2.10.12-150300.9.3.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch):
gimp-lang-2.10.12-150300.9.3.1
References:
https://www.suse.com/security/cve/CVE-2022-30067.html
https://bugzilla.suse.com/1199653
1
0
SUSE-SU-2022:2065-1: important: Security update for xen
by opensuse-security@opensuse.org 13 Jun '22
by opensuse-security@opensuse.org 13 Jun '22
13 Jun '22
SUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2065-1
Rating: important
References: #1027519 #1197426 #1199965 #1199966
Cross-References: CVE-2022-26358 CVE-2022-26359 CVE-2022-26360
CVE-2022-26361 CVE-2022-26362 CVE-2022-26363
CVE-2022-26364
CVSS scores:
CVE-2022-26358 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26358 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
CVE-2022-26359 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26359 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
CVE-2022-26360 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26360 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
CVE-2022-26361 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26361 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
CVE-2022-26362 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26363 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26364 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes 7 vulnerabilities is now available.
Description:
This update for xen fixes the following issues:
- CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361: Fixed
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues (XSA-400)
(bsc#1197426)
- CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965)
- CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with
non-coherent mappings (bsc#1199966)
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2065=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2065=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2065=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2065=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2065=1
Package List:
- openSUSE Leap 15.3 (aarch64 x86_64):
xen-4.14.5_02-150300.3.29.1
xen-debugsource-4.14.5_02-150300.3.29.1
xen-devel-4.14.5_02-150300.3.29.1
xen-doc-html-4.14.5_02-150300.3.29.1
xen-libs-4.14.5_02-150300.3.29.1
xen-libs-debuginfo-4.14.5_02-150300.3.29.1
xen-tools-4.14.5_02-150300.3.29.1
xen-tools-debuginfo-4.14.5_02-150300.3.29.1
xen-tools-domU-4.14.5_02-150300.3.29.1
xen-tools-domU-debuginfo-4.14.5_02-150300.3.29.1
- openSUSE Leap 15.3 (x86_64):
xen-libs-32bit-4.14.5_02-150300.3.29.1
xen-libs-32bit-debuginfo-4.14.5_02-150300.3.29.1
- openSUSE Leap 15.3 (noarch):
xen-tools-xendomains-wait-disk-4.14.5_02-150300.3.29.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch):
xen-tools-xendomains-wait-disk-4.14.5_02-150300.3.29.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64):
xen-4.14.5_02-150300.3.29.1
xen-debugsource-4.14.5_02-150300.3.29.1
xen-devel-4.14.5_02-150300.3.29.1
xen-tools-4.14.5_02-150300.3.29.1
xen-tools-debuginfo-4.14.5_02-150300.3.29.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
xen-debugsource-4.14.5_02-150300.3.29.1
xen-libs-4.14.5_02-150300.3.29.1
xen-libs-debuginfo-4.14.5_02-150300.3.29.1
xen-tools-domU-4.14.5_02-150300.3.29.1
xen-tools-domU-debuginfo-4.14.5_02-150300.3.29.1
- SUSE Linux Enterprise Micro 5.2 (x86_64):
xen-debugsource-4.14.5_02-150300.3.29.1
xen-libs-4.14.5_02-150300.3.29.1
xen-libs-debuginfo-4.14.5_02-150300.3.29.1
- SUSE Linux Enterprise Micro 5.1 (x86_64):
xen-debugsource-4.14.5_02-150300.3.29.1
xen-libs-4.14.5_02-150300.3.29.1
xen-libs-debuginfo-4.14.5_02-150300.3.29.1
References:
https://www.suse.com/security/cve/CVE-2022-26358.html
https://www.suse.com/security/cve/CVE-2022-26359.html
https://www.suse.com/security/cve/CVE-2022-26360.html
https://www.suse.com/security/cve/CVE-2022-26361.html
https://www.suse.com/security/cve/CVE-2022-26362.html
https://www.suse.com/security/cve/CVE-2022-26363.html
https://www.suse.com/security/cve/CVE-2022-26364.html
https://bugzilla.suse.com/1027519
https://bugzilla.suse.com/1197426
https://bugzilla.suse.com/1199965
https://bugzilla.suse.com/1199966
1
0
SUSE-SU-2022:2064-1: important: Security update for grub2
by opensuse-security@opensuse.org 13 Jun '22
by opensuse-security@opensuse.org 13 Jun '22
13 Jun '22
SUSE Security Update: Security update for grub2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2064-1
Rating: important
References: #1191184 #1191185 #1191186 #1193282 #1197948
#1198460 #1198493 #1198495 #1198496 #1198581
Cross-References: CVE-2021-3695 CVE-2021-3696 CVE-2021-3697
CVE-2022-28733 CVE-2022-28734 CVE-2022-28735
CVE-2022-28736
CVSS scores:
CVE-2021-3695 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-3696 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
CVE-2021-3697 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-28733 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-28735 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-28736 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves 7 vulnerabilities and has three fixes
is now available.
