openSUSE Security Announce
Threads by month
- ----- 2024 -----
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
June 2022
- 1 participants
- 64 discussions
SUSE-SU-2022:2173-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 24 Jun '22
by opensuse-security@opensuse.org 24 Jun '22
24 Jun '22
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2173-1
Rating: important
References: #1177282 #1199365 #1200015 #1200143 #1200144
#1200206 #1200207 #1200249 #1200259 #1200263
#1200268 #1200529
Cross-References: CVE-2020-26541 CVE-2022-1966 CVE-2022-1974
CVE-2022-1975
CVSS scores:
CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CVE-2022-1966 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Availability 15-SP3
SUSE Linux Enterprise High Performance Computing
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Legacy Software 15-SP3
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Server
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves four vulnerabilities and has 8 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem.
This flaw allowed a local attacker with user access to cause a privilege
escalation issue. (bnc#1200015)
- CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash
linux kernel by simulating nfc device from user-space. (bsc#1200143)
- CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by
simulating an nfc device from user-space. (bsc#1200144)
- CVE-2020-26541: Enforce the secure boot forbidden signature database
(aka dbx) protection mechanism. (bnc#1177282)
- The following non-security bugs were fixed:
- ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default
(git-fixes).
- ACPI: sysfs: Fix BERT error region memory mapping (git-fixes).
- ACPI: sysfs: Make sparse happy about address space in use (git-fixes).
- ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes).
- ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes).
- ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes).
- ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes).
- ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes).
- ASoC: dapm: Do not fold register value changes into notifications
(git-fixes).
- ASoC: max98357a: remove dependency on GPIOLIB (git-fixes).
- ASoC: rt5645: Fix errorenous cleanup order (git-fixes).
- ASoC: tscs454: Add endianness flag in snd_soc_component_driver
(git-fixes).
- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes).
- ath9k: fix QCA9561 PA bias level (git-fixes).
- b43: Fix assigning negative value to unsigned variable (git-fixes).
- b43legacy: Fix assigning negative value to unsigned variable (git-fixes).
- blk-mq: fix tag_get wait task can't be awakened (bsc#1200263).
- blk-mq: Fix wrong wakeup batch configuration which will cause hang
(bsc#1200263).
- block: fix bio_clone_blkg_association() to associate with proper
blkcg_gq (bsc#1200259).
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- cfg80211: set custom regdomain after wiphy registration (git-fixes).
- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
(git-fixes).
- clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes).
- dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes).
- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type
(git-fixes).
- drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI
controllers (git-fixes).
- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
(git-fixes).
- drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop()
(git-fixes).
- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes).
- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes).
- drm: imx: fix compiler warning with gcc-12 (git-fixes).
- drm: msm: fix error check return value of irq_of_parse_and_map()
(git-fixes).
- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes).
- drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes).
- drm/amdgpu/ucode: Remove firmware load type check in
amdgpu_ucode_free_bo (git-fixes).
- drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes).
- drm/bridge: analogix_dp: Support PSR-exit to disable transition
(git-fixes).
- drm/i915: Fix -Wstringop-overflow warning in call to
intel_read_wm_latency() (git-fixes).
- drm/i915: fix i915_globals_exit() section mismatch error (git-fixes).
- drm/komeda: return early if drm_universal_plane_init() fails (git-fixes).
- drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes).
- drm/plane: Move range check for format_count earlier (git-fixes).
- drm/radeon: fix a possible null pointer dereference (git-fixes).
- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
(git-fixes).
- efi: Add missing prototype for efi_capsule_setup_info (git-fixes).
- efi: Do not import certificates from UEFI Secure Boot for T2 Macs
(git-fixes).
- fbcon: Consistently protect deferred_takeover with console_lock()
(git-fixes).
- ftrace: Clean up hash direct_functions on register failures (git-fixes).
- HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes).
- HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes).
- hwmon: Make chip parameter for with_info API mandatory (git-fixes).
- i2c: cadence: Increase timeout per message if necessary (git-fixes).
- i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes).
- iio: dummy: iio_simple_dummy: check the return value of kstrdup()
(git-fixes).
- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
(git-fixes).
- Input: goodix - fix spurious key release events (git-fixes).
- ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes).
- irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes).
- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on
A375, A38x, A39x (git-fixes).
- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
(git-fixes).
- irqchip/exiu: Fix acknowledgment of edge triggered interrupts
(git-fixes).
- iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes).
- KVM: fix wrong exception emulation in check_rdtsc (git-fixes).
- KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT
(git-fixes).
- KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use
(git-fixes).
- KVM: nVMX: Set LDTR to its architecturally defined value on nested
VM-Exit (git-fixes).
- KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter
(git-fixes).
- KVM: s390: pv: add macros for UVC CC values (git-fixes).
- KVM: s390: pv: avoid double free of sida page (git-fixes).
- KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes).
- KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes).
- KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes).
- KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation
(git-fixes).
- KVM: x86: clflushopt should be treated as a no-op by emulation
(git-fixes).
- KVM: x86: Do not force set BSP bit when local APIC is managed by
userspace (git-fixes).
- KVM: x86: Fix emulation in writing cr8 (git-fixes).
- KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
(git-fixes).
- KVM: x86: Immediately reset the MMU context when the SMM flag is cleared
(git-fixes).
- KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode
(git-fixes).
- KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes).
- KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP
(git-fixes).
- KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes).
- KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes).
- KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural
PMU (git-fixes).
- KVM: x86/emulator: Defer not-present segment check in
__load_segment_descriptor() (git-fixes).
- KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in
intel_arch_events[] (git-fixes).
- mac80211: upgrade passive scan to active scan on DFS channels after
beacon rx (git-fixes).
- md: fix an incorrect NULL check in does_sb_need_changing (git-fixes).
- md: fix an incorrect NULL check in md_reload_sb (git-fixes).
- media: cx25821: Fix the warning when removing the module (git-fixes).
- media: netup_unidvb: Do not leak SPI master in probe error path
(git-fixes).
- media: pci: cx23885: Fix the error handling in cx23885_initdev()
(git-fixes).
- media: venus: hfi: avoid null dereference in deinit (git-fixes).
- misc: rtsx: set NULL intfdata when probe fails (git-fixes).
- mmc: block: Fix CQE recovery reset success (git-fixes).
- mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes).
- modpost: fix removing numeric suffixes (git-fixes).
- modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes).
- mt76: check return value of mt76_txq_send_burst in
mt76_txq_schedule_list (git-fixes).
- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
(git-fixes).
- net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes).
- nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION
(git-fixes).
- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
(git-fixes).
- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes).
- NFS: Do not report ENOSPC write errors twice (git-fixes).
- nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes).
- PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA
topology (bsc#1199365).
- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes).
- pinctrl: sunxi: fix f1c100s uart2 function (git-fixes).
- platform/chrome: cros_ec_proto: Send command again when timeout occurs
(git-fixes).
- platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes).
- platform/x86: wmi: Replace read_takes_no_args with a flags field
(git-fixes).
- devfreq: rk3399_dmc: Disable edev on remove() (git-fixes).
- raid5: introduce MD_BROKEN (git-fixes).
- rtl818x: Prevent using not initialized queues (git-fixes).
- rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes).
- s390: fix detection of vector enhancements facility 1 vs. vector packed
decimal facility (git-fixes).
- s390: fix strrchr() implementation (git-fixes).
- s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes).
- s390/cio: Fix the "type" field in s390_cio_tpi tracepoint (git-fixes).
- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes).
- s390/ctcm: fix potential memory leak (git-fixes).
- s390/ctcm: fix variable dereferenced before check (git-fixes).
- s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454).
- s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455).
- s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206
LTC#198455).
- s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207
LTC#198454).
- s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes).
- s390/lcs: fix variable dereferenced before check (git-fixes).
