openSUSE Security Announce
Threads by month
- ----- 2024 -----
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
June 2022
- 1 participants
- 64 discussions
openSUSE-SU-2022:10010-1: critical: Security update for chromium
by opensuse-security@opensuse.org 15 Jun '22
by opensuse-security@opensuse.org 15 Jun '22
15 Jun '22
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10010-1
Rating: critical
References: #1200139 #1200423
Cross-References: CVE-2022-2007 CVE-2022-2008 CVE-2022-2010
CVE-2022-2011
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
- Chromium 102.0.5005.115 (boo#1200423)
* CVE-2022-2007: Use after free in WebGPU
* CVE-2022-2008: Out of bounds memory access in WebGL
* CVE-2022-2010: Out of bounds read in compositing
* CVE-2022-2011: Use after free in ANGLE
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10010=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 x86_64):
chromedriver-102.0.5005.115-bp154.2.8.1
chromium-102.0.5005.115-bp154.2.8.1
References:
https://www.suse.com/security/cve/CVE-2022-2007.html
https://www.suse.com/security/cve/CVE-2022-2008.html
https://www.suse.com/security/cve/CVE-2022-2010.html
https://www.suse.com/security/cve/CVE-2022-2011.html
https://bugzilla.suse.com/1200139
https://bugzilla.suse.com/1200423
1
0
openSUSE-SU-2022:10002-1: important: Security update for librecad
by opensuse-security@opensuse.org 15 Jun '22
by opensuse-security@opensuse.org 15 Jun '22
15 Jun '22
openSUSE Security Update: Security update for librecad
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10002-1
Rating: important
References: #1195105 #1195122 #1197664
Cross-References: CVE-2021-45341 CVE-2021-45342
CVSS scores:
CVE-2021-45341 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-45342 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that solves two vulnerabilities and has one
errata is now available.
Description:
This update for librecad fixes the following issues:
- CVE-2021-45341: Fixed a buffer overflow vulnerability in LibreCAD allows
an attacker to achieve remote code execution via a crafted JWW document
[boo#1195105]
- CVE-2021-45342: Fixed a buffer overflow vulnerability in jwwlib in
LibreCAD allows an attacker to achieve remote code execution via a
crafted JWW document [boo#1195122]
- Strip excess blank fields from librecad.desktop:MimeType [boo#1197664]
Update to 2.2.0-rc3
* major release
* DWG imports are more reliable now
* and a lot more of bugfixes and improvements
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10002=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
libdxfrw-debuginfo-1.0.1+git.20220109-bp154.2.3.1
libdxfrw-debugsource-1.0.1+git.20220109-bp154.2.3.1
libdxfrw-devel-1.0.1+git.20220109-bp154.2.3.1
libdxfrw-tools-1.0.1+git.20220109-bp154.2.3.1
libdxfrw-tools-debuginfo-1.0.1+git.20220109-bp154.2.3.1
libdxfrw1-1.0.1+git.20220109-bp154.2.3.1
libdxfrw1-debuginfo-1.0.1+git.20220109-bp154.2.3.1
- openSUSE Backports SLE-15-SP4 (aarch64 ppc64le s390x x86_64):
librecad-2.2.0~rc3-bp154.3.3.1
- openSUSE Backports SLE-15-SP4 (noarch):
librecad-parts-2.2.0~rc3-bp154.3.3.1
References:
https://www.suse.com/security/cve/CVE-2021-45341.html
https://www.suse.com/security/cve/CVE-2021-45342.html
https://bugzilla.suse.com/1195105
https://bugzilla.suse.com/1195122
https://bugzilla.suse.com/1197664
1
0
openSUSE-SU-2022:10007-1: moderate: Security update for caddy
by opensuse-security@opensuse.org 15 Jun '22
by opensuse-security@opensuse.org 15 Jun '22
15 Jun '22
openSUSE Security Update: Security update for caddy
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10007-1
Rating: moderate
References: #1200279
Cross-References: CVE-2022-297182
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for caddy fixes the following issues:
Update to version 2.5.1:
* Fixed regression in Unix socket admin endpoints.
* Fixed regression in caddy trust commands.
* Hash-based load balancing policies (ip_hash, uri_hash, header, and
cookie) use an improved highest-random-weight (HRW) algorithm for
increased consistency.
* Dynamic upstreams, which is the ability to get the list of upstreams at
every request (more specifically, every iteration in the proxy loop of
every request) rather than just once at config-load time.
* Caddy will automatically try to get relevant certificates from the local
Tailscale instance.
* New OpenTelemetry integration.
* Added new endpoints /pki/ca/<id> and /pki/ca/<id>/certificates for
getting information about Caddy's managed CAs.
* Rename _caddy to zsh-completion
* Fix MatchPath sanitizing [bsc#1200279, CVE-2022-29718]
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10007=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
caddy-2.5.1-bp154.2.5.1
References:
https://www.suse.com/security/cve/CVE-2022-297182.html
https://bugzilla.suse.com/1200279
1
0
openSUSE-SU-2022:0155-1: moderate: Security update for libredwg
by opensuse-security@opensuse.org 15 Jun '22
by opensuse-security@opensuse.org 15 Jun '22
15 Jun '22
openSUSE Security Update: Security update for libredwg
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0155-1
Rating: moderate
References: #1193372
Cross-References: CVE-2021-28237
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libredwg fixes the following issues:
Update to release 0.12.5 [boo#1193372] [CVE-2021-28237]
* Restricted accepted DXF objects to all stable and unstable classes,
minus MATERIAL, ARC_DIMENSION, SUN, PROXY*. I.e. most unstable objects
do not allow unknown DXF codes anymore. This fixed most oss-fuzz errors.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-155=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
libredwg-devel-0.12.5-bp154.2.3.1
libredwg-tools-0.12.5-bp154.2.3.1
libredwg0-0.12.5-bp154.2.3.1
References:
https://www.suse.com/security/cve/CVE-2021-28237.html
https://bugzilla.suse.com/1193372
1
0
openSUSE-SU-2022:0144-1: moderate: Security update for varnish
by opensuse-security@opensuse.org 15 Jun '22
by opensuse-security@opensuse.org 15 Jun '22
15 Jun '22
SUSE Security Update: Security update for varnish
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0144-1
Rating: moderate
References: #1194469 #1195188
Cross-References: CVE-2021-4122 CVE-2022-23959
CVSS scores:
CVE-2021-4122 (SUSE): 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2022-23959 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2022-23959 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
openSUSE Backports SLE-15-SP4
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for varnish fixes the following issues:
varnish was updated to release 7.1.0 [boo#1195188] [CVE-2022-23959]
* VCL: It is now possible to assign a BLOB value to a BODY variable, in
addition to STRING as before.