Description:
This update for grub2 fixes the following issues:
Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581)
- CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to
out-of-bounds write in heap (bsc#1191184)
- CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound
write during huffman table handling (bsc#1191185)
- CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer
underflow write in the heap (bsc#1191186)
- CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460)
- CVE-2022-28734: Fixed an out-of-bound write for split http headers
(bsc#1198493)
- CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495)
- CVE-2022-28736: Fixed a use-after-free in chainloader command
(bsc#1198496)
- Update SBAT security contact (bsc#1193282)
- Bump grub's SBAT generation to 2
- Use boot disks in OpenFirmware, fixing regression caused when the root
LV is completely in the boot LUN (bsc#1197948)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2064=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2064=1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-2064=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2064=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2064=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
grub2-2.04-150300.22.20.2
grub2-branding-upstream-2.04-150300.22.20.2
grub2-debuginfo-2.04-150300.22.20.2
- openSUSE Leap 15.3 (aarch64 s390x x86_64):
grub2-debugsource-2.04-150300.22.20.2
- openSUSE Leap 15.3 (noarch):
grub2-arm64-efi-2.04-150300.22.20.2
grub2-arm64-efi-debug-2.04-150300.22.20.2
grub2-i386-pc-2.04-150300.22.20.2
grub2-i386-pc-debug-2.04-150300.22.20.2
grub2-powerpc-ieee1275-2.04-150300.22.20.2
grub2-powerpc-ieee1275-debug-2.04-150300.22.20.2
grub2-snapper-plugin-2.04-150300.22.20.2
grub2-systemd-sleep-plugin-2.04-150300.22.20.2
grub2-x86_64-efi-2.04-150300.22.20.2
grub2-x86_64-efi-debug-2.04-150300.22.20.2
grub2-x86_64-xen-2.04-150300.22.20.2
- openSUSE Leap 15.3 (s390x):
grub2-s390x-emu-2.04-150300.22.20.2
grub2-s390x-emu-debug-2.04-150300.22.20.2
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch):
grub2-x86_64-xen-2.04-150300.22.20.2
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch):
grub2-arm64-efi-2.04-150300.22.20.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
grub2-2.04-150300.22.20.2
grub2-debuginfo-2.04-150300.22.20.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 s390x x86_64):
grub2-debugsource-2.04-150300.22.20.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
grub2-arm64-efi-2.04-150300.22.20.2
grub2-i386-pc-2.04-150300.22.20.2
grub2-powerpc-ieee1275-2.04-150300.22.20.2
grub2-snapper-plugin-2.04-150300.22.20.2
grub2-systemd-sleep-plugin-2.04-150300.22.20.2
grub2-x86_64-efi-2.04-150300.22.20.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x):
grub2-s390x-emu-2.04-150300.22.20.2
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
grub2-2.04-150300.22.20.2
grub2-debuginfo-2.04-150300.22.20.2
grub2-debugsource-2.04-150300.22.20.2
- SUSE Linux Enterprise Micro 5.2 (noarch):
grub2-arm64-efi-2.04-150300.22.20.2
grub2-i386-pc-2.04-150300.22.20.2
grub2-snapper-plugin-2.04-150300.22.20.2
grub2-x86_64-efi-2.04-150300.22.20.2
grub2-x86_64-xen-2.04-150300.22.20.2
- SUSE Linux Enterprise Micro 5.2 (s390x):
grub2-s390x-emu-2.04-150300.22.20.2
References:
https://www.suse.com/security/cve/CVE-2021-3695.html
https://www.suse.com/security/cve/CVE-2021-3696.html
https://www.suse.com/security/cve/CVE-2021-3697.html
https://www.suse.com/security/cve/CVE-2022-28733.html
https://www.suse.com/security/cve/CVE-2022-28734.html
https://www.suse.com/security/cve/CVE-2022-28735.html
https://www.suse.com/security/cve/CVE-2022-28736.html
https://bugzilla.suse.com/1191184
https://bugzilla.suse.com/1191185
https://bugzilla.suse.com/1191186
https://bugzilla.suse.com/1193282
https://bugzilla.suse.com/1197948
https://bugzilla.suse.com/1198460