- s390/mcck: fix invalid KVM guest condition check (git-fixes).
- s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag
(git-fixes).
- s390/nmi: handle guarded storage validity failures for KVM guests
(git-fixes).
- s390/nmi: handle vector validity failures for KVM guests (git-fixes).
- s390/pv: fix the forcing of the swiotlb (git-fixes).
- s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).
- s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes).
- s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks
(git-fixes).
- serial: msm_serial: disable interrupts in __msm_console_write()
(git-fixes).
- spi: Introduce device-managed SPI controller allocation (git-fixes).
- spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA
direction (git-fixes).
- spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes).
- staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes).
- staging: rtl8712: fix uninit-value in usb_read8() and friends
(git-fixes).
- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator
(git-fixes).
- tty: Fix a possible resource leak in icom_probe (git-fixes).
- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
(git-fixes).
- usb: core: hcd: Add support for deferring roothub registration
(git-fixes).
- usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes).
- usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes).
- usb: host: isp116x: check return value after calling
platform_get_resource() (git-fixes).
- usb: new quirk for Dell Gen 2 devices (git-fixes).
- usb: serial: option: add Quectel BG95 modem (git-fixes).
- vfio-ccw: Check initialized flag in cp_init() (git-fixes).
- vfio/ccw: Remove unneeded GFP_DMA (git-fixes).
- video: fbdev: pxa3xx-gcu: release the resources correctly in
pxa3xx_gcu_probe/remove() (git-fixes).
- virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes).
- vringh: Fix loop descriptors check in the indirect cases (git-fixes).
- watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2173=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2173=1
- SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2173=1
- SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2173=1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2173=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2173=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2173=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2173=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2173=1
- SUSE Linux Enterprise High Availability 15-SP3:
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2173=1
Package List:
- openSUSE Leap 15.4 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-150300.59.76.1
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
dlm-kmp-preempt-5.3.18-150300.59.76.1
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
gfs2-kmp-preempt-5.3.18-150300.59.76.1
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
kernel-preempt-5.3.18-150300.59.76.1
kernel-preempt-debuginfo-5.3.18-150300.59.76.1
kernel-preempt-debugsource-5.3.18-150300.59.76.1
kernel-preempt-devel-5.3.18-150300.59.76.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.76.1
kernel-preempt-extra-5.3.18-150300.59.76.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.76.1
kernel-preempt-livepatch-devel-5.3.18-150300.59.76.1
kernel-preempt-optional-5.3.18-150300.59.76.1
kernel-preempt-optional-debuginfo-5.3.18-150300.59.76.1
kselftests-kmp-preempt-5.3.18-150300.59.76.1
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
ocfs2-kmp-preempt-5.3.18-150300.59.76.1
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
reiserfs-kmp-preempt-5.3.18-150300.59.76.1
reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
- openSUSE Leap 15.4 (aarch64):
dtb-al-5.3.18-150300.59.76.1
dtb-zte-5.3.18-150300.59.76.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-150300.59.76.1
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.76.1
dlm-kmp-default-5.3.18-150300.59.76.1
dlm-kmp-default-debuginfo-5.3.18-150300.59.76.1
gfs2-kmp-default-5.3.18-150300.59.76.1
gfs2-kmp-default-debuginfo-5.3.18-150300.59.76.1
kernel-default-5.3.18-150300.59.76.1
kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2
kernel-default-base-rebuild-5.3.18-150300.59.76.1.150300.18.45.2
kernel-default-debuginfo-5.3.18-150300.59.76.1
kernel-default-debugsource-5.3.18-150300.59.76.1
kernel-default-devel-5.3.18-150300.59.76.1
kernel-default-devel-debuginfo-5.3.18-150300.59.76.1
kernel-default-extra-5.3.18-150300.59.76.1
kernel-default-extra-debuginfo-5.3.18-150300.59.76.1
kernel-default-livepatch-5.3.18-150300.59.76.1
kernel-default-livepatch-devel-5.3.18-150300.59.76.1
kernel-default-optional-5.3.18-150300.59.76.1
kernel-default-optional-debuginfo-5.3.18-150300.59.76.1
kernel-obs-build-5.3.18-150300.59.76.1
kernel-obs-build-debugsource-5.3.18-150300.59.76.1
kernel-obs-qa-5.3.18-150300.59.76.1
kernel-syms-5.3.18-150300.59.76.1
kselftests-kmp-default-5.3.18-150300.59.76.1
kselftests-kmp-default-debuginfo-5.3.18-150300.59.76.1
ocfs2-kmp-default-5.3.18-150300.59.76.1
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.76.1
reiserfs-kmp-default-5.3.18-150300.59.76.1
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.76.1
- openSUSE Leap 15.3 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-150300.59.76.1
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
dlm-kmp-preempt-5.3.18-150300.59.76.1
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
gfs2-kmp-preempt-5.3.18-150300.59.76.1
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
kernel-preempt-5.3.18-150300.59.76.1
kernel-preempt-debuginfo-5.3.18-150300.59.76.1
kernel-preempt-debugsource-5.3.18-150300.59.76.1
kernel-preempt-devel-5.3.18-150300.59.76.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.76.1
kernel-preempt-extra-5.3.18-150300.59.76.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.76.1
kernel-preempt-livepatch-devel-5.3.18-150300.59.76.1
kernel-preempt-optional-5.3.18-150300.59.76.1
kernel-preempt-optional-debuginfo-5.3.18-150300.59.76.1
kselftests-kmp-preempt-5.3.18-150300.59.76.1
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
ocfs2-kmp-preempt-5.3.18-150300.59.76.1
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
reiserfs-kmp-preempt-5.3.18-150300.59.76.1
reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
- openSUSE Leap 15.3 (ppc64le x86_64):
kernel-debug-5.3.18-150300.59.76.1
kernel-debug-debuginfo-5.3.18-150300.59.76.1
kernel-debug-debugsource-5.3.18-150300.59.76.1
kernel-debug-devel-5.3.18-150300.59.76.1
kernel-debug-devel-debuginfo-5.3.18-150300.59.76.1
kernel-debug-livepatch-devel-5.3.18-150300.59.76.1
kernel-kvmsmall-5.3.18-150300.59.76.1
kernel-kvmsmall-debuginfo-5.3.18-150300.59.76.1
kernel-kvmsmall-debugsource-5.3.18-150300.59.76.1
kernel-kvmsmall-devel-5.3.18-150300.59.76.1
kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.76.1
kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.76.1
- openSUSE Leap 15.3 (aarch64):
cluster-md-kmp-64kb-5.3.18-150300.59.76.1
cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.76.1
dlm-kmp-64kb-5.3.18-150300.59.76.1
dlm-kmp-64kb-debuginfo-5.3.18-150300.59.76.1
dtb-al-5.3.18-150300.59.76.1
dtb-allwinner-5.3.18-150300.59.76.1
dtb-altera-5.3.18-150300.59.76.1
dtb-amd-5.3.18-150300.59.76.1
dtb-amlogic-5.3.18-150300.59.76.1
dtb-apm-5.3.18-150300.59.76.1
dtb-arm-5.3.18-150300.59.76.1
dtb-broadcom-5.3.18-150300.59.76.1
dtb-cavium-5.3.18-150300.59.76.1
dtb-exynos-5.3.18-150300.59.76.1
dtb-freescale-5.3.18-150300.59.76.1
dtb-hisilicon-5.3.18-150300.59.76.1
dtb-lg-5.3.18-150300.59.76.1
dtb-marvell-5.3.18-150300.59.76.1
dtb-mediatek-5.3.18-150300.59.76.1
dtb-nvidia-5.3.18-150300.59.76.1
dtb-qcom-5.3.18-150300.59.76.1