* VMOD: New STRING strftime(TIME time, STRING format) function for UTC
formatting.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-144=1
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-144=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
cryptsetup-2.3.7-150300.3.5.1
cryptsetup-debuginfo-2.3.7-150300.3.5.1
cryptsetup-debugsource-2.3.7-150300.3.5.1
libcryptsetup-devel-2.3.7-150300.3.5.1
libcryptsetup12-2.3.7-150300.3.5.1
libcryptsetup12-debuginfo-2.3.7-150300.3.5.1
libcryptsetup12-hmac-2.3.7-150300.3.5.1
- openSUSE Leap 15.3 (x86_64):
libcryptsetup12-32bit-2.3.7-150300.3.5.1
libcryptsetup12-32bit-debuginfo-2.3.7-150300.3.5.1
libcryptsetup12-hmac-32bit-2.3.7-150300.3.5.1
- openSUSE Leap 15.3 (noarch):
cryptsetup-lang-2.3.7-150300.3.5.1
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
libvarnishapi3-7.1.0-bp154.2.3.1
varnish-7.1.0-bp154.2.3.1
varnish-devel-7.1.0-bp154.2.3.1
References:
https://www.suse.com/security/cve/CVE-2021-4122.html
https://www.suse.com/security/cve/CVE-2022-23959.html
https://bugzilla.suse.com/1194469
https://bugzilla.suse.com/1195188
1
0
openSUSE-SU-2022:10009-1: critical: Security update for chromium
by opensuse-security@opensuse.org 15 Jun '22
by opensuse-security@opensuse.org 15 Jun '22
15 Jun '22
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10009-1
Rating: critical
References: #1199893 #1200139 #1200423
Cross-References: CVE-2022-1853 CVE-2022-1854 CVE-2022-1855
CVE-2022-1856 CVE-2022-1857 CVE-2022-1858
CVE-2022-1859 CVE-2022-1860 CVE-2022-1861
CVE-2022-1862 CVE-2022-1863 CVE-2022-1864
CVE-2022-1865 CVE-2022-1866 CVE-2022-1867
CVE-2022-1868 CVE-2022-1869 CVE-2022-1870
CVE-2022-1871 CVE-2022-1872 CVE-2022-1873
CVE-2022-1874 CVE-2022-1875 CVE-2022-1876
CVE-2022-2007 CVE-2022-2008 CVE-2022-2010
CVE-2022-2011
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes 28 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium 102.0.5005.115 (boo#1200423)
* CVE-2022-2007: Use after free in WebGPU
* CVE-2022-2008: Out of bounds memory access in WebGL
* CVE-2022-2010: Out of bounds read in compositing
* CVE-2022-2011: Use after free in ANGLE
Chromium 102.0.5001.61 (boo#1199893)
* CVE-2022-1853: Use after free in Indexed DB
* CVE-2022-1854: Use after free in ANGLE
* CVE-2022-1855: Use after free in Messaging
* CVE-2022-1856: Use after free in User Education
* CVE-2022-1857: Insufficient policy enforcement in File System API
* CVE-2022-1858: Out of bounds read in DevTools
* CVE-2022-1859: Use after free in Performance Manager
* CVE-2022-1860: Use after free in UI Foundations
* CVE-2022-1861: Use after free in Sharing
* CVE-2022-1862: Inappropriate implementation in Extensions
* CVE-2022-1863: Use after free in Tab Groups
* CVE-2022-1864: Use after free in WebApp Installs
* CVE-2022-1865: Use after free in Bookmarks
* CVE-2022-1866: Use after free in Tablet Mode
* CVE-2022-1867: Insufficient validation of untrusted input in Data
Transfer
* CVE-2022-1868: Inappropriate implementation in Extensions API
* CVE-2022-1869: Type Confusion in V8
* CVE-2022-1870: Use after free in App Service
* CVE-2022-1871: Insufficient policy enforcement in File System API
* CVE-2022-1872: Insufficient policy enforcement in Extensions API
* CVE-2022-1873: Insufficient policy enforcement in COOP
* CVE-2022-1874: Insufficient policy enforcement in Safe Browsing
* CVE-2022-1875: Inappropriate implementation in PDF
* CVE-2022-1876: Heap buffer overflow in DevTools
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10009=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 x86_64):
chromedriver-102.0.5005.115-bp153.2.101.1
chromedriver-debuginfo-102.0.5005.115-bp153.2.101.1
chromium-102.0.5005.115-bp153.2.101.1
chromium-debuginfo-102.0.5005.115-bp153.2.101.1
References:
https://www.suse.com/security/cve/CVE-2022-1853.html
https://www.suse.com/security/cve/CVE-2022-1854.html
https://www.suse.com/security/cve/CVE-2022-1855.html
https://www.suse.com/security/cve/CVE-2022-1856.html
https://www.suse.com/security/cve/CVE-2022-1857.html
https://www.suse.com/security/cve/CVE-2022-1858.html
https://www.suse.com/security/cve/CVE-2022-1859.html
https://www.suse.com/security/cve/CVE-2022-1860.html
https://www.suse.com/security/cve/CVE-2022-1861.html
https://www.suse.com/security/cve/CVE-2022-1862.html
https://www.suse.com/security/cve/CVE-2022-1863.html
https://www.suse.com/security/cve/CVE-2022-1864.html
https://www.suse.com/security/cve/CVE-2022-1865.html
https://www.suse.com/security/cve/CVE-2022-1866.html
https://www.suse.com/security/cve/CVE-2022-1867.html
https://www.suse.com/security/cve/CVE-2022-1868.html
https://www.suse.com/security/cve/CVE-2022-1869.html
https://www.suse.com/security/cve/CVE-2022-1870.html
https://www.suse.com/security/cve/CVE-2022-1871.html
https://www.suse.com/security/cve/CVE-2022-1872.html
https://www.suse.com/security/cve/CVE-2022-1873.html
https://www.suse.com/security/cve/CVE-2022-1874.html
https://www.suse.com/security/cve/CVE-2022-1875.html
https://www.suse.com/security/cve/CVE-2022-1876.html
https://www.suse.com/security/cve/CVE-2022-2007.html
https://www.suse.com/security/cve/CVE-2022-2008.html
https://www.suse.com/security/cve/CVE-2022-2010.html
https://www.suse.com/security/cve/CVE-2022-2011.html
https://bugzilla.suse.com/1199893
https://bugzilla.suse.com/1200139
https://bugzilla.suse.com/1200423
1
0
SUSE-SU-2022:2078-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 14 Jun '22
by opensuse-security@opensuse.org 14 Jun '22
14 Jun '22
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2078-1
Rating: important
References: #1055117 #1061840 #1065729 #1103269 #1118212
#1153274 #1154353 #1156395 #1158266 #1167773
#1176447 #1178134 #1180100 #1183405 #1188885
#1195826 #1196426 #1196478 #1196570 #1196840
#1197446 #1197472 #1197601 #1197675 #1198438
#1198577 #1198971 #1198989 #1199035 #1199052
#1199063 #1199114 #1199314 #1199505 #1199507
#1199564 #1199626 #1199631 #1199650 #1199670
#1199839 #1200019 #1200045 #1200046 #1200192
#1200216 SLE-13521 SLE-16387
Cross-References: CVE-2019-19377 CVE-2021-33061 CVE-2022-0168
CVE-2022-1184 CVE-2022-1652 CVE-2022-1729
CVE-2022-1972 CVE-2022-20008 CVE-2022-21123
CVE-2022-21125 CVE-2022-21127 CVE-2022-21166
CVE-2022-21180 CVE-2022-30594
CVSS scores:
CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-0168 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CVE-2022-1972 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20008 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-20008 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Availability 15-SP3
SUSE Linux Enterprise High Performance Computing
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Legacy Software 15-SP3
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Server
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 14 vulnerabilities, contains two
features and has 32 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-0168: Fixed a NULL pointer dereference in
smb2_ioctl_query_info. (bsc#1197472)
- CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to
uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564)
- CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to
privilege escalation. (bsc#1200019)
- CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2019-19377: Fixed an user-after-free that could be triggered when an
attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
- CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self
(bsc#1199507).
- CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when
mounting and operating on a corrupted image. (bsc#1198577)
- CVE-2022-1652: Fixed a statically allocated error counter inside the
floppy kernel module (bsc#1199063).
- CVE-2022-30594: Fixed restriction bypass on setting the
PT_SUSPEND_SECCOMP flag (bnc#1199505).
- CVE-2021-33061: Fixed insufficient control flow management for the
Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed
an authenticated user to potentially enable denial of service via local
access (bnc#1196426).
The following non-security bugs were fixed:
- ACPI: property: Release subnode properties with data nodes (git-fixes).
- ALSA: ctxfi: Add SB046x PCI ID (git-fixes).
- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
(git-fixes).
- ALSA: hda - fix unused Realtek function when PM is not enabled
(git-fixes).
- ALSA: hda/realtek - Add new type for ALC245 (git-fixes).
- ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
(git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop
(git-fixes).
- ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes).
- ALSA: pcm: Check for null pointer of pointer substream before
dereferencing it (git-fixes).
- ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes).
- ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes).
- ALSA: usb-audio: Configure sync endpoints before data (git-fixes).
- ALSA: usb-audio: Fix undefined behavior due to shift overflowing the
constant (git-fixes).
- ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes).
- ALSA: wavefront: Proper check of get_user() error (git-fixes).
- ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling
(git-fixes)
- ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes)
- ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes)
- ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes)
- ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes)
- ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes)
- ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes)
- ARM: dts: at91: fix pinctrl phandles (git-fixes)
- ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes)
- ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes)
- ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes)
- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes)
- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes)
- ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED
(git-fixes)
- ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C
(git-fixes)
- ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes)
- ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes)
- ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes)
- ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group
(git-fixes)
- ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes)
- ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes)
- ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes)
- ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes)
- ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes)
- ARM: dts: meson: Fix the UART compatible strings (git-fixes)
- ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes)
- ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes)
- ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes)
- ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes)
- ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes)
- ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes)
- arm: mediatek: select arch timer for mt7629 (git-fixes)
- ARM: omap: remove debug-leds driver (git-fixes)
- ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes)
- ARM: socfpga: dts: fix qspi node compatible (git-fixes)
- ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes)
- ARM: tegra: Move panels to AUX bus (git-fixes)
- arm64: dts: broadcom: Fix sata nodename (git-fixes)
- arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes)
- arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes)
- arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes).
- arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions
(git-fixes)
- arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes)
- ASoC: atmel-classd: Remove endianness flag on class d component
(git-fixes).
- ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes).
- ASoC: da7219: Fix change notifications for tone generator frequency
(git-fixes).
- ASoC: dmaengine: Restore NULL prepare_slave_config() callback
(git-fixes).
- ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes).
- ASoC: max98090: Generate notifications on changes for custom control
(git-fixes).
- ASoC: max98090: Move check for invalid values before casting in
max98090_put_enab_tlv() (git-fixes).
- ASoC: max98090: Reject invalid values in custom control put()
(git-fixes).
- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
(git-fixes).
- ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
(git-fixes).
- ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes).
- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes).
- ASoC: ops: Validate input values in snd_soc_put_volsw_range()
(git-fixes).
- ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes).
- ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
(git-fixes).
- ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes).
- ASoC: wm2000: fix missing clk_disable_unprepare() on error in
wm2000_anc_transition() (git-fixes).
- ASoC: wm8958: Fix change notifications for DSP controls (git-fixes).
- assoc_array: Fix BUG_ON during garbage collect (git-fixes).
- ata: pata_hpt37x: fix PCI clock detection (git-fixes).
- ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes).
- ath9k_htc: fix potential out of bounds access with invalid
rxstatus->rs_keyix (git-fixes).
- ath9k: fix ar9003_get_eepmisc (git-fixes).
- batman-adv: Do not skb_split skbuffs with frag_list (git-fixes).
- blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045).
- Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed
(git-fixes).
- Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
(git-fixes).
- Bluetooth: Fix the creation of hdev->name (git-fixes).
- Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes).
- bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag
(jsc#SLE-8371 bsc#1153274).
- bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075).
- brcmfmac: sdio: Fix undefined behavior due to shift overflowing the
constant (git-fixes).
- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create()
(git-fixes).
- bus: ti-sysc: Fix warnings for unbind for serial (git-fixes).
- can: grcan: grcan_close(): fix deadlock (git-fixes).
- can: grcan: use ofdev->dev when allocating DMA memory (git-fixes).
- carl9170: tx: fix an incorrect use of list iterator (git-fixes).
- ceph: fix setting of xattrs on async created inodes (bsc#1200192).
- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in
cpuset_init_smp() (bsc#1199839).
- clk: at91: generated: consider range when calculating best rate
(git-fixes).
- clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes).
- clk: imx8mp: fix usb_root_clk parent (git-fixes).
- clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes).
- clk: sunxi: sun9i-mmc: check return value after calling
platform_get_resource() (git-fixes).
- copy_process(): Move fd_install() out of sighand->siglock critical
section (bsc#1199626).
- crypto: caam - fix i.MX6SX entropy delay value (git-fixes).
- crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes).
- crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes).
- crypto: x86 - eliminate anonymous module_init and module_exit
(git-fixes).
- crypto: x86/chacha20 - Avoid spurious jumps to other functions
(git-fixes).
- dim: initialize all struct fields (git-fixes).
- dmaengine: idxd: Fix the error handling path in idxd_cdev_register()
(git-fixes).
- dmaengine: stm32-mdma: remove GISR1 register (git-fixes).
- docs: powerpc: Fix misspellings and grammar errors (bsc#1055117
ltc#159753).
- docs: submitting-patches: Fix crossref to 'The canonical patch format'
(git-fixes).
- drbd: fix an invalid memory access caused by incorrect use of list
iterator (git-fixes).
- drbd: fix duplicate array initializer (git-fixes).
- drbd: Fix five use after free bugs in get_initial_state (git-fixes).
- drbd: remove assign_p_sizes_qlim (git-fixes).
- drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes).
- drbd: use bdev_alignment_offset instead of queue_alignment_offset
(git-fixes).
- driver: core: fix deadlock in __device_attach (git-fixes).
- driver: base: fix UAF when driver_attach failed (git-fixes).
- drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION()
(git-fixes)
- drivers/base/memory: fix an unlikely reference counting issue in
__add_memory_block() (git-fixes).
- drivers/base/node.c: fix compaction sysfs file leak (git-fixes).
- drm: mali-dp: potential dereference of null pointer (git-fixes).
- drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes).
- drm: sti: do not use kernel-doc markers (git-fixes).
- drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version,
environment} types (git-fixes).
- drm/amdkfd: Fix GWS queue count (git-fixes).
- drm/blend: fix typo in the comment (git-fixes).
- drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes).
- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
(git-fixes).
- drm/bridge: Fix error handling in analogix_dp_probe (git-fixes).
- drm/edid: fix invalid EDID extension block filtering (git-fixes).
- drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes).
- drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes).
- drm/komeda: Fix an undefined behavior bug in komeda_plane_add()
(git-fixes).
- drm/mediatek: Fix mtk_cec_mask() (git-fixes).
- drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
(git-fixes).
- drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes).
- drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory
free during pm runtime resume (git-fixes).
- drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes).
- drm/msm/dsi: fix error checks and return values for DSI xmit functions
(git-fixes).
- drm/msm/hdmi: check return value after calling
platform_get_resource_byname() (git-fixes).
- drm/msm/hdmi: fix error check return value of irq_of_parse_and_map()
(git-fixes).
- drm/msm/mdp5: check the return of kzalloc() (git-fixes).
- drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is
detected (git-fixes).
- drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is
detected (git-fixes).
- drm/nouveau: Fix a potential theorical leak in
nouveau_get_backlight_name() (git-fixes).
- drm/nouveau/clk: Fix an incorrect NULL check on list iterator
(git-fixes).
- drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list
iterator (git-fixes).
- drm/nouveau/tegra: Stop using iommu_present() (git-fixes).
- drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01
(git-fixes).
- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes).
- drm/vc4: hvs: Reset muxes at probe time (git-fixes).
- drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes).
- drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes).
- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes).
- EDAC/synopsys: Read the error count from the correct register
(bsc#1178134).
- firewire: core: extend card->lock in fw_core_handle_bus_reset
(git-fixes).
- firewire: fix potential uaf in outbound_phy_packet_callback()
(git-fixes).
- firewire: remove check of list iterator against head past the loop body
(git-fixes).
- firmware: arm_scmi: Fix list protocols enumeration in the base protocol
(git-fixes).
- firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response
(git-fixes).
- firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
(git-fixes).
- firmware: stratix10-svc: fix a missing check on list iterator
(git-fixes).
- genirq: Fix reference leaks on irq affinity notifiers (git-fixes)
- genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes)
- genirq/affinity: Consider that CPUs on nodes can be (git-fixes)
- genirq/affinity: Handle affinity setting on inactive (git-fixes)
- genirq/msi: Ensure deactivation on teardown (git-fixes)
- genirq/proc: Reject invalid affinity masks (again) (git-fixes)
- genirq/timings: Fix error return code in (git-fixes)
- genirq/timings: Prevent potential array overflow in (git-fixes)
- gma500: fix an incorrect NULL check on list iterator (git-fixes).
- gpio: adp5588: Remove support for platform setup and teardown callbacks
(git-fixes).
- gpio: gpio-vf610: do not touch other bits when set the target bit
(git-fixes).
- gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes).
- gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask
not set) (git-fixes).
- gpio: pca953x: use the correct register address to do regcache sync
(git-fixes).
- gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes).
- hex2bin: fix access beyond string end (git-fixes).
- HID: elan: Fix potential double free in elan_input_configured
(git-fixes).
- HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes).
- hinic: fix bug of wq out of bound access (bsc#1176447).
- hwmon: (f71882fg) Fix negative temperature (git-fixes).
- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes).
- hwmon: (tmp401) Add OF device ID table (git-fixes).
- i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes).
- i2c: at91: use dma safe buffers (git-fixes).
- i2c: mt7621: fix missing clk_disable_unprepare() on error in
mtk_i2c_probe() (git-fixes).
- i40e: stop disabling VFs due to PF error responses (git-fixes).
- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (jsc#SLE-12878).
- ice: Clear default forwarding VSI during VSI release (jsc#SLE-12878).
- ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (jsc#SLE-7926).
- ice: Fix race conditions between virtchnl handling and VF ndo ops
(git-fixes).
- ice: synchronize_rcu() when terminating rings (jsc#SLE-7926).
- iio: adc: ad7124: Remove shift from scan_type (git-fixes).
- iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes).
- iio: adc: sc27xx: fix read big scale voltage not right (git-fixes).
- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check
(git-fixes).
- iio: dac: ad5446: Fix read_raw not returning set value (git-fixes).
- iio: dac: ad5592r: Fix the missing return value (git-fixes).
- iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on()
(git-fixes).
- Input: add bounds checking to input_set_capability() (git-fixes).
- Input: ili210x - fix reset timing (git-fixes).
- Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes).
- Input: stmfts - do not leave device disabled in stmfts_input_open
(git-fixes).
- Input: stmfts - fix reference leak in stmfts_input_open (git-fixes).
- iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052).
- ionic: avoid races in ionic_heartbeat_check (bsc#1167773).
- ionic: Cleanups in the Tx hotpath code (bsc#1167773).
- ionic: disable napi when ionic_lif_init() fails (bsc#1167773).
- ionic: Do not send reset commands if FW isn't running (bsc#1167773).
- ionic: fix missing pci_release_regions() on error in ionic_probe()
(bsc#1167773).
- ionic: fix type complaint in ionic_dev_cmd_clean() (jsc#SLE-16649).
- ionic: monitor fw status generation (bsc#1167773).