https://bugzilla.suse.com/1198493
https://bugzilla.suse.com/1198495
https://bugzilla.suse.com/1198496
https://bugzilla.suse.com/1198581
1
0
SUSE-SU-2022:2062-1: important: Security update for MozillaThunderbird
by opensuse-security@opensuse.org 13 Jun '22
by opensuse-security@opensuse.org 13 Jun '22
13 Jun '22
SUSE Security Update: Security update for MozillaThunderbird
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2062-1
Rating: important
References: #1199768 #1200027
Cross-References: CVE-2022-1529 CVE-2022-1802 CVE-2022-1834
CVE-2022-31736 CVE-2022-31737 CVE-2022-31738
CVE-2022-31739 CVE-2022-31740 CVE-2022-31741
CVE-2022-31742 CVE-2022-31747
CVSS scores:
CVE-2022-1529 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-1802 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-1834 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-31736 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-31737 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-31738 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-31739 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-31740 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-31741 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-31742 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-31747 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Linux Enterprise Workstation Extension 15-SP4
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 11 vulnerabilities is now available.
Description:
This update for MozillaThunderbird fixes the following issues:
Update to Mozilla Thunderbird 91.9.1
MFSA 2022-19 (bsc#1199768):
- CVE-2022-1802: Prototype pollution in Top-Level Await implementation
(bmo#1770137).
- CVE-2022-1529: Untrusted input used in JavaScript object indexing,
leading to prototype pollution (bmo#1770048).
Update to Mozilla Thunderbird 91.10
MFSA 2022-22 (bsc#1200027):
- CVE-2022-31736: Cross-Origin resource's length leaked (bmo#1735923)
- CVE-2022-31737: Heap buffer overflow in WebGL (bmo#1743767)
- CVE-2022-31738: Browser window spoof using fullscreen mode (bmo#1756388)
- CVE-2022-31739: Attacker-influenced path traversal when saving
downloaded files (bmo#1765049)
- CVE-2022-31740: Register allocation problem in WASM on arm64
(bmo#1766806)
- CVE-2022-31741: Uninitialized variable leads to invalid memory read
(bmo#1767590)
- CVE-2022-1834: Braille space character caused incorrect sender email to
be shown for a digitally signed email (bmo#1767816)
- CVE-2022-31742: Querying a WebAuthn token with a large number of
allowCredential entries may have leaked cross-origin information
(bmo#1730434)
- CVE-2022-31747: Memory safety bugs fixed in Thunderbird 91.10
(bmo#1760765, bmo#1765610, bmo#1766283, bmo#1767365, bmo#1768559,
bmo#1768734)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2062=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2062=1
- SUSE Linux Enterprise Workstation Extension 15-SP4:
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-2062=1
- SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2062=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2062=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2062=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
MozillaThunderbird-91.10.0-150200.8.73.1
MozillaThunderbird-debuginfo-91.10.0-150200.8.73.1
MozillaThunderbird-debugsource-91.10.0-150200.8.73.1
MozillaThunderbird-translations-common-91.10.0-150200.8.73.1
MozillaThunderbird-translations-other-91.10.0-150200.8.73.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
MozillaThunderbird-91.10.0-150200.8.73.1
MozillaThunderbird-debuginfo-91.10.0-150200.8.73.1
MozillaThunderbird-debugsource-91.10.0-150200.8.73.1
MozillaThunderbird-translations-common-91.10.0-150200.8.73.1
MozillaThunderbird-translations-other-91.10.0-150200.8.73.1
- SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64):