dtb-renesas-5.3.18-150300.59.76.1
dtb-rockchip-5.3.18-150300.59.76.1
dtb-socionext-5.3.18-150300.59.76.1
dtb-sprd-5.3.18-150300.59.76.1
dtb-xilinx-5.3.18-150300.59.76.1
dtb-zte-5.3.18-150300.59.76.1
gfs2-kmp-64kb-5.3.18-150300.59.76.1
gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.76.1
kernel-64kb-5.3.18-150300.59.76.1
kernel-64kb-debuginfo-5.3.18-150300.59.76.1
kernel-64kb-debugsource-5.3.18-150300.59.76.1
kernel-64kb-devel-5.3.18-150300.59.76.1
kernel-64kb-devel-debuginfo-5.3.18-150300.59.76.1
kernel-64kb-extra-5.3.18-150300.59.76.1
kernel-64kb-extra-debuginfo-5.3.18-150300.59.76.1
kernel-64kb-livepatch-devel-5.3.18-150300.59.76.1
kernel-64kb-optional-5.3.18-150300.59.76.1
kernel-64kb-optional-debuginfo-5.3.18-150300.59.76.1
kselftests-kmp-64kb-5.3.18-150300.59.76.1
kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.76.1
ocfs2-kmp-64kb-5.3.18-150300.59.76.1
ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.76.1
reiserfs-kmp-64kb-5.3.18-150300.59.76.1
reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.76.1
- openSUSE Leap 15.3 (noarch):
kernel-devel-5.3.18-150300.59.76.1
kernel-docs-5.3.18-150300.59.76.1
kernel-docs-html-5.3.18-150300.59.76.1
kernel-macros-5.3.18-150300.59.76.1
kernel-source-5.3.18-150300.59.76.1
kernel-source-vanilla-5.3.18-150300.59.76.1
- openSUSE Leap 15.3 (s390x):
kernel-zfcpdump-5.3.18-150300.59.76.1
kernel-zfcpdump-debuginfo-5.3.18-150300.59.76.1
kernel-zfcpdump-debugsource-5.3.18-150300.59.76.1
- SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
kernel-default-debuginfo-5.3.18-150300.59.76.1
kernel-default-debugsource-5.3.18-150300.59.76.1
kernel-default-extra-5.3.18-150300.59.76.1
kernel-default-extra-debuginfo-5.3.18-150300.59.76.1
kernel-preempt-debuginfo-5.3.18-150300.59.76.1
kernel-preempt-debugsource-5.3.18-150300.59.76.1
kernel-preempt-extra-5.3.18-150300.59.76.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.76.1
- SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):
kernel-default-debuginfo-5.3.18-150300.59.76.1
kernel-default-debugsource-5.3.18-150300.59.76.1
kernel-default-livepatch-5.3.18-150300.59.76.1
kernel-default-livepatch-devel-5.3.18-150300.59.76.1
kernel-livepatch-5_3_18-150300_59_76-default-1-150300.7.5.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-default-debuginfo-5.3.18-150300.59.76.1
kernel-default-debugsource-5.3.18-150300.59.76.1
reiserfs-kmp-default-5.3.18-150300.59.76.1
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.76.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-5.3.18-150300.59.76.1
kernel-obs-build-debugsource-5.3.18-150300.59.76.1
kernel-syms-5.3.18-150300.59.76.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):
kernel-preempt-debuginfo-5.3.18-150300.59.76.1
kernel-preempt-debugsource-5.3.18-150300.59.76.1
kernel-preempt-devel-5.3.18-150300.59.76.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.76.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):
kernel-docs-5.3.18-150300.59.76.1
kernel-source-5.3.18-150300.59.76.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-default-5.3.18-150300.59.76.1
kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2
kernel-default-debuginfo-5.3.18-150300.59.76.1
kernel-default-debugsource-5.3.18-150300.59.76.1
kernel-default-devel-5.3.18-150300.59.76.1
kernel-default-devel-debuginfo-5.3.18-150300.59.76.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):
kernel-preempt-5.3.18-150300.59.76.1
kernel-preempt-debuginfo-5.3.18-150300.59.76.1
kernel-preempt-debugsource-5.3.18-150300.59.76.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64):
kernel-64kb-5.3.18-150300.59.76.1
kernel-64kb-debuginfo-5.3.18-150300.59.76.1
kernel-64kb-debugsource-5.3.18-150300.59.76.1
kernel-64kb-devel-5.3.18-150300.59.76.1
kernel-64kb-devel-debuginfo-5.3.18-150300.59.76.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
kernel-devel-5.3.18-150300.59.76.1
kernel-macros-5.3.18-150300.59.76.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x):
kernel-zfcpdump-5.3.18-150300.59.76.1
kernel-zfcpdump-debuginfo-5.3.18-150300.59.76.1
kernel-zfcpdump-debugsource-5.3.18-150300.59.76.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
kernel-default-5.3.18-150300.59.76.1
kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2
kernel-default-debuginfo-5.3.18-150300.59.76.1
kernel-default-debugsource-5.3.18-150300.59.76.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
kernel-default-5.3.18-150300.59.76.1
kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2
kernel-default-debuginfo-5.3.18-150300.59.76.1
kernel-default-debugsource-5.3.18-150300.59.76.1
- SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-150300.59.76.1
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.76.1
dlm-kmp-default-5.3.18-150300.59.76.1
dlm-kmp-default-debuginfo-5.3.18-150300.59.76.1
gfs2-kmp-default-5.3.18-150300.59.76.1
gfs2-kmp-default-debuginfo-5.3.18-150300.59.76.1
kernel-default-debuginfo-5.3.18-150300.59.76.1
kernel-default-debugsource-5.3.18-150300.59.76.1
ocfs2-kmp-default-5.3.18-150300.59.76.1
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.76.1
References:
https://www.suse.com/security/cve/CVE-2020-26541.html
https://www.suse.com/security/cve/CVE-2022-1966.html
https://www.suse.com/security/cve/CVE-2022-1974.html
https://www.suse.com/security/cve/CVE-2022-1975.html
https://bugzilla.suse.com/1177282
https://bugzilla.suse.com/1199365
https://bugzilla.suse.com/1200015
https://bugzilla.suse.com/1200143
https://bugzilla.suse.com/1200144
https://bugzilla.suse.com/1200206
https://bugzilla.suse.com/1200207
https://bugzilla.suse.com/1200249
https://bugzilla.suse.com/1200259
https://bugzilla.suse.com/1200263
https://bugzilla.suse.com/1200268
https://bugzilla.suse.com/1200529
1
0
SUSE-SU-2022:2172-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 24 Jun '22
by opensuse-security@opensuse.org 24 Jun '22
24 Jun '22
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2172-1
Rating: important
References: #1177282 #1184924 #1198924 #1199365 #1199482
#1200015 #1200143 #1200144 #1200206 #1200207
#1200249 #1200259 #1200263 #1200343 #1200494
#1200529 #1200604
Cross-References: CVE-2020-26541 CVE-2022-1012 CVE-2022-1966
CVE-2022-1974 CVE-2022-1975 CVE-2022-20141
CVE-2022-32250
CVSS scores:
CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CVE-2022-1012 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
CVE-2022-1966 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-32250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-32250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Public Cloud 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves 7 vulnerabilities and has 10 fixes is
now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-1012: Fixed a small table perturb size in the TCP source port
generation algorithm which could leads to information leak.
(bsc#1199482).
- CVE-2022-20141: Fixed an use after free due to improper locking. This
bug could lead to local escalation of privilege when opening and closing
inet sockets with no additional execution privileges needed.
(bnc#1200604)
- CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem.
This flaw allowed a local attacker with user access to cause a privilege
escalation issue. (bnc#1200015)
- CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash
linux kernel by simulating nfc device from user-space. (bsc#1200143)
- CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by
simulating an nfc device from user-space. (bsc#1200144)
- CVE-2020-26541: Enforce the secure boot forbidden signature database
(aka dbx) protection mechanism. (bnc#1177282)
The following non-security bugs were fixed:
- ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default
(git-fixes).