- ionic: remove the dbid_inuse bitmap (bsc#1167773).
- ionic: start watchdog after all is setup (bsc#1167773).
- ivtv: fix incorrect device_caps for ivtvfb (git-fixes).
- iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes).
- iwlwifi: mvm: fix the return type for DSM functions 1 and 2 (git-fixes).
- jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971).
- kABI: ivtv: restore caps member (git-fixes).
- KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
- KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state
(git-fixes).
- lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes).
- lan743x: remove redundant assignment to variable rx_process_result
(git-fixes).
- lib/raid6/test: fix multiple definition linking error (git-fixes).
- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
(git-fixes).
- mac80211: fix rx reordering with non explicit / psmp ack policy
(git-fixes).
- mac80211: Reset MBSSID parameters upon connection (git-fixes).
- media: davinci: Make use of the helper function
devm_platform_ioremap_resource() (git-fixes).
- media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes).
- media: davinci: vpif: fix use-after-free on driver unbind (git-fixes).
- media: media-entity.h: Fix documentation for media_create_intf_link
(git-fixes).
- media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes).
- media: platform: add missing put_device() call in mtk_jpeg_probe() and
mtk_jpeg_remove() (git-fixes).
- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
(git-fixes).
- media: saa7134: fix incorrect use to determine if list is empty
(git-fixes).
- media: uvcvideo: Fix missing check to determine if element is found in
list (git-fixes).
- media: videobuf2: Fix the size printk format (git-fixes).
- media: vim2m: Register video device after setting up internals
(git-fixes).
- mfd: ipaq-micro: Fix error check return value of platform_get_irq()
(git-fixes).
- misc: ocxl: fix possible double free in ocxl_file_register_afu
(git-fixes).
- mm, page_alloc: fix build_zonerefs_node() (git-fixes).
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove()
(jsc#SLE-15176, jsc#SLE-16387).
- mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD
(git-fixes).
- mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
(git-fixes).
- mt76: Fix undefined behavior due to shift overflowing the constant
(git-fixes).
- mt76: mt7663s: fix rx buffer refcounting (git-fixes).
- mtd: rawnand: fix ecc parameters for mt7622 (git-fixes).
- mtd: rawnand: Fix return value check of wait_for_completion_timeout
(git-fixes).
- mtd: spi-nor: core: Check written SR value in
spi_nor_write_16bit_sr_and_check() (git-fixes).
- net: bcmgenet: Fix a resource leak in an error handling path in the
probe functin (git-fixes).
- net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs
(git-fixes).
- net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes).
- net: ethernet: Fix memleak in ethoc_probe (git-fixes).
- net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered
(git-fixes).
- net: hdlc_ppp: Fix issues when mod_timer is called while timer is
running (git-fixes).
- net: hns3: add a check for index in hclge_get_rss_key() (git-fixes).
- net: hns3: clear inited state and stop client after failed to register
netdev (bsc#1154353).
- net: hns3: fix bug when PF set the duplicate MAC address for VFs
(jsc#SLE-14777).
- net: hns3: fix kernel crash when unload VF while it is being reset
(git-fixes).
- net: korina: fix return value (git-fixes).
- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
(bsc#1183405).
- net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes).
- net: stmmac: dwmac-sun8i: Balance internal PHY resource references
(git-fixes).
- net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes).
- net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes).
- net/mlx5: Fix a race on command flush flow (jsc#SLE-15172).
- net/mlx5e: Fix the calling of update_buffer_lossy() API (jsc#SLE-15172).
- netdevice: demote the type of some dev_addr_set() helpers (bsc#1200216).
- netfilter: conntrack: connection timeout after re-register (bsc#1199035).
- netfilter: conntrack: move synack init code to helper (bsc#1199035).
- netfilter: conntrack: re-init state for retransmitted syn-ack
(bsc#1199035).
- netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
(bsc#1199035).
- netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035).
- netfilter: nft_set_rbtree: overlap detection with element re-addition
after deletion (bsc#1176447).
- NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx
(git-fixes).
- NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
(git-fixes).
- NFC: netlink: fix sleep in atomic bug when firmware download timeout
(git-fixes).
- NFC: nfcmrvl: main: reorder destructive operations in
nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes).
- NFC: NULL out the dev->rfkill to prevent UAF (git-fixes).
- NFS: limit use of ACCESS cache for negative responses (bsc#1196570).
- NFS: Do not invalidate inode attributes on delegation return (git-fixes).
- nl80211: show SSID for P2P_GO interfaces (git-fixes).
- nvdimm/region: always show the 'align' attribute (bsc#1199114).
- nvme-tcp: allow selecting the network interface for connections
(bsc#1199670).
- nvme-tcp: use __dev_get_by_name instead dev_get_by_name for
OPT_HOST_IFACE (bsc#1199670).
- objtool: Fix type of reloc::addend (git-fixes).
- PCI: aardvark: Clear all MSIs at setup (git-fixes).
- PCI: cadence: Fix find_first_zero_bit() limit (git-fixes).
- PCI: Do not enable AtomicOps on VFs (git-fixes).
- PCI: dwc: Fix setting error return on MSI DMA mapping failure
(git-fixes).
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time
(bsc#1199314).
- PCI: imx6: Fix PERST# start-up sequence (git-fixes).
- PCI: iproc: Set affinity mask on MSI interrupts (git-fixes).
- PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes).
- PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes).
- PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes).
- PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes).
- PCI/PM: Power up all devices during runtime resume (git-fixes).
- phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe
(git-fixes).
- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes).
- phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes).
- phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes).
- phy: samsung: exynos5250-sata: fix missing device put in probe error
paths (git-fixes).
- phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
(git-fixes).
- phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe
(git-fixes).
- phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks
(git-fixes).
- pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes).
- pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes).
- pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes).
- pinctrl/rockchip: support deferring other gpio params (git-fixes).
- ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826).
- ping: remove pr_err from ping_lookup (bsc#1195826).
- platform/chrome: cros_ec_debugfs: detach log reader wq from devm
(git-fixes).
- platform/x86: samsung-laptop: Fix an unsigned comparison which can never
be negative (git-fixes).
- powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117
ltc#159753).
- powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521
git-fixes).
- powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask
(bsc#1061840 git-fixes).
- powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395).
- powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269
ltc#169948 git-fixes).
- powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885
ltc#193722 git-fixes).
- powerpc/powernv: Get L1D flush requirements from device-tree
(bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Get STF barrier requirements from device-tree
(bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess
flushes (bsc#1188885 ltc#193722 git-fixes).
- powerpc/xive: Add some error handling code to 'xive_spapr_init()'
(git-fixes).
- powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes).
- pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes).
- pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes).
- qlcnic: Fix error code in probe (git-fixes).
- regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET
(git-fixes).
- regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
(git-fixes).
- reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes).
- revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438).
- rtc: fix use-after-free on device removal (git-fixes).
- rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes).
- rtc: mt6397: check return value after calling platform_get_resource()
(git-fixes).
- sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes).
- sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl
(git-fixes).
- sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes)
- sched/topology: Skip updating masks for non-online nodes (bsc#1197446
ltc#183000).
- scsi: dc395x: Fix a missing check on list iterator (git-fixes).
- scsi: fnic: Fix a tracing statement (git-fixes).
- scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631).
- scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes).
- scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045).
- scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045).
- scsi: lpfc: Change VMID registration to be based on fabric parameters
(bsc#1200045).
- scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI
(bsc#1200045).
- scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045).
- scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE
(bsc#1200045 bsc#1198989 bsc#1197675).
- scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045).
- scsi: lpfc: Decrement outstanding gidft_inp counter if
lpfc_err_lost_link() (bsc#1200045).
- scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE
(bsc#1200045).
- scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045).
- scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els()
(bsc#1200045).
- scsi: lpfc: Fix call trace observed during I/O with CMF enabled
(bsc#1200045).
- scsi: lpfc: Fix diagnostic fw logging after a function reset
(bsc#1200045).
- scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event()
(bsc#1200045).
- scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4()
(bsc#1200045).
- scsi: lpfc: Fix field overload in lpfc_iocbq data structure
(bsc#1200045).
- scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045).
- scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI
and PLOGI (bsc#1200045).
- scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp()
(bsc#1200045).
- scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock
(bsc#1200045).
- scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045 bsc#1198989
bsc#1197675).
- scsi: lpfc: Inhibit aborts if external loopback plug is inserted
(bsc#1200045).
- scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN
completion (bsc#1200045).
- scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg()
(bsc#1200045).
- scsi: lpfc: Move MI module parameter check to handle dynamic disable
(bsc#1200045).
- scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT
(bsc#1200045).
- scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045).
- scsi: lpfc: Register for Application Services FC-4 type in Fabric
topology (bsc#1200045).
- scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports
(bsc#1200045).
- scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045).
- scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe()
(bsc#1200045).
- scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path
(bsc#1200045).
- scsi: lpfc: Remove unneeded variable (bsc#1200045).
- scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down
(bsc#1200045).
- scsi: lpfc: Revise FDMI reporting of supported port speed for trunk
groups (bsc#1200045).
- scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045).
- scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or
aborted (bsc#1200045).
- scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan
(bsc#1200045).
- scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB
submit (bsc#1200045).
- scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045).
- scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045).
- scsi: lpfc: Update stat accounting for READ_STATUS mbox command
(bsc#1200045).
- scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check()
(bsc#1200045).
- scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O
(bsc#1200045).
- scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045).
- scsi: pm8001: Fix abort all task initialization (git-fixes).
- scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
(git-fixes).
- scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
(git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req()
(git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req()
(git-fixes).
- scsi: pm8001: Fix le32 values handling in
pm80xx_set_sas_protocol_timer_config() (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes).
- scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update()
(git-fixes).
- scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
(git-fixes).
- scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes).
- scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes).
- scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046).
- scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046).
- scsi: qla2xxx: Remove free_sg command flag (bsc#1200046).
- scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046).
- scsi: sr: Do not leak information in ioctl (git-fixes).
- scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes).
- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
(git-fixes).
- scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes).
- scsi: virtio-scsi: Eliminate anonymous module_init & module_exit
(git-fixes).
- scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes).
- selftests: firmware: Use smaller dictionary for XZ compression
(git-fixes).
- serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes).
- serial: 8250_mtk: Fix register address for XON/XOFF character
(git-fixes).
- serial: 8250_mtk: Fix UART_EFR register address (git-fixes).
- serial: 8250: Also set sticky MCR bits in console restoration
(git-fixes).
- serial: 8250: core: Remove unneeded <linux/pm_runtime.h> (git-fixes).
- serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
(git-fixes).
- serial: 8250: pxa: Remove unneeded <linux/pm_runtime.h> (git-fixes).
- serial: digicolor-usart: Do not allow CS5-6 (git-fixes).
- serial: imx: fix overrun interrupts in DMA mode (git-fixes).
- serial: meson: acquire port->lock in startup() (git-fixes).
- serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes).
- serial: rda-uart: Do not allow CS5-6 (git-fixes).
- serial: sh-sci: Do not allow CS5-6 (git-fixes).
- serial: sifive: Sanitize CSIZE and c_iflag (git-fixes).
- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes).
- serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes).
- serial: txx9: Do not allow CS5-6 (git-fixes).
- slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes).
- smp: Fix offline cpu check in flush_smp_call_function_queue()
(git-fixes).
- smsc911x: allow using IRQ0 (git-fixes).
- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
(git-fixes).
- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes).
- soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes).
- spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes).
- spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes).
- spi: spi-fsl-qspi: check return value after calling
platform_get_resource_byname() (git-fixes).
- spi: spi-ti-qspi: Fix return value handling of
wait_for_completion_timeout (git-fixes).
- staging: fieldbus: Fix the error handling path in
anybuss_host_common_probe() (git-fixes).
- SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
- SUNRPC: Ensure that the gssproxy client can start in a connected state
(git-fixes).
- thermal: int340x: Fix attr.show callback prototype (git-fixes).
- thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes).
- thermal/drivers/broadcom: Fix potential NULL dereference in
sr_thermal_probe (git-fixes).
- timekeeping: Really make sure wall_to_monotonic isn't (git-fixes)
- timers: Fix warning condition in __run_timers() (git-fixes)
- tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes).
- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
(bsc#1065729).
- tracing: Fix potential double free in create_var_ref() (git-fixes).
- tracing: Fix return value of trace_pid_write() (git-fixes).
- tty: fix deadlock caused by calling printk() under tty_port->lock
(git-fixes).
- tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes).
- tty: serial: fsl_lpuart: fix potential bug when using both
of_alias_get_id and ida_simple_get (git-fixes).
- tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe
(git-fixes).
- tty/serial: digicolor: fix possible null-ptr-deref in
digicolor_uart_probe() (git-fixes).
- usb: cdc-wdm: fix reading stuck on device close (git-fixes).
- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes).
- usb: ehci-omap: drop unused ehci_read() function (git-fixes).
- usb: gadget: configfs: clear deactivation flag in
configfs_composite_unbind() (git-fixes).
- usb: misc: fix improper handling of refcount in uss720_probe()
(git-fixes).
- usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes).
- usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes).
- usb: quirks: add a Realtek card reader (git-fixes).
- usb: quirks: add STRING quirk for VCOM device (git-fixes).
- usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes).
- usb: serial: option: add Fibocom L610 modem (git-fixes).
- usb: serial: option: add Fibocom MA510 modem (git-fixes).
- usb: serial: option: add support for Cinterion MV32-WA/MV32-WB
(git-fixes).
- usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
(git-fixes).
- usb: serial: pl2303: add device id for HP LM930 Display (git-fixes).
- usb: serial: qcserial: add support for Sierra Wireless EM7590
(git-fixes).
- usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
(git-fixes).
- usb: storage: karma: fix rio_karma_init return (git-fixes).
- usb: typec: mux: Check dev_set_name() return value (git-fixes).
- usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes).
- usb: typec: ucsi: Fix reuse of completion structure (git-fixes).
- usb: typec: ucsi: Fix role swapping (git-fixes).
- usb: usbip: add missing device lock on tweak configuration cmd
(git-fixes).
- usb: usbip: fix a refcount leak in stub_probe() (git-fixes).
- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
(git-fixes).
- watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes).
- wifi: mac80211: fix use-after-free in chanctx code (git-fixes).
- wireguard: device: check for metadata_dst with skb_valid_dst()
(git-fixes).
- xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms
(git-fixes).
- xhci: stop polling roothubs after shutdown (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2078=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2078=1
- SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2078=1
- SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2078=1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2078=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2078=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2078=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2078=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2078=1
- SUSE Linux Enterprise High Availability 15-SP3:
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2078=1
Package List:
- openSUSE Leap 15.4 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-150300.59.71.2
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.71.2
dlm-kmp-preempt-5.3.18-150300.59.71.2
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.71.2
gfs2-kmp-preempt-5.3.18-150300.59.71.2
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.71.2
kernel-preempt-5.3.18-150300.59.71.2
kernel-preempt-debuginfo-5.3.18-150300.59.71.2
kernel-preempt-debugsource-5.3.18-150300.59.71.2
kernel-preempt-devel-5.3.18-150300.59.71.2
kernel-preempt-devel-debuginfo-5.3.18-150300.59.71.2
kernel-preempt-extra-5.3.18-150300.59.71.2
kernel-preempt-extra-debuginfo-5.3.18-150300.59.71.2
kernel-preempt-livepatch-devel-5.3.18-150300.59.71.2
kernel-preempt-optional-5.3.18-150300.59.71.2
kernel-preempt-optional-debuginfo-5.3.18-150300.59.71.2
kselftests-kmp-preempt-5.3.18-150300.59.71.2
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.71.2
ocfs2-kmp-preempt-5.3.18-150300.59.71.2
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.71.2
reiserfs-kmp-preempt-5.3.18-150300.59.71.2
reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.71.2
- openSUSE Leap 15.4 (aarch64):
dtb-al-5.3.18-150300.59.71.1
dtb-zte-5.3.18-150300.59.71.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-150300.59.71.2
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.71.2
dlm-kmp-default-5.3.18-150300.59.71.2