MozillaThunderbird-91.10.0-150200.8.73.1
MozillaThunderbird-debuginfo-91.10.0-150200.8.73.1
MozillaThunderbird-debugsource-91.10.0-150200.8.73.1
MozillaThunderbird-translations-common-91.10.0-150200.8.73.1
MozillaThunderbird-translations-other-91.10.0-150200.8.73.1
- SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
MozillaThunderbird-91.10.0-150200.8.73.1
MozillaThunderbird-debuginfo-91.10.0-150200.8.73.1
MozillaThunderbird-debugsource-91.10.0-150200.8.73.1
MozillaThunderbird-translations-common-91.10.0-150200.8.73.1
MozillaThunderbird-translations-other-91.10.0-150200.8.73.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x):
MozillaThunderbird-91.10.0-150200.8.73.1
MozillaThunderbird-debuginfo-91.10.0-150200.8.73.1
MozillaThunderbird-debugsource-91.10.0-150200.8.73.1
MozillaThunderbird-translations-common-91.10.0-150200.8.73.1
MozillaThunderbird-translations-other-91.10.0-150200.8.73.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x):
MozillaThunderbird-91.10.0-150200.8.73.1
MozillaThunderbird-debuginfo-91.10.0-150200.8.73.1
MozillaThunderbird-debugsource-91.10.0-150200.8.73.1
MozillaThunderbird-translations-common-91.10.0-150200.8.73.1
MozillaThunderbird-translations-other-91.10.0-150200.8.73.1
References:
https://www.suse.com/security/cve/CVE-2022-1529.html
https://www.suse.com/security/cve/CVE-2022-1802.html
https://www.suse.com/security/cve/CVE-2022-1834.html
https://www.suse.com/security/cve/CVE-2022-31736.html
https://www.suse.com/security/cve/CVE-2022-31737.html
https://www.suse.com/security/cve/CVE-2022-31738.html
https://www.suse.com/security/cve/CVE-2022-31739.html
https://www.suse.com/security/cve/CVE-2022-31740.html
https://www.suse.com/security/cve/CVE-2022-31741.html
https://www.suse.com/security/cve/CVE-2022-31742.html
https://www.suse.com/security/cve/CVE-2022-31747.html
https://bugzilla.suse.com/1199768
https://bugzilla.suse.com/1200027
1
0
SUSE-SU-2022:2056-1: important: Security update for u-boot
by opensuse-security@opensuse.org 13 Jun '22
by opensuse-security@opensuse.org 13 Jun '22
13 Jun '22
SUSE Security Update: Security update for u-boot
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2056-1
Rating: important
References: #1200363 #1200364
Cross-References: CVE-2022-30552 CVE-2022-30790
CVSS scores:
CVE-2022-30552 (SUSE): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CVE-2022-30790 (SUSE): 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for u-boot fixes the following issues:
- A large buffer overflow could have lead to a denial of service in the
IP Packet deframentation code. (CVE-2022-30552, bsc#1200363)
- A Hole Descriptor Overwrite could have lead to an arbitrary out of
bounds write primitive. (CVE-2022-30790, bsc#1200364)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2056=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2056=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2056=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2056=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2056=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2056=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2056=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2056=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2056=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2056=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-2056=1
Package List:
- openSUSE Leap 15.4 (aarch64):
u-boot-xilinxzynqmpgeneric-2020.01-150200.10.12.1
u-boot-xilinxzynqmpgeneric-doc-2020.01-150200.10.12.1
- openSUSE Leap 15.3 (aarch64):
u-boot-xilinxzynqmpgeneric-2020.01-150200.10.12.1
u-boot-xilinxzynqmpgeneric-doc-2020.01-150200.10.12.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
u-boot-tools-2020.01-150200.10.12.1
u-boot-tools-debuginfo-2020.01-150200.10.12.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
u-boot-tools-2020.01-150200.10.12.1