- ACPI: sysfs: Fix BERT error region memory mapping (git-fixes).
- ACPI: sysfs: Make sparse happy about address space in use (git-fixes).
- ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes).
- ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes).
- ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes).
- ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes).
- ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes).
- arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399
(git-fixes)
- ASoC: dapm: Do not fold register value changes into notifications
(git-fixes).
- ASoC: max98357a: remove dependency on GPIOLIB (git-fixes).
- ASoC: rt5645: Fix errorenous cleanup order (git-fixes).
- ASoC: tscs454: Add endianness flag in snd_soc_component_driver
(git-fixes).
- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes).
- ath9k: fix QCA9561 PA bias level (git-fixes).
- b43: Fix assigning negative value to unsigned variable (git-fixes).
- b43legacy: Fix assigning negative value to unsigned variable (git-fixes).
- blk-mq: fix tag_get wait task can't be awakened (bsc#1200263).
- blk-mq: Fix wrong wakeup batch configuration which will cause hang
(bsc#1200263).
- block: fix bio_clone_blkg_association() to associate with proper
blkcg_gq (bsc#1200259).
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- certs/blacklist_hashes.c: fix const confusion in certs blacklist
(git-fixes).
- cfg80211: set custom regdomain after wiphy registration (git-fixes).
- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
(git-fixes).
- clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes).
- dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes).
- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type
(git-fixes).
- drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI
controllers (git-fixes).
- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
(git-fixes).
- drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop()
(git-fixes).
- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes).
- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes).
- drm: imx: fix compiler warning with gcc-12 (git-fixes).
- drm: msm: fix error check return value of irq_of_parse_and_map()
(git-fixes).
- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes).
- drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes).
- drm/amdgpu/ucode: Remove firmware load type check in
amdgpu_ucode_free_bo (git-fixes).
- drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes).
- drm/bridge: analogix_dp: Support PSR-exit to disable transition
(git-fixes).
- drm/i915: Fix -Wstringop-overflow warning in call to
intel_read_wm_latency() (git-fixes).
- drm/i915: fix i915_globals_exit() section mismatch error (git-fixes).
- drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924).
- drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes).
- drm/komeda: return early if drm_universal_plane_init() fails (git-fixes).
- drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes).
- drm/plane: Move range check for format_count earlier (git-fixes).
- drm/radeon: fix a possible null pointer dereference (git-fixes).
- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
(git-fixes).
- efi: Add missing prototype for efi_capsule_setup_info (git-fixes).
- efi: Do not import certificates from UEFI Secure Boot for T2 Macs
(git-fixes).
- fbcon: Consistently protect deferred_takeover with console_lock()
(git-fixes).
- ftrace: Clean up hash direct_functions on register failures (git-fixes).
- HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes).
- HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes).
- hwmon: Make chip parameter for with_info API mandatory (git-fixes).
- i2c: cadence: Increase timeout per message if necessary (git-fixes).
- i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes).
- iio: dummy: iio_simple_dummy: check the return value of kstrdup()
(git-fixes).
- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
(git-fixes).
- Input: goodix - fix spurious key release events (git-fixes).
- ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes).
- irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes).
- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on
A375, A38x, A39x (git-fixes).
- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
(git-fixes).
- irqchip/exiu: Fix acknowledgment of edge triggered interrupts
(git-fixes).
- iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes).
- KVM: fix wrong exception emulation in check_rdtsc (git-fixes).
- KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT
(git-fixes).
- KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use
(git-fixes).
- KVM: nVMX: Set LDTR to its architecturally defined value on nested
VM-Exit (git-fixes).
- KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter
(git-fixes).
- KVM: s390: pv: add macros for UVC CC values (git-fixes).
- KVM: s390: pv: avoid double free of sida page (git-fixes).
- KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes).
- KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes).
- KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes).
- KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation
(git-fixes).
- KVM: x86: clflushopt should be treated as a no-op by emulation
(git-fixes).
- KVM: x86: Do not force set BSP bit when local APIC is managed by
userspace (git-fixes).
- KVM: x86: Fix emulation in writing cr8 (git-fixes).
- KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
(git-fixes).
- KVM: x86: Immediately reset the MMU context when the SMM flag is cleared
(git-fixes).
- KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode
(git-fixes).
- KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes).
- KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP
(git-fixes).
- KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes).
- KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes).
- KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural
PMU (git-fixes).
- KVM: x86/emulator: Defer not-present segment check in
__load_segment_descriptor() (git-fixes).
- KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in
intel_arch_events[] (git-fixes).
- mac80211: upgrade passive scan to active scan on DFS channels after
beacon rx (git-fixes).
- md: fix an incorrect NULL check in does_sb_need_changing (git-fixes).
- md: fix an incorrect NULL check in md_reload_sb (git-fixes).
- media: cx25821: Fix the warning when removing the module (git-fixes).
- media: netup_unidvb: Do not leak SPI master in probe error path
(git-fixes).
- media: pci: cx23885: Fix the error handling in cx23885_initdev()
(git-fixes).
- media: venus: hfi: avoid null dereference in deinit (git-fixes).
- misc: rtsx: set NULL intfdata when probe fails (git-fixes).
- mmc: block: Fix CQE recovery reset success (git-fixes).
- mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes).
- modpost: fix removing numeric suffixes (git-fixes).
- modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes).
- mt76: check return value of mt76_txq_send_burst in
mt76_txq_schedule_list (git-fixes).
- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
(git-fixes).
- net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg
(git-fixes).
- net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes).
- nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION
(git-fixes).
- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
(git-fixes).
- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes).
- NFS: Do not report ENOSPC write errors twice (git-fixes).
- nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes).
- PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA
topology (bsc#1199365).
- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes).
- pinctrl: sunxi: fix f1c100s uart2 function (git-fixes).
- platform/chrome: cros_ec_proto: Send command again when timeout occurs
(git-fixes).
- platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes).
- platform/x86: wmi: Replace read_takes_no_args with a flags field
(git-fixes).
- PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes).
- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address
(bsc#1200343 ltc#198477).
- raid5: introduce MD_BROKEN (git-fixes).
- random: Add and use pr_fmt() (bsc#1184924).
- random: remove unnecessary unlikely() (bsc#1184924).
- rtl818x: Prevent using not initialized queues (git-fixes).
- rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes).
- s390: fix detection of vector enhancements facility 1 vs. vector packed
decimal facility (git-fixes).
- s390: fix strrchr() implementation (git-fixes).
- s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes).
- s390/cio: Fix the "type" field in s390_cio_tpi tracepoint (git-fixes).
- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes).
- s390/ctcm: fix potential memory leak (git-fixes).
- s390/ctcm: fix variable dereferenced before check (git-fixes).
- s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454).
- s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455).
- s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206
LTC#198455).
- s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207
LTC#198454).
- s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes).
- s390/lcs: fix variable dereferenced before check (git-fixes).
- s390/mcck: fix invalid KVM guest condition check (git-fixes).
- s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag
(git-fixes).
- s390/nmi: handle guarded storage validity failures for KVM guests
(git-fixes).
- s390/nmi: handle vector validity failures for KVM guests (git-fixes).
- s390/pv: fix the forcing of the swiotlb (git-fixes).
- s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).
- s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes).
- s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks
(git-fixes).
- serial: msm_serial: disable interrupts in __msm_console_write()
(git-fixes).
- spi: Introduce device-managed SPI controller allocation (git-fixes).
- spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA
direction (git-fixes).
- spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes).
- staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes).
- staging: rtl8712: fix uninit-value in usb_read8() and friends
(git-fixes).
- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator
(git-fixes).
- tty: Fix a possible resource leak in icom_probe (git-fixes).
- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
(git-fixes).