dlm-kmp-default-debuginfo-5.3.18-150300.59.71.2
gfs2-kmp-default-5.3.18-150300.59.71.2
gfs2-kmp-default-debuginfo-5.3.18-150300.59.71.2
kernel-default-5.3.18-150300.59.71.2
kernel-default-base-5.3.18-150300.59.71.2.150300.18.43.2
kernel-default-base-rebuild-5.3.18-150300.59.71.2.150300.18.43.2
kernel-default-debuginfo-5.3.18-150300.59.71.2
kernel-default-debugsource-5.3.18-150300.59.71.2
kernel-default-devel-5.3.18-150300.59.71.2
kernel-default-devel-debuginfo-5.3.18-150300.59.71.2
kernel-default-extra-5.3.18-150300.59.71.2
kernel-default-extra-debuginfo-5.3.18-150300.59.71.2
kernel-default-livepatch-5.3.18-150300.59.71.2
kernel-default-livepatch-devel-5.3.18-150300.59.71.2
kernel-default-optional-5.3.18-150300.59.71.2
kernel-default-optional-debuginfo-5.3.18-150300.59.71.2
kernel-obs-build-5.3.18-150300.59.71.2
kernel-obs-build-debugsource-5.3.18-150300.59.71.2
kernel-obs-qa-5.3.18-150300.59.71.1
kernel-syms-5.3.18-150300.59.71.1
kselftests-kmp-default-5.3.18-150300.59.71.2
kselftests-kmp-default-debuginfo-5.3.18-150300.59.71.2
ocfs2-kmp-default-5.3.18-150300.59.71.2
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.71.2
reiserfs-kmp-default-5.3.18-150300.59.71.2
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.71.2
- openSUSE Leap 15.3 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-150300.59.71.2
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.71.2
dlm-kmp-preempt-5.3.18-150300.59.71.2
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.71.2
gfs2-kmp-preempt-5.3.18-150300.59.71.2
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.71.2
kernel-preempt-5.3.18-150300.59.71.2
kernel-preempt-debuginfo-5.3.18-150300.59.71.2
kernel-preempt-debugsource-5.3.18-150300.59.71.2
kernel-preempt-devel-5.3.18-150300.59.71.2
kernel-preempt-devel-debuginfo-5.3.18-150300.59.71.2
kernel-preempt-extra-5.3.18-150300.59.71.2
kernel-preempt-extra-debuginfo-5.3.18-150300.59.71.2
kernel-preempt-livepatch-devel-5.3.18-150300.59.71.2
kernel-preempt-optional-5.3.18-150300.59.71.2
kernel-preempt-optional-debuginfo-5.3.18-150300.59.71.2
kselftests-kmp-preempt-5.3.18-150300.59.71.2
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.71.2
ocfs2-kmp-preempt-5.3.18-150300.59.71.2
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.71.2
reiserfs-kmp-preempt-5.3.18-150300.59.71.2
reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.71.2
- openSUSE Leap 15.3 (ppc64le x86_64):
kernel-debug-5.3.18-150300.59.71.2
kernel-debug-debuginfo-5.3.18-150300.59.71.2
kernel-debug-debugsource-5.3.18-150300.59.71.2
kernel-debug-devel-5.3.18-150300.59.71.2
kernel-debug-devel-debuginfo-5.3.18-150300.59.71.2
kernel-debug-livepatch-devel-5.3.18-150300.59.71.2
kernel-kvmsmall-5.3.18-150300.59.71.2
kernel-kvmsmall-debuginfo-5.3.18-150300.59.71.2
kernel-kvmsmall-debugsource-5.3.18-150300.59.71.2
kernel-kvmsmall-devel-5.3.18-150300.59.71.2
kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.71.2
kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.71.2
- openSUSE Leap 15.3 (aarch64):
cluster-md-kmp-64kb-5.3.18-150300.59.71.2
cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.71.2
dlm-kmp-64kb-5.3.18-150300.59.71.2
dlm-kmp-64kb-debuginfo-5.3.18-150300.59.71.2
dtb-al-5.3.18-150300.59.71.1
dtb-allwinner-5.3.18-150300.59.71.1
dtb-altera-5.3.18-150300.59.71.1
dtb-amd-5.3.18-150300.59.71.1
dtb-amlogic-5.3.18-150300.59.71.1
dtb-apm-5.3.18-150300.59.71.1
dtb-arm-5.3.18-150300.59.71.1
dtb-broadcom-5.3.18-150300.59.71.1
dtb-cavium-5.3.18-150300.59.71.1
dtb-exynos-5.3.18-150300.59.71.1
dtb-freescale-5.3.18-150300.59.71.1
dtb-hisilicon-5.3.18-150300.59.71.1
dtb-lg-5.3.18-150300.59.71.1
dtb-marvell-5.3.18-150300.59.71.1
dtb-mediatek-5.3.18-150300.59.71.1
dtb-nvidia-5.3.18-150300.59.71.1
dtb-qcom-5.3.18-150300.59.71.1
dtb-renesas-5.3.18-150300.59.71.1
dtb-rockchip-5.3.18-150300.59.71.1
dtb-socionext-5.3.18-150300.59.71.1
dtb-sprd-5.3.18-150300.59.71.1
dtb-xilinx-5.3.18-150300.59.71.1
dtb-zte-5.3.18-150300.59.71.1
gfs2-kmp-64kb-5.3.18-150300.59.71.2
gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.71.2
kernel-64kb-5.3.18-150300.59.71.2
kernel-64kb-debuginfo-5.3.18-150300.59.71.2
kernel-64kb-debugsource-5.3.18-150300.59.71.2
kernel-64kb-devel-5.3.18-150300.59.71.2
kernel-64kb-devel-debuginfo-5.3.18-150300.59.71.2
kernel-64kb-extra-5.3.18-150300.59.71.2
kernel-64kb-extra-debuginfo-5.3.18-150300.59.71.2
kernel-64kb-livepatch-devel-5.3.18-150300.59.71.2
kernel-64kb-optional-5.3.18-150300.59.71.2
kernel-64kb-optional-debuginfo-5.3.18-150300.59.71.2
kselftests-kmp-64kb-5.3.18-150300.59.71.2
kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.71.2
ocfs2-kmp-64kb-5.3.18-150300.59.71.2
ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.71.2
reiserfs-kmp-64kb-5.3.18-150300.59.71.2
reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.71.2
- openSUSE Leap 15.3 (noarch):
kernel-devel-5.3.18-150300.59.71.2
kernel-docs-5.3.18-150300.59.71.2
kernel-docs-html-5.3.18-150300.59.71.2
kernel-macros-5.3.18-150300.59.71.2
kernel-source-5.3.18-150300.59.71.2
kernel-source-vanilla-5.3.18-150300.59.71.2
- openSUSE Leap 15.3 (s390x):
kernel-zfcpdump-5.3.18-150300.59.71.2
kernel-zfcpdump-debuginfo-5.3.18-150300.59.71.2
kernel-zfcpdump-debugsource-5.3.18-150300.59.71.2
- SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
kernel-default-debuginfo-5.3.18-150300.59.71.2
kernel-default-debugsource-5.3.18-150300.59.71.2
kernel-default-extra-5.3.18-150300.59.71.2
kernel-default-extra-debuginfo-5.3.18-150300.59.71.2
kernel-preempt-debuginfo-5.3.18-150300.59.71.2
kernel-preempt-debugsource-5.3.18-150300.59.71.2
kernel-preempt-extra-5.3.18-150300.59.71.2
kernel-preempt-extra-debuginfo-5.3.18-150300.59.71.2
- SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):
kernel-default-debuginfo-5.3.18-150300.59.71.2
kernel-default-debugsource-5.3.18-150300.59.71.2
kernel-default-livepatch-5.3.18-150300.59.71.2
kernel-default-livepatch-devel-5.3.18-150300.59.71.2
kernel-livepatch-5_3_18-150300_59_71-default-1-150300.7.3.2
- SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-default-debuginfo-5.3.18-150300.59.71.2
kernel-default-debugsource-5.3.18-150300.59.71.2
reiserfs-kmp-default-5.3.18-150300.59.71.2
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.71.2
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-5.3.18-150300.59.71.2
kernel-obs-build-debugsource-5.3.18-150300.59.71.2
kernel-syms-5.3.18-150300.59.71.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):
kernel-preempt-debuginfo-5.3.18-150300.59.71.2
kernel-preempt-debugsource-5.3.18-150300.59.71.2
kernel-preempt-devel-5.3.18-150300.59.71.2
kernel-preempt-devel-debuginfo-5.3.18-150300.59.71.2
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):
kernel-docs-5.3.18-150300.59.71.2
kernel-source-5.3.18-150300.59.71.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-default-5.3.18-150300.59.71.2
kernel-default-base-5.3.18-150300.59.71.2.150300.18.43.2
kernel-default-debuginfo-5.3.18-150300.59.71.2
kernel-default-debugsource-5.3.18-150300.59.71.2
kernel-default-devel-5.3.18-150300.59.71.2
kernel-default-devel-debuginfo-5.3.18-150300.59.71.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):
kernel-preempt-5.3.18-150300.59.71.2
kernel-preempt-debuginfo-5.3.18-150300.59.71.2
kernel-preempt-debugsource-5.3.18-150300.59.71.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64):
kernel-64kb-5.3.18-150300.59.71.2
kernel-64kb-debuginfo-5.3.18-150300.59.71.2
kernel-64kb-debugsource-5.3.18-150300.59.71.2
kernel-64kb-devel-5.3.18-150300.59.71.2
kernel-64kb-devel-debuginfo-5.3.18-150300.59.71.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
kernel-devel-5.3.18-150300.59.71.2
kernel-macros-5.3.18-150300.59.71.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x):
kernel-zfcpdump-5.3.18-150300.59.71.2
kernel-zfcpdump-debuginfo-5.3.18-150300.59.71.2
kernel-zfcpdump-debugsource-5.3.18-150300.59.71.2
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
kernel-default-5.3.18-150300.59.71.2
kernel-default-base-5.3.18-150300.59.71.2.150300.18.43.2
kernel-default-debuginfo-5.3.18-150300.59.71.2
kernel-default-debugsource-5.3.18-150300.59.71.2
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
kernel-default-5.3.18-150300.59.71.2
kernel-default-base-5.3.18-150300.59.71.2.150300.18.43.2
kernel-default-debuginfo-5.3.18-150300.59.71.2
kernel-default-debugsource-5.3.18-150300.59.71.2
- SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-150300.59.71.2
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.71.2
dlm-kmp-default-5.3.18-150300.59.71.2
dlm-kmp-default-debuginfo-5.3.18-150300.59.71.2
gfs2-kmp-default-5.3.18-150300.59.71.2
gfs2-kmp-default-debuginfo-5.3.18-150300.59.71.2
kernel-default-debuginfo-5.3.18-150300.59.71.2
kernel-default-debugsource-5.3.18-150300.59.71.2
ocfs2-kmp-default-5.3.18-150300.59.71.2
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.71.2
References:
https://www.suse.com/security/cve/CVE-2019-19377.html
https://www.suse.com/security/cve/CVE-2021-33061.html
https://www.suse.com/security/cve/CVE-2022-0168.html
https://www.suse.com/security/cve/CVE-2022-1184.html
https://www.suse.com/security/cve/CVE-2022-1652.html
https://www.suse.com/security/cve/CVE-2022-1729.html
https://www.suse.com/security/cve/CVE-2022-1972.html
https://www.suse.com/security/cve/CVE-2022-20008.html
https://www.suse.com/security/cve/CVE-2022-21123.html
https://www.suse.com/security/cve/CVE-2022-21125.html
https://www.suse.com/security/cve/CVE-2022-21127.html
https://www.suse.com/security/cve/CVE-2022-21166.html