u-boot-tools-debuginfo-2020.01-150200.10.12.1
- SUSE Manager Proxy 4.1 (x86_64):
u-boot-tools-2020.01-150200.10.12.1
u-boot-tools-debuginfo-2020.01-150200.10.12.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
u-boot-tools-2020.01-150200.10.12.1
u-boot-tools-debuginfo-2020.01-150200.10.12.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
u-boot-tools-2020.01-150200.10.12.1
u-boot-tools-debuginfo-2020.01-150200.10.12.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64):
u-boot-rpiarm64-2020.01-150200.10.12.1
u-boot-rpiarm64-doc-2020.01-150200.10.12.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
u-boot-tools-2020.01-150200.10.12.1
u-boot-tools-debuginfo-2020.01-150200.10.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
u-boot-tools-2020.01-150200.10.12.1
u-boot-tools-debuginfo-2020.01-150200.10.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64):
u-boot-rpiarm64-2020.01-150200.10.12.1
u-boot-rpiarm64-doc-2020.01-150200.10.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
u-boot-tools-2020.01-150200.10.12.1
u-boot-tools-debuginfo-2020.01-150200.10.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64):
u-boot-rpiarm64-2020.01-150200.10.12.1
u-boot-rpiarm64-doc-2020.01-150200.10.12.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
u-boot-tools-2020.01-150200.10.12.1
u-boot-tools-debuginfo-2020.01-150200.10.12.1
- SUSE Enterprise Storage 7 (aarch64):
u-boot-rpiarm64-2020.01-150200.10.12.1
u-boot-rpiarm64-doc-2020.01-150200.10.12.1
References:
https://www.suse.com/security/cve/CVE-2022-30552.html
https://www.suse.com/security/cve/CVE-2022-30790.html
https://bugzilla.suse.com/1200363
https://bugzilla.suse.com/1200364
1
0
SUSE-SU-2022:2047-1: moderate: Security update for netty3
by opensuse-security@opensuse.org 13 Jun '22
by opensuse-security@opensuse.org 13 Jun '22
13 Jun '22
SUSE Security Update: Security update for netty3
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2047-1
Rating: moderate
References: #1193672 #1197787
Cross-References: CVE-2021-43797
CVSS scores:
CVE-2021-43797 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2021-43797 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for netty3 fixes the following issues:
- CVE-2021-43797: Fixed a potential HTTP request smuggling issue due to
insufficient validation against control characters (bsc#1193672).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2047=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2047=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2047=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2047=1
Package List:
- openSUSE Leap 15.4 (noarch):
netty3-3.10.6-150200.3.3.2
netty3-javadoc-3.10.6-150200.3.3.2
- openSUSE Leap 15.3 (noarch):
netty3-3.10.6-150200.3.3.2
netty3-javadoc-3.10.6-150200.3.3.2
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch):
netty3-3.10.6-150200.3.3.2
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):
netty3-3.10.6-150200.3.3.2
References:
https://www.suse.com/security/cve/CVE-2021-43797.html
https://bugzilla.suse.com/1193672
https://bugzilla.suse.com/1197787
1
0
SUSE-SU-2022:2053-1: important: Security update for u-boot
by opensuse-security@opensuse.org 13 Jun '22
by opensuse-security@opensuse.org 13 Jun '22
13 Jun '22
SUSE Security Update: Security update for u-boot
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2053-1
Rating: important
References: #1199623 #1200363 #1200364
Cross-References: CVE-2022-30552 CVE-2022-30767 CVE-2022-30790
CVSS scores:
CVE-2022-30552 (SUSE): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CVE-2022-30767 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-30767 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2022-30790 (SUSE): 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for u-boot fixes the following issues:
- CVE-2022-30552: A large buffer overflow could have lead to a denial of