- usb: core: hcd: Add support for deferring roothub registration
(git-fixes).
- usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes).
- usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes).
- usb: host: isp116x: check return value after calling
platform_get_resource() (git-fixes).
- usb: new quirk for Dell Gen 2 devices (git-fixes).
- usb: serial: option: add Quectel BG95 modem (git-fixes).
- vfio-ccw: Check initialized flag in cp_init() (git-fixes).
- vfio/ccw: Remove unneeded GFP_DMA (git-fixes).
- video: fbdev: pxa3xx-gcu: release the resources correctly in
pxa3xx_gcu_probe/remove() (git-fixes).
- virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes).
- vringh: Fix loop descriptors check in the indirect cases (git-fixes).
- watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2172=1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2172=1
Package List:
- openSUSE Leap 15.3 (noarch):
kernel-devel-azure-5.3.18-150300.38.62.1
kernel-source-azure-5.3.18-150300.38.62.1
- openSUSE Leap 15.3 (x86_64):
cluster-md-kmp-azure-5.3.18-150300.38.62.1
cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.62.1
dlm-kmp-azure-5.3.18-150300.38.62.1
dlm-kmp-azure-debuginfo-5.3.18-150300.38.62.1
gfs2-kmp-azure-5.3.18-150300.38.62.1
gfs2-kmp-azure-debuginfo-5.3.18-150300.38.62.1
kernel-azure-5.3.18-150300.38.62.1
kernel-azure-debuginfo-5.3.18-150300.38.62.1
kernel-azure-debugsource-5.3.18-150300.38.62.1
kernel-azure-devel-5.3.18-150300.38.62.1
kernel-azure-devel-debuginfo-5.3.18-150300.38.62.1
kernel-azure-extra-5.3.18-150300.38.62.1
kernel-azure-extra-debuginfo-5.3.18-150300.38.62.1
kernel-azure-livepatch-devel-5.3.18-150300.38.62.1
kernel-azure-optional-5.3.18-150300.38.62.1
kernel-azure-optional-debuginfo-5.3.18-150300.38.62.1
kernel-syms-azure-5.3.18-150300.38.62.1
kselftests-kmp-azure-5.3.18-150300.38.62.1
kselftests-kmp-azure-debuginfo-5.3.18-150300.38.62.1
ocfs2-kmp-azure-5.3.18-150300.38.62.1
ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.62.1
reiserfs-kmp-azure-5.3.18-150300.38.62.1
reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.62.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64):
kernel-azure-5.3.18-150300.38.62.1
kernel-azure-debuginfo-5.3.18-150300.38.62.1
kernel-azure-debugsource-5.3.18-150300.38.62.1
kernel-azure-devel-5.3.18-150300.38.62.1
kernel-azure-devel-debuginfo-5.3.18-150300.38.62.1
kernel-syms-azure-5.3.18-150300.38.62.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch):
kernel-devel-azure-5.3.18-150300.38.62.1
kernel-source-azure-5.3.18-150300.38.62.1
References:
https://www.suse.com/security/cve/CVE-2020-26541.html
https://www.suse.com/security/cve/CVE-2022-1012.html
https://www.suse.com/security/cve/CVE-2022-1966.html
https://www.suse.com/security/cve/CVE-2022-1974.html
https://www.suse.com/security/cve/CVE-2022-1975.html
https://www.suse.com/security/cve/CVE-2022-20141.html
https://www.suse.com/security/cve/CVE-2022-32250.html
https://bugzilla.suse.com/1177282
https://bugzilla.suse.com/1184924
https://bugzilla.suse.com/1198924
https://bugzilla.suse.com/1199365
https://bugzilla.suse.com/1199482
https://bugzilla.suse.com/1200015
https://bugzilla.suse.com/1200143
https://bugzilla.suse.com/1200144
https://bugzilla.suse.com/1200206
https://bugzilla.suse.com/1200207
https://bugzilla.suse.com/1200249
https://bugzilla.suse.com/1200259
https://bugzilla.suse.com/1200263
https://bugzilla.suse.com/1200343
https://bugzilla.suse.com/1200494
https://bugzilla.suse.com/1200529
https://bugzilla.suse.com/1200604
1
0
SUSE-SU-2022:2168-1: important: Security update for drbd
by opensuse-security@opensuse.org 24 Jun '22
by opensuse-security@opensuse.org 24 Jun '22
24 Jun '22
SUSE Security Update: Security update for drbd
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2168-1
Rating: important
References: #1198581
Affected Products:
SUSE Linux Enterprise High Availability 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update of drbd fixes the following issue:
- rebuild with new secure boot key due to grub2 boothole 3 issues
(bsc#1198581)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2168=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2168=1
- SUSE Linux Enterprise High Availability 15-SP3:
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2168=1
Package List:
- openSUSE Leap 15.4 (aarch64 x86_64):
drbd-kmp-preempt-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1
drbd-kmp-preempt-debuginfo-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1
- openSUSE Leap 15.4 (x86_64):
drbd-kmp-rt-9.0.29~0+git.9a7bc817_k5.3.18_8.13-150300.3.5.1
drbd-kmp-rt-debuginfo-9.0.29~0+git.9a7bc817_k5.3.18_8.13-150300.3.5.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
drbd-9.0.29~0+git.9a7bc817-150300.3.5.1
drbd-debugsource-9.0.29~0+git.9a7bc817-150300.3.5.1
drbd-kmp-default-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1
drbd-kmp-default-debuginfo-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1
- openSUSE Leap 15.3 (aarch64 x86_64):
drbd-kmp-preempt-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1
drbd-kmp-preempt-debuginfo-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1
- openSUSE Leap 15.3 (aarch64):
drbd-kmp-64kb-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1
drbd-kmp-64kb-debuginfo-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1
- openSUSE Leap 15.3 (x86_64):
drbd-kmp-rt-9.0.29~0+git.9a7bc817_k5.3.18_8.13-150300.3.5.1
drbd-kmp-rt-debuginfo-9.0.29~0+git.9a7bc817_k5.3.18_8.13-150300.3.5.1
- SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):
drbd-9.0.29~0+git.9a7bc817-150300.3.5.1
drbd-debugsource-9.0.29~0+git.9a7bc817-150300.3.5.1
drbd-kmp-default-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1
drbd-kmp-default-debuginfo-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1
References:
https://bugzilla.suse.com/1198581
1
0
openSUSE-SU-2022:10025-1: moderate: Security update for chafa
by opensuse-security@opensuse.org 23 Jun '22
by opensuse-security@opensuse.org 23 Jun '22
23 Jun '22
openSUSE Security Update: Security update for chafa
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10025-1
Rating: moderate
References: #1198965
Cross-References: CVE-2022-1507
CVSS scores:
CVE-2022-1507 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for chafa fixes the following issues:
- CVE-2022-1507: Fix NULL pointer deref in gif_internal_decode_frame
(boo#1198965)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10025=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64):
chafa-1.4.1-bp153.2.3.1
chafa-devel-1.4.1-bp153.2.3.1
libchafa0-1.4.1-bp153.2.3.1
- openSUSE Backports SLE-15-SP3 (noarch):
chafa-doc-1.4.1-bp153.2.3.1
References:
https://www.suse.com/security/cve/CVE-2022-1507.html
https://bugzilla.suse.com/1198965
1
0
openSUSE-SU-2022:10023-1: important: Security update for tor
by opensuse-security@opensuse.org 22 Jun '22
by opensuse-security@opensuse.org 22 Jun '22
22 Jun '22
openSUSE Security Update: Security update for tor
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10023-1
Rating: important
References: #1200672
Cross-References: CVE-2022-33903
Affected Products:
openSUSE Backports SLE-15-SP3
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for tor fixes the following issues:
tor was updated to 0.4.7.8:
* Fix a scenario where RTT estimation can become wedged, seriously
degrading congestion control performance on all circuits. This impacts
clients, onion services, and relays, and can be triggered remotely by a
malicious endpoint. (TROVE-2022-001, CVE-2022-33903, boo#1200672)
* Regenerate fallback directories generated on June 17, 2022.