https://www.suse.com/security/cve/CVE-2022-21180.html
https://www.suse.com/security/cve/CVE-2022-30594.html
https://bugzilla.suse.com/1055117
https://bugzilla.suse.com/1061840
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1103269
https://bugzilla.suse.com/1118212
https://bugzilla.suse.com/1153274
https://bugzilla.suse.com/1154353
https://bugzilla.suse.com/1156395
https://bugzilla.suse.com/1158266
https://bugzilla.suse.com/1167773
https://bugzilla.suse.com/1176447
https://bugzilla.suse.com/1178134
https://bugzilla.suse.com/1180100
https://bugzilla.suse.com/1183405
https://bugzilla.suse.com/1188885
https://bugzilla.suse.com/1195826
https://bugzilla.suse.com/1196426
https://bugzilla.suse.com/1196478
https://bugzilla.suse.com/1196570
https://bugzilla.suse.com/1196840
https://bugzilla.suse.com/1197446
https://bugzilla.suse.com/1197472
https://bugzilla.suse.com/1197601
https://bugzilla.suse.com/1197675
https://bugzilla.suse.com/1198438
https://bugzilla.suse.com/1198577
https://bugzilla.suse.com/1198971
https://bugzilla.suse.com/1198989
https://bugzilla.suse.com/1199035
https://bugzilla.suse.com/1199052
https://bugzilla.suse.com/1199063
https://bugzilla.suse.com/1199114
https://bugzilla.suse.com/1199314
https://bugzilla.suse.com/1199505
https://bugzilla.suse.com/1199507
https://bugzilla.suse.com/1199564
https://bugzilla.suse.com/1199626
https://bugzilla.suse.com/1199631
https://bugzilla.suse.com/1199650
https://bugzilla.suse.com/1199670
https://bugzilla.suse.com/1199839
https://bugzilla.suse.com/1200019
https://bugzilla.suse.com/1200045
https://bugzilla.suse.com/1200046
https://bugzilla.suse.com/1200192
https://bugzilla.suse.com/1200216
1
0
SUSE-SU-2022:2079-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 14 Jun '22
by opensuse-security@opensuse.org 14 Jun '22
14 Jun '22
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2079-1
Rating: important
References: #1055117 #1061840 #1065729 #1103269 #1118212
#1152472 #1152489 #1153274 #1154353 #1156395
#1158266 #1167773 #1176447 #1178134 #1180100
#1183405 #1188885 #1195612 #1195651 #1195826
#1196426 #1196478 #1196570 #1196840 #1197446
#1197472 #1197601 #1197675 #1198438 #1198534
#1198577 #1198971 #1198989 #1199035 #1199052
#1199063 #1199114 #1199314 #1199505 #1199507
#1199564 #1199626 #1199631 #1199650 #1199670
#1199839 #1200019 #1200045 #1200046 #1200192
#1200216 SLE-13521 SLE-16387
Cross-References: CVE-2019-19377 CVE-2021-33061 CVE-2022-0168
CVE-2022-1184 CVE-2022-1652 CVE-2022-1729
CVE-2022-1972 CVE-2022-20008 CVE-2022-21123
CVE-2022-21125 CVE-2022-21127 CVE-2022-21166
CVE-2022-21180 CVE-2022-24448 CVE-2022-30594
CVSS scores:
CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-0168 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CVE-2022-1972 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20008 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-20008 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-24448 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2022-24448 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Public Cloud 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves 15 vulnerabilities, contains two
features and has 36 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to
privilege escalation. (bsc#1200019)
- CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self
(bsc#1199507).
- CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when
mounting and operating on a corrupted image. (bsc#1198577)
- CVE-2022-1652: Fixed a statically allocated error counter inside the
floppy kernel module (bsc#1199063).
- CVE-2022-30594: Fixed restriction bypass on setting the
PT_SUSPEND_SECCOMP flag (bnc#1199505).
- CVE-2021-33061: Fixed insufficient control flow management for the
Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed
an authenticated user to potentially enable denial of service via local
access (bnc#1196426).
- CVE-2019-19377: Fixed an user-after-free that could be triggered when an
attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
- CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to
uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564)
- CVE-2022-0168: Fixed a NULL pointer dereference in
smb2_ioctl_query_info. (bsc#1197472)
- CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY
flag, and tries to open a regular file, nfs_atomic_open() performs a
regular lookup. If a regular file is found, ENOTDIR should have occured,
but the server instead returned uninitialized data in the file
descriptor (bsc#1195612).
The following non-security bugs were fixed:
- ACPI: property: Release subnode properties with data nodes (git-fixes).
- ALSA: ctxfi: Add SB046x PCI ID (git-fixes).
- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
(git-fixes).
- ALSA: hda - fix unused Realtek function when PM is not enabled
(git-fixes).
- ALSA: hda/realtek - Add new type for ALC245 (git-fixes).
- ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
(git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop
(git-fixes).
- ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes).
- ALSA: pcm: Check for null pointer of pointer substream before
dereferencing it (git-fixes).
- ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes).
- ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes).
- ALSA: usb-audio: Configure sync endpoints before data (git-fixes).
- ALSA: usb-audio: Fix undefined behavior due to shift overflowing the
constant (git-fixes).
- ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes).
- ALSA: wavefront: Proper check of get_user() error (git-fixes).
- ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling
(git-fixes)
- ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes)
- ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes)
- ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes)
- ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes)
- ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes)
- ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes)
- ARM: dts: at91: fix pinctrl phandles (git-fixes)
- ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes)
- ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes)
- ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes)
- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes)
- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes)
- ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED
(git-fixes)
- ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C
(git-fixes)
- ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes)
- ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes)
- ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes)
- ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group
(git-fixes)
- ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes)
- ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes)
- ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes)
- ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes)
- ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes)
- ARM: dts: meson: Fix the UART compatible strings (git-fixes)
- ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes)
- ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes)
- ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes)
- ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes)
- ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes)
- ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes)
- ARM: mediatek: select arch timer for mt7629 (git-fixes)
- ARM: omap: remove debug-leds driver (git-fixes)
- ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes)
- ARM: socfpga: dts: fix qspi node compatible (git-fixes)
- ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes)
- ARM: tegra: Move panels to AUX bus (git-fixes)
- arm64: dts: broadcom: Fix sata nodename (git-fixes)
- arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes)
- arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes)
- arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes).
- arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions
(git-fixes)
- arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes)
- ASoC: atmel-classd: Remove endianness flag on class d component
(git-fixes).
- ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes).
- ASoC: da7219: Fix change notifications for tone generator frequency
(git-fixes).
- ASoC: dmaengine: Restore NULL prepare_slave_config() callback
(git-fixes).
- ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes).
- ASoC: max98090: Generate notifications on changes for custom control
(git-fixes).
- ASoC: max98090: Move check for invalid values before casting in
max98090_put_enab_tlv() (git-fixes).
- ASoC: max98090: Reject invalid values in custom control put()
(git-fixes).
- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
(git-fixes).
- ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
(git-fixes).
- ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes).
- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes).
- ASoC: ops: Validate input values in snd_soc_put_volsw_range()
(git-fixes).
- ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes).
- ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
(git-fixes).
- ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes).
- ASoC: wm2000: fix missing clk_disable_unprepare() on error in
wm2000_anc_transition() (git-fixes).
- ASoC: wm8958: Fix change notifications for DSP controls (git-fixes).
- assoc_array: Fix BUG_ON during garbage collect (git-fixes).