service in the IP Packet deframentation code. (bsc#1200363)
- CVE-2022-30790: A Hole Descriptor Overwrite could have lead to an
arbitrary out of bounds write primitive. (bsc#1200364)
- CVE-2022-30767: Fixed an unbounded memcpy with a failed length check
leading to a buffer overflow (bsc#1199623).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2053=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2053=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
u-boot-tools-2021.01-150300.7.12.1
u-boot-tools-debuginfo-2021.01-150300.7.12.1
- openSUSE Leap 15.3 (aarch64):
u-boot-avnetultra96rev1-2021.01-150300.7.12.1
u-boot-avnetultra96rev1-doc-2021.01-150300.7.12.1
u-boot-bananapim64-2021.01-150300.7.12.1
u-boot-bananapim64-doc-2021.01-150300.7.12.1
u-boot-dragonboard410c-2021.01-150300.7.12.1
u-boot-dragonboard410c-doc-2021.01-150300.7.12.1
u-boot-dragonboard820c-2021.01-150300.7.12.1
u-boot-dragonboard820c-doc-2021.01-150300.7.12.1
u-boot-evb-rk3399-2021.01-150300.7.12.1
u-boot-evb-rk3399-doc-2021.01-150300.7.12.1
u-boot-firefly-rk3399-2021.01-150300.7.12.1
u-boot-firefly-rk3399-doc-2021.01-150300.7.12.1
u-boot-geekbox-2021.01-150300.7.12.1
u-boot-geekbox-doc-2021.01-150300.7.12.1
u-boot-hikey-2021.01-150300.7.12.1
u-boot-hikey-doc-2021.01-150300.7.12.1
u-boot-khadas-vim-2021.01-150300.7.12.1
u-boot-khadas-vim-doc-2021.01-150300.7.12.1
u-boot-khadas-vim2-2021.01-150300.7.12.1
u-boot-khadas-vim2-doc-2021.01-150300.7.12.1
u-boot-libretech-ac-2021.01-150300.7.12.1
u-boot-libretech-ac-doc-2021.01-150300.7.12.1
u-boot-libretech-cc-2021.01-150300.7.12.1
u-boot-libretech-cc-doc-2021.01-150300.7.12.1
u-boot-ls1012afrdmqspi-2021.01-150300.7.12.1
u-boot-ls1012afrdmqspi-doc-2021.01-150300.7.12.1
u-boot-mvebudb-88f3720-2021.01-150300.7.12.1
u-boot-mvebudb-88f3720-doc-2021.01-150300.7.12.1
u-boot-mvebudbarmada8k-2021.01-150300.7.12.1
u-boot-mvebudbarmada8k-doc-2021.01-150300.7.12.1
u-boot-mvebuespressobin-88f3720-2021.01-150300.7.12.1
u-boot-mvebuespressobin-88f3720-doc-2021.01-150300.7.12.1
u-boot-mvebumcbin-88f8040-2021.01-150300.7.12.1
u-boot-mvebumcbin-88f8040-doc-2021.01-150300.7.12.1
u-boot-nanopia64-2021.01-150300.7.12.1
u-boot-nanopia64-doc-2021.01-150300.7.12.1
u-boot-odroid-c2-2021.01-150300.7.12.1
u-boot-odroid-c2-doc-2021.01-150300.7.12.1
u-boot-odroid-c4-2021.01-150300.7.12.1
u-boot-odroid-c4-doc-2021.01-150300.7.12.1
u-boot-odroid-n2-2021.01-150300.7.12.1
u-boot-odroid-n2-doc-2021.01-150300.7.12.1
u-boot-orangepipc2-2021.01-150300.7.12.1
u-boot-orangepipc2-doc-2021.01-150300.7.12.1
u-boot-p2371-2180-2021.01-150300.7.12.1
u-boot-p2371-2180-doc-2021.01-150300.7.12.1
u-boot-p2771-0000-500-2021.01-150300.7.12.1
u-boot-p2771-0000-500-doc-2021.01-150300.7.12.1
u-boot-p3450-0000-2021.01-150300.7.12.1
u-boot-p3450-0000-doc-2021.01-150300.7.12.1
u-boot-pine64plus-2021.01-150300.7.12.1
u-boot-pine64plus-doc-2021.01-150300.7.12.1
u-boot-pinebook-2021.01-150300.7.12.1
u-boot-pinebook-doc-2021.01-150300.7.12.1
u-boot-pinebook-pro-rk3399-2021.01-150300.7.12.1
u-boot-pinebook-pro-rk3399-doc-2021.01-150300.7.12.1
u-boot-pineh64-2021.01-150300.7.12.1
u-boot-pineh64-doc-2021.01-150300.7.12.1
u-boot-pinephone-2021.01-150300.7.12.1
u-boot-pinephone-doc-2021.01-150300.7.12.1
u-boot-poplar-2021.01-150300.7.12.1
u-boot-poplar-doc-2021.01-150300.7.12.1
u-boot-rock-pi-4-rk3399-2021.01-150300.7.12.1
u-boot-rock-pi-4-rk3399-doc-2021.01-150300.7.12.1
u-boot-rock64-rk3328-2021.01-150300.7.12.1
u-boot-rock64-rk3328-doc-2021.01-150300.7.12.1
u-boot-rock960-rk3399-2021.01-150300.7.12.1
u-boot-rock960-rk3399-doc-2021.01-150300.7.12.1
u-boot-rockpro64-rk3399-2021.01-150300.7.12.1
u-boot-rockpro64-rk3399-doc-2021.01-150300.7.12.1
u-boot-rpi3-2021.01-150300.7.12.1
u-boot-rpi3-doc-2021.01-150300.7.12.1
u-boot-rpi4-2021.01-150300.7.12.1
u-boot-rpi4-doc-2021.01-150300.7.12.1
u-boot-rpiarm64-2021.01-150300.7.12.1