* Update the geoip files to match the IPFire Location Database, as
retrieved on 2022/06/17.
* Allow the rseq system call in the sandbox
* logging bug fixes
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10023=1
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10023=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
tor-0.4.7.8-bp154.2.3.1
tor-debuginfo-0.4.7.8-bp154.2.3.1
tor-debugsource-0.4.7.8-bp154.2.3.1
- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le x86_64):
tor-0.4.7.8-bp153.2.15.1
References:
https://www.suse.com/security/cve/CVE-2022-33903.html
https://bugzilla.suse.com/1200672
1
0
openSUSE-SU-2022:10022-1: moderate: Security update for trivy
by opensuse-security@opensuse.org 21 Jun '22
by opensuse-security@opensuse.org 21 Jun '22
21 Jun '22
openSUSE Security Update: Security update for trivy
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10022-1
Rating: moderate
References: #1199760
Cross-References: CVE-2022-23648 CVE-2022-28946
CVSS scores:
CVE-2022-23648 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-23648 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-28946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-28946 (SUSE): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for trivy fixes the following issues:
trivy was updated to version 0.28.0 (boo#1199760, CVE-2022-28946):
* fix: remove Highlighted from json output (#2131)
* fix: remove trivy-kubernetes replace (#2132)
* docs: Add Operator docs under Kubernetes section (#2111)
* fix(k8s): security-checks panic (#2127)
* ci: added k8s scope (#2130)
* docs: Update misconfig output in examples (#2128)
* fix(misconf): Fix coloured output in Goland terminal (#2126)
* docs(secret): Fix default value of --security-checks in docs (#2107)
* refactor(report): move colorize function from trivy-db (#2122)
* feat: k8s resource scanning (#2118)
* chore: add CODEOWNERS (#2121)
* feat(image): add `--server` option for remote scans (#1871)
* refactor: k8s (#2116)
* refactor: export useful APIs (#2108)
* docs: fix k8s doc (#2114)
* feat(kubernetes): Add report flag for summary (#2112)
* fix: Remove problematic advanced rego policies (#2113)
* feat(misconf): Add special output format for misconfigurations (#2100)
* feat: add k8s subcommand (#2065)
* chore: fix make lint version (#2102)
* fix(java): handle relative pom modules (#2101)
* fix(misconf): Add missing links for non-rego misconfig results (#2094)
* feat(misconf): Added fs.FS based scanning via latest defsec (#2084)
* chore(deps): bump trivy-issue-action to v0.0.4 (#2091)
* chore(deps): bump github.com/twitchtv/twirp (#2077)
* chore(deps): bump github.com/urfave/cli/v2 from 2.4.0 to 2.5.1 (#2074)
* chore(os): updated fanal version and alpine distroless test (#2086)
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.1 to 0.5.2
(#2075)
* chore(deps): bump github.com/samber/lo from 1.16.0 to 1.19.0 (#2076)
* feat(report): add support for SPDX (#2059)
* chore(deps): bump actions/setup-go from 2 to 3 (#2073)
* chore(deps): bump actions/cache from 3.0.1 to 3.0.2 (#2071)
* chore(deps): bump golang from 1.18.0 to 1.18.1 (#2069)
* chore(deps): bump actions/stale from 4 to 5 (#2070)
* chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.3.0 (#2072)
* chore(deps): bump github.com/open-policy-agent/opa from 0.39.0 to 0.40.0
(#2079)
* chore: app version 0.27.0 (#2046)
* fix(misconf): added to skip conf files if their scanning is not enabled
(#2066)
* docs(secret) fix rule path in docs (#2061)
* docs: change from go.sum to go.mod (#2056)
Update to version 0.27.1:
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.0 to 0.5.1
(#1926)
* refactor(fs): scanner options (#2050)
* feat(secret): truncate long line (#2052)
* docs: fix a broken bullets (#2042)
* feat(ubuntu): add 22.04 approx eol date (#2044)
* docs: update installation.md (#2027)
* docs: add Containerfile (#2032)
Update to version 0.27.0:
* fix(go): fixed panic to scan gomod without version (#2038)
* docs(mariner): confirm it works with Mariner 2.0 VM (#2036)
* feat(secret): support enable rules (#2035)
* chore: app version 26.0 (#2030)
* docs(secret): add a demo movie (#2031)
* feat: support cache TTL in Redis (#2021)
* fix(go): skip system installed binaries (#2028)
* fix(go): check if go.sum is nil (#2029)
* feat: add secret scanning (#1901)
* chore: gh publish only with push the tag release (#2025)
* fix(fs): ignore permission errors (#2022)
* test(mod): using correct module inside test go.mod (#2020)
* feat(server): re-add proxy support for client/server communications
(#1995)
* fix(report): truncate a description before escaping in ASFF template
(#2004)
* fix(cloudformation): correct margin removal for empty lines (#2002)
* fix(template): correct check of old sarif template files (#2003)
Update to version 0.26.0:
* feat(alpine): warn mixing versions (#2000)
* Update ASFF template (#1914)
* chore(deps): replace `containerd/containerd` version to fix
CVE-2022-23648 (#1994)
* chore(deps): bump alpine from 3.15.3 to 3.15.4 (#1993)
* test(go): add integration tests for gomod (#1989)
* fix(python): fixed panic when scan .egg archive (#1992)
* fix(go): set correct go modules type (#1990)
* feat(alpine): support apk repositories (#1987)
* docs: add CBL-Mariner (#1982)
* docs(go): fix version (#1986)
* feat(go): support go.mod in Go 1.17+ (#1985)
* ci: fix URLs in the PR template (#1972)
* ci: add semantic pull requests check (#1968)
* docs(issue): added docs for wrong detection issues (#1961)
Update to version 0.25.4:
* docs: move CONTRIBUTING.md to docs (#1971)
* refactor(table): use file name instead package path (#1966)
* fix(sbom): add --db-repository (#1964)
* feat(table): add PkgPath in table result (#1960)
* fix(pom): merge multiple pom imports in a good manner (#1959)
Update to version 0.25.3:
* fix(downloadDB): add dbRepositoryFlag to repository and rootfs commands
(#1956)
* fix(misconf): update BurntSushi/toml for fix runtime error (#1948)
* fix(misconf): Update fanal/defsec to resolve missing metadata issues
(#1947)
* feat(jar): allow setting Maven Central URL using environment variable
(#1939)
* chore(chart): update Trivy version in HelmChart to 0.25.0 (#1931)
* chore(chart): remove version comments (#1933)
Update to version 0.25.2:
* fix(downloadDB): add flag to server command (#1942)
Update to version 0.25.1:
* fix(misconf): update defsec to resolve panics (#1935)
* chore(deps): bump github.com/docker/docker (#1924)
* docs: restructure the documentation (#1887)
* chore(deps): bump github.com/urfave/cli/v2 from 2.3.0 to 2.4.0 (#1923)
* chore(deps): bump actions/cache from 2 to 3.0.1 (#1920)
* chore(deps): bump actions/checkout from 2 to 3 (#1916)
* chore(deps): bump github.com/open-policy-agent/opa from 0.37.2 to 0.39.0
(#1921)
* chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.1.0 (#1919)
* chore(deps): bump helm/chart-testing-action from 2.2.0 to 2.2.1 (#1918)
* chore(deps): bump golang from 1.17 to 1.18.0 (#1915)
* Add trivy horizontal logo (#1932)
* chore(deps): bump alpine from 3.15.0 to 3.15.3 (#1917)
* chore(deps): bump github.com/go-redis/redis/v8 from 8.11.4 to 8.11.5
(#1925)
* chore(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#1927)
* feat(db): Add dbRepository flag to get advisory database from OCI
registry (#1873)
Update to version 0.25.0:
* docs(filter vulnerabilities): fix link (#1880)
* feat(template) Add misconfigurations to gitlab codequality report (#1756)
* fix(rpc): add PkgPath field to client / server mode (#1643)
* fix(vulnerabilities): fixed trivy-db vulns (#1883)
* feat(cache): remove temporary cache after filesystem scanning (#1868)
* feat(sbom): add a dedicated sbom command (#1799)
* feat(cyclonedx): add vulnerabilities (#1832)
* fix(option): hide false warning about remote options (#1865)
* chore: bump up Go to 1.18 (#1862)
* feat(filesystem): scan in client/server mode (#1829)
* refactor(template): remove unused test (#1861)
* fix(cli): json format for trivy version (#1854)
* docs: change URL for tfsec-checks (#1857)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10022=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 s390x x86_64):
trivy-0.28.0-bp154.2.3.1
References:
https://www.suse.com/security/cve/CVE-2022-23648.html
https://www.suse.com/security/cve/CVE-2022-28946.html
https://bugzilla.suse.com/1199760
1
0
openSUSE-SU-2022:10020-1: moderate: Security update for neomutt
by opensuse-security@opensuse.org 21 Jun '22
by opensuse-security@opensuse.org 21 Jun '22
21 Jun '22
openSUSE Security Update: Security update for neomutt
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10020-1
Rating: moderate
References: #1184787 #1185705
Cross-References: CVE-2021-32055 CVE-2022-1328
CVSS scores:
CVE-2021-32055 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CVE-2021-32055 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-1328 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2022-1328 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for neomutt fixes the following issues:
neomutt was updated to 20220429:
* Bug Fixes
* Do not crash on an invalid use_threads/sort combination
* Fix: stuck browser cursor
* Resolve (move) the cursor after <edit-label>
* Index: fix menu size on new mail
* Don't overlimit LMDB mmap size
* OpenBSD y/n translation fix
* Generic: split out OP_EXIT binding
* Fix parsing of sendmail cmd
* Fix: crash with menu_move_off=no
* Newsrc: bugfix; nntp_user and nntp_pass ignored
* Menu: ensure config changes cause a repaint
* Mbox: fix sync duplicates
* Make sure the index redraws all that's needed
* Translations
* 100% Chinese (Simplified)
* 100% Czech
* 100% German
* 100% Hungarian
* 100% Lithuanian
* 100% Serbian
* 100% Turkish
* Docs
* add missing pattern modifier ~I for external_search_command
* Code
* menu: eliminate custom_redraw()
* modernise mixmaster
* Kill global and Propagate display attach status through State-
neomutt was updated to 20220415:
* Security
* Fix uudecode buffer overflow (CVE-2022-1328)
* Features
* Colours, colours, colours
* Bug Fixes
* Pager: fix pager_stop
* Merge colours with normal
* Color: disable mono command
* Fix forwarding text attachments when honor_disposition is set
* Pager: drop the nntp change-group bindings
* Use mailbox_check flags coherently, add IMMEDIATE flag
* Fix: tagging in attachment list
* Fix: misalignment of mini-index
* Make sure to update the menu size after a resort
* Translations
* 100% Hungarian
* Build
* Update acutest
* Code
* Unify pipe functions
* Index: notify if navigation fails
* Gui: set colour to be merged with normal
* Fix: leak in tls_check_one_certificate()
* Upstream
* Flush iconv() in mutt_convert_string()
* Fix integer overflow in mutt_convert_string()
* Fix uudecode cleanup on unexpected eof
update to 20220408:
* Compose multipart emails
* Fix screen mode after attempting decryption
* imap: increase max size of oauth2 token
* Fix autocrypt
* Unify Alias/Query workflow
* Fix colours
* Say which file exists when saving attachments
* Force SMTP authentication if `smtp_user` is set
* Fix selecting the right email after limiting
* Make sure we have enough memory for a new email
* Don't overwrite with zeroes after unlinking the file
* Fix crash when forwarding attachments
* Fix help reformatting on window resize
* Fix poll to use PollFdsCount and not PollFdsLen
* regex: range check arrays strictly
* Fix Coverity defects
* Fix out of bounds write with long log lines
* Apply `fast_reply` to 'to', 'cc', or 'bcc'
* Prevent warning on empty emails
* New default: `set rfc2047_parameters = yes`
* 100% German
* 100% Lithuanian
* 100% Serbian
* 100% Czech
* 100% Turkish
* 72% Hungarian
* Improve header cache explanation
* Improve description of some notmuch variables
* Explain how timezones and `!`s work inside `%{}`, `%[]` and `%()`
* Document config synonyms and deprecations
* Create lots of GitHub Actions
* Drop TravisCI
* Add automated Fuzzing tests
* Add automated ASAN tests
* Create Dockers for building Centos/Fedora
* Build fixes for Solaris 10
* New libraries: browser, enter, envelope
* New configure options: `--fuzzing` `--debug-color` `--debug-queue`
* Split Index/Pager GUIs/functions
* Add lots of function dispatchers
* Eliminate `menu_loop()`
* Refactor function opcodes
* Refactor cursor setting
* Unify Alias/Query functions
* Refactor Compose/Envelope functions
* Modernise the Colour handling
* Refactor the Attachment View
* Eliminate the global `Context`
* Upgrade `mutt_get_field()`
* Refactor the `color quoted` code
* Fix lots of memory leaks
* Refactor Index resolve code
* Refactor PatternList parsing
* Refactor Mailbox freeing
* Improve key mapping
* Factor out charset hooks
* Expose mutt_file_seek API
* Improve API of `strto*` wrappers
* imap QRESYNC fixes
* Allow an empty To: address prompt
* Fix argc==0 handling
* Don't queue IMAP close commands
* Fix IMAP UTF-7 for code points >= U+10000
* Don't include inactive messages in msgset generation
update to 20211029 (boo#1185705, CVE-2021-32055):
* Notmuch: support separate database and mail roots without .notmuch
* fix notmuch crash on open failure
* fix crypto crash handling pgp keys
* fix ncrypt/pgp file_get_size return check
* fix restore case-insensitive header sort
* fix pager redrawing of long lines
* fix notmuch: check database dir for xapian dir
* fix notmuch: update index count after <entire-thread>
* fix protect hash table against empty keys
* fix prevent real_subj being set but empty
* fix leak when saving fcc
* fix leak after <edit-or-view-raw-message>
* fix leak after trash to hidden mailbox
* fix leak restoring postponed emails
* fix new mail notifications
* fix pattern compilation error for ( !>(~P) )
* fix menu display on window resize
* Stop batch mode emails with no argument or recipients
* Add sanitize call in print mailcap function
* fix hdr_order to use the longest match
* fix (un)setenv to not return an error with unset env vars
* fix Imap sync when closing a mailbox
* fix segfault on OpenBSD current
* sidebar: restore sidebar_spoolfile colour
* fix assert when displaying a file from the browser
* fix exec command in compose
* fix check_stats for Notmuch mailboxes
* Fallback: Open Notmuch database without config
* fix gui hook commands on startup
* threads: implement the $use_threads feature
* https://neomutt.org/feature/use-threads
* hooks: allow a -noregex param to folder and mbox hooks
* mailing lists: implement list-(un)subscribe using RFC2369 headers
* mailcap: implement x-neomutt-nowrap flag
* pager: add $local_date_header option
* imap, smtp: add support for authenticating using XOAUTH2
* Allow <sync-mailbox> to fail quietly
* imap: speed up server-side searches
* pager: improve skip-quoted and skip-headers
* notmuch: open database with user's configuration
* notmuch: implement <vfolder-window-reset>
* config: allow += modification of my_ variables
* notmuch: tolerate file renames behind neomutt's back
* pager: implement $pager_read_delay
* notmuch: validate nm_query_window_timebase
* notmuch: make $nm_record work in non-notmuch mailboxes
* compose: add $greeting - a welcome message on top of emails
* notmuch: show additional mail in query windows
* imap: fix crash on external IMAP events
* notmuch: handle missing libnotmuch version bumps
* imap: add sanity check for qresync
* notmuch: allow windows with 0 duration
* index: fix index selection on <collapse-all>
* imap: fix crash when sync'ing labels
* search: fix searching by Message-Id in <mark-message>
* threads: fix double sorting of threads
* stats: don't check mailbox stats unless told
* alias: fix crash on empty query
* pager: honor mid-message config changes
* mailbox: don't propagate read-only state across reopens
* hcache: fix caching new labels in the header cache
* crypto: set invalidity flags for gpgme/smime keys
* notmuch: fix parsing of multiple type=
* notmuch: validate $nm_default_url
* messages: avoid unnecessary opening of messages
* imap: fix seqset iterator when it ends in a comma
* build: refuse to build without pcre2 when pcre2 is linked in ncurses