u-boot-rpiarm64-doc-2021.01-150300.7.12.1
u-boot-xilinxzynqmpvirt-2021.01-150300.7.12.1
u-boot-xilinxzynqmpvirt-doc-2021.01-150300.7.12.1
u-boot-xilinxzynqmpzcu102rev10-2021.01-150300.7.12.1
u-boot-xilinxzynqmpzcu102rev10-doc-2021.01-150300.7.12.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
u-boot-tools-2021.01-150300.7.12.1
u-boot-tools-debuginfo-2021.01-150300.7.12.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64):
u-boot-rpiarm64-2021.01-150300.7.12.1
u-boot-rpiarm64-doc-2021.01-150300.7.12.1
References:
https://www.suse.com/security/cve/CVE-2022-30552.html
https://www.suse.com/security/cve/CVE-2022-30767.html
https://www.suse.com/security/cve/CVE-2022-30790.html
https://bugzilla.suse.com/1199623
https://bugzilla.suse.com/1200363
https://bugzilla.suse.com/1200364
1
0
SUSE-SU-2022:2044-1: important: Security update for google-gson
by opensuse-security@opensuse.org 10 Jun '22
by opensuse-security@opensuse.org 10 Jun '22
10 Jun '22
SUSE Security Update: Security update for google-gson
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2044-1
Rating: important
References: #1199064 SLE-24261
Cross-References: CVE-2022-25647
CVSS scores:
CVE-2022-25647 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-25647 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Module for SUSE Manager Server 4.2
SUSE Linux Enterprise Module for SUSE Manager Server 4.3
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability, contains one
feature is now available.
Description:
This update for google-gson fixes the following issues:
- CVE-2022-25647: Fixed deserialization of untrusted data (bsc#1199064).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2044=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2044=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2044=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2044=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2044=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2044=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2044=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2044=1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-2044=1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-2044=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2044=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2044=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2044=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2044=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-2044=1
Package List:
- openSUSE Leap 15.4 (noarch):
google-gson-2.8.9-150200.3.6.3
google-gson-javadoc-2.8.9-150200.3.6.3
- openSUSE Leap 15.3 (noarch):
google-gson-2.8.9-150200.3.6.3
google-gson-javadoc-2.8.9-150200.3.6.3
- SUSE Manager Server 4.1 (noarch):
google-gson-2.8.9-150200.3.6.3
- SUSE Manager Retail Branch Server 4.1 (noarch):
google-gson-2.8.9-150200.3.6.3
- SUSE Manager Proxy 4.1 (noarch):
google-gson-2.8.9-150200.3.6.3
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
google-gson-2.8.9-150200.3.6.3
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
google-gson-2.8.9-150200.3.6.3
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
google-gson-2.8.9-150200.3.6.3
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch):
google-gson-2.8.9-150200.3.6.3
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch):
google-gson-2.8.9-150200.3.6.3
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch):
google-gson-2.8.9-150200.3.6.3
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):
google-gson-2.8.9-150200.3.6.3
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
google-gson-2.8.9-150200.3.6.3
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
google-gson-2.8.9-150200.3.6.3
- SUSE Enterprise Storage 7 (noarch):
google-gson-2.8.9-150200.3.6.3
References:
https://www.suse.com/security/cve/CVE-2022-25647.html
https://bugzilla.suse.com/1199064
1
0