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10020=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 ppc64le s390x x86_64):
neomutt-20220429-bp154.2.3.1
- openSUSE Backports SLE-15-SP4 (noarch):
neomutt-doc-20220429-bp154.2.3.1
neomutt-lang-20220429-bp154.2.3.1
References:
https://www.suse.com/security/cve/CVE-2021-32055.html
https://www.suse.com/security/cve/CVE-2022-1328.html
https://bugzilla.suse.com/1184787
https://bugzilla.suse.com/1185705
1
0
openSUSE-SU-2022:10019-1: important: Security update for atheme
by opensuse-security@opensuse.org 20 Jun '22
by opensuse-security@opensuse.org 20 Jun '22
20 Jun '22
openSUSE Security Update: Security update for atheme
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10019-1
Rating: important
References: #1195989
Cross-References: CVE-2022-24976
CVSS scores:
CVE-2022-24976 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for atheme fixes the following issues:
atheme was updated to release 7.2.12:
* CVE-2022-24976: Fixed General authentication bypass in Atheme IRC
services with InspIRCd 3 [boo#1195989]
* Track SASL login EID
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10019=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
atheme-7.2.12-bp154.2.3.1
atheme-devel-7.2.12-bp154.2.3.1
libathemecore1-7.2.12-bp154.2.3.1
References:
https://www.suse.com/security/cve/CVE-2022-24976.html
https://bugzilla.suse.com/1195989
1
0
openSUSE-SU-2022:10018-1: important: Security update for atheme
by opensuse-security@opensuse.org 20 Jun '22
by opensuse-security@opensuse.org 20 Jun '22
20 Jun '22
openSUSE Security Update: Security update for atheme
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10018-1
Rating: important
References: #1174075 #1195989
Cross-References: CVE-2022-24976
CVSS scores:
CVE-2022-24976 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for atheme fixes the following issues:
atheme was updated to release 7.2.12:
* CVE-2022-24976: Fixed General authentication bypass in Atheme IRC
services with InspIRCd 3 [boo#1195989]
* Track SASL login EID
Update to release 7.2.11
* Add a preliminary Turkish translation
* Add HMAC-MD5 verify-only support to crypto/pbkdf2v2
* modules/chanserv/akick: fix unload crash with akicks that have timeouts
* modules/nickserv/multimark: use IRC case canonicalisation for restored
nicks
* modules/nickserv/multimark: forbid unloading due to the potential for
data loss
* CA_ constants: include CA_EXEMPT (+e) where appropriate
Update to new upstream release 7.2.10.r2
* Fix potential NULL dereference in modules/crypto/posix.
* Bump E-Mail address maximum length to 254 characters.
* Use flags setter information in modules/chanserv/access &
modules/chanserv/flags.
* Fix issue where modules/misc/httpd was not closing its listening socket
on deinit.
* Fix GroupServ data loss issue when a group was the founder of another
group.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10018=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64):
atheme-7.2.12-bp153.2.3.1
atheme-devel-7.2.12-bp153.2.3.1
libathemecore1-7.2.12-bp153.2.3.1
References:
https://www.suse.com/security/cve/CVE-2022-24976.html
https://bugzilla.suse.com/1174075
https://bugzilla.suse.com/1195989
1
0
SUSE-SU-2022:2140-1: important: Security update for node_exporter
by opensuse-security@opensuse.org 20 Jun '22
by opensuse-security@opensuse.org 20 Jun '22
20 Jun '22
SUSE Security Update: Security update for node_exporter
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2140-1
Rating: important
References: #1190535 #1196338 SLE-24238 SLE-24239
Cross-References: CVE-2022-21698
CVSS scores:
CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability, contains two
features and has one errata is now available.
Description:
This security update for golang-github-prometheus-node_exporter provides:
Update golang-github-prometheus-node_exporter from version 1.1.2 to
version 1.3.0 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239)
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter
- Update vendor tarball with prometheus/client_golang 1.11.1
- Update to 1.3.0
* [CHANGE] Add path label to rapl collector #2146
* [CHANGE] Exclude filesystems under /run/credentials #2157
* [CHANGE] Add TCPTimeouts to netstat default filter #2189
* [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771
* [FEATURE] Add darwin powersupply collector #1777
* [FEATURE] Add support for monitoring GPUs on Linux #1998
* [FEATURE] Add Darwin thermal collector #2032
* [FEATURE] Add os release collector #2094
* [FEATURE] Add netdev.address-info collector #2105
* [FEATURE] Add clocksource metrics to time collector #2197
* [ENHANCEMENT] Support glob textfile collector directories #1985
* [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080
* [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165
* [ENHANCEMENT] Add flag to disable guest CPU metrics #2123
* [ENHANCEMENT] Add DMI collector #2131
* [ENHANCEMENT] Add threads metrics to processes collector #2164
* [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector
#2169
* [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189
* [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208
* [BUGFIX] ethtool: Sanitize metric names #2093
* [BUGFIX] Fix ethtool collector for multiple interfaces #2126
* [BUGFIX] Fix possible panic on macOS #2133
* [BUGFIX] Collect flag_info and bug_info only for one core #2156
* [BUGFIX] Prevent duplicate ethtool metric names #2187
- Update to 1.2.2
* Bug fixes Fix processes collector long int parsing #2112
- Update to 1.2.1
* Removed Remove obsolete capture permission denied error fix already
included upstream
* Bug fixes Fix zoneinfo parsing prometheus/procfs#386 Fix nvme
collector log noise #2091 Fix rapl collector log noise #2092
- Update to 1.2.0
* Changes Rename filesystem collector flags to match other collectors
#2012 Make node_exporter print usage to STDOUT #203
* Features Add conntrack statistics metrics #1155 Add ethtool stats
collector #1832 Add flag to ignore network speed if it is unknown
#1989 Add tapestats collector for Linux #2044 Add nvme collector #2062
* Enhancements Add ErrorLog plumbing to promhttp #1887 Add more
Infiniband counters #2019 netclass: retrieve interface names and
filter before parsing #2033 Add time zone offset metric #2060
* Bug fixes Handle errors from disabled PSI subsystem #1983 Fix panic
when using backwards compatible flags #2000 Fix wrong value for
OpenBSD memory buffer cache #2015 Only initiate collectors once #2048
Handle small backwards jumps in CPU idle #2067
- Capture permission denied error for "energy_uj" file (bsc#1190535)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2140=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2140=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2140=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2140=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2140=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2140=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2140=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2140=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2140=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2140=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2140=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2140=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2140=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2140=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2140=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2140=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2140=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-2140=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-2140=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Manager Proxy 4.1 (x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
- SUSE CaaS Platform 4.0 (x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
References:
https://www.suse.com/security/cve/CVE-2022-21698.html
https://bugzilla.suse.com/1190535
https://bugzilla.suse.com/1196338
1
0