- ata: pata_hpt37x: fix PCI clock detection (git-fixes).
- ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes).
- ath9k_htc: fix potential out of bounds access with invalid
rxstatus->rs_keyix (git-fixes).
- ath9k: fix ar9003_get_eepmisc (git-fixes).
- backlight: qcom-wled: Respect enabled-strings in set_brightness
(bsc#1152489)
- batman-adv: Do not skb_split skbuffs with frag_list (git-fixes).
- blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045).
- Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed
(git-fixes).
- Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
(git-fixes).
- Bluetooth: Fix the creation of hdev->name (git-fixes).
- Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes).
- bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag
(jsc#SLE-8371 bsc#1153274).
- bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075).
- brcmfmac: sdio: Fix undefined behavior due to shift overflowing the
constant (git-fixes).
- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create()
(git-fixes).
- bus: ti-sysc: Fix warnings for unbind for serial (git-fixes).
- can: grcan: grcan_close(): fix deadlock (git-fixes).
- can: grcan: use ofdev->dev when allocating DMA memory (git-fixes).
- carl9170: tx: fix an incorrect use of list iterator (git-fixes).
- ceph: fix setting of xattrs on async created inodes (bsc#1200192).
- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in
cpuset_init_smp() (bsc#1199839).
- clk: at91: generated: consider range when calculating best rate
(git-fixes).
- clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes).
- clk: imx8mp: fix usb_root_clk parent (git-fixes).
- clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes).
- clk: sunxi: sun9i-mmc: check return value after calling
platform_get_resource() (git-fixes).
- copy_process(): Move fd_install() out of sighand->siglock critical
section (bsc#1199626).
- crypto: caam - fix i.MX6SX entropy delay value (git-fixes).
- crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes).
- crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes).
- crypto: x86 - eliminate anonymous module_init & module_exit (git-fixes).
- crypto: x86/chacha20 - Avoid spurious jumps to other functions
(git-fixes).
- dim: initialize all struct fields (git-fixes).
- dmaengine: idxd: Fix the error handling path in idxd_cdev_register()
(git-fixes).
- dmaengine: stm32-mdma: remove GISR1 register (git-fixes).
- docs: powerpc: Fix misspellings and grammar errors (bsc#1055117
ltc#159753).
- docs: submitting-patches: Fix crossref to 'The canonical patch format'
(git-fixes).
- drbd: fix an invalid memory access caused by incorrect use of list
iterator (git-fixes).
- drbd: fix duplicate array initializer (git-fixes).
- drbd: Fix five use after free bugs in get_initial_state (git-fixes).
- drbd: remove assign_p_sizes_qlim (git-fixes).
- drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes).
- drbd: use bdev_alignment_offset instead of queue_alignment_offset
(git-fixes).
- driver core: fix deadlock in __device_attach (git-fixes).
- driver: base: fix UAF when driver_attach failed (git-fixes).
- drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION()
(git-fixes)
- drivers/base/memory: fix an unlikely reference counting issue in
__add_memory_block() (git-fixes).
- drivers/base/node.c: fix compaction sysfs file leak (git-fixes).
- drm: mali-dp: potential dereference of null pointer (git-fixes).
- drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes).
- drm: sti: do not use kernel-doc markers (git-fixes).
- drm/amd/display: Fix memory leak in dcn21_clock_source_create
(bsc#1152472)
- drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version,
environment} types (git-fixes).
- drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489)
- drm/amdkfd: Fix GWS queue count (git-fixes).
- drm/blend: fix typo in the comment (git-fixes).
- drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes).
- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
(git-fixes).
- drm/bridge: Fix error handling in analogix_dp_probe (git-fixes).
- drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472)
- drm/edid: fix invalid EDID extension block filtering (git-fixes).
- drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472)
- drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489)
- drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes).
- drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes).
- drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489)
- drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489)
- drm/komeda: Fix an undefined behavior bug in komeda_plane_add()
(git-fixes).
- drm/mediatek: Fix mtk_cec_mask() (git-fixes).
- drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
(git-fixes).
- drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes).
- drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory
free during pm runtime resume (git-fixes).
- drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes).
- drm/msm/dsi: fix error checks and return values for DSI xmit functions
(git-fixes).
- drm/msm/hdmi: check return value after calling
platform_get_resource_byname() (git-fixes).
- drm/msm/hdmi: fix error check return value of irq_of_parse_and_map()
(git-fixes).
- drm/msm/mdp5: check the return of kzalloc() (git-fixes).
- drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is
detected (git-fixes).
- drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is
detected (git-fixes).
- drm/nouveau: Fix a potential theorical leak in
nouveau_get_backlight_name() (git-fixes).
- drm/nouveau/clk: Fix an incorrect NULL check on list iterator
(git-fixes).
- drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list
iterator (git-fixes).
- drm/nouveau/tegra: Stop using iommu_present() (git-fixes).
- drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01
(git-fixes).
- drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472)
- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes).
- drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534)
- drm/vc4: hvs: Reset muxes at probe time (git-fixes).
- drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes).
- drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes).
- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes).
- drm/vmwgfx: Remove unused compile options (bsc#1152472)
- EDAC/synopsys: Read the error count from the correct register
(bsc#1178134).
- firewire: core: extend card->lock in fw_core_handle_bus_reset
(git-fixes).
- firewire: fix potential uaf in outbound_phy_packet_callback()
(git-fixes).
- firewire: remove check of list iterator against head past the loop body
(git-fixes).
- firmware: arm_scmi: Fix list protocols enumeration in the base protocol
(git-fixes).
- firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response
(git-fixes).
- firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
(git-fixes).
- firmware: stratix10-svc: fix a missing check on list iterator
(git-fixes).
- Fix double fget() in vhost_net_set_backend() (git-fixes).
- genirq: Fix reference leaks on irq affinity notifiers (git-fixes)
- genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes)
- genirq/affinity: Consider that CPUs on nodes can be (git-fixes)
- genirq/affinity: Handle affinity setting on inactive (git-fixes)
- genirq/msi: Ensure deactivation on teardown (git-fixes)
- genirq/proc: Reject invalid affinity masks (again) (git-fixes)
- genirq/timings: Fix error return code in (git-fixes)
- genirq/timings: Prevent potential array overflow in (git-fixes)
- gma500: fix an incorrect NULL check on list iterator (git-fixes).
- gpio: adp5588: Remove support for platform setup and teardown callbacks
(git-fixes).
- gpio: gpio-vf610: do not touch other bits when set the target bit
(git-fixes).
- gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes).
- gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask
not set) (git-fixes).
- gpio: pca953x: use the correct register address to do regcache sync
(git-fixes).
- gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes).
- hex2bin: fix access beyond string end (git-fixes).
- HID: elan: Fix potential double free in elan_input_configured
(git-fixes).
- HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes).
- hinic: fix bug of wq out of bound access (bsc#1176447).
- hwmon: (f71882fg) Fix negative temperature (git-fixes).
- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes).
- hwmon: (tmp401) Add OF device ID table (git-fixes).
- i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes).
- i2c: at91: use dma safe buffers (git-fixes).
- i2c: mt7621: fix missing clk_disable_unprepare() on error in
mtk_i2c_probe() (git-fixes).
- i40e: stop disabling VFs due to PF error responses (git-fixes).
- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (jsc#SLE-12878).
- ice: Clear default forwarding VSI during VSI release (jsc#SLE-12878).
- ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (jsc#SLE-7926).
- ice: Fix race conditions between virtchnl handling and VF ndo ops
(git-fixes).
- ice: synchronize_rcu() when terminating rings (jsc#SLE-7926).
- iio: adc: ad7124: Remove shift from scan_type (git-fixes).
- iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes).
- iio: adc: sc27xx: fix read big scale voltage not right (git-fixes).
- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check
(git-fixes).
- iio: dac: ad5446: Fix read_raw not returning set value (git-fixes).
- iio: dac: ad5592r: Fix the missing return value (git-fixes).
- iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on()
(git-fixes).
- Input: add bounds checking to input_set_capability() (git-fixes).
- Input: ili210x - fix reset timing (git-fixes).
- Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes).
- Input: stmfts - do not leave device disabled in stmfts_input_open
(git-fixes).
- Input: stmfts - fix reference leak in stmfts_input_open (git-fixes).
- iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052).
- ionic: avoid races in ionic_heartbeat_check (bsc#1167773).
- ionic: Cleanups in the Tx hotpath code (bsc#1167773).
- ionic: disable napi when ionic_lif_init() fails (bsc#1167773).
- ionic: Do not send reset commands if FW isn't running (bsc#1167773).
- ionic: fix missing pci_release_regions() on error in ionic_probe()
(bsc#1167773).
- ionic: fix type complaint in ionic_dev_cmd_clean() (jsc#SLE-16649).
- ionic: monitor fw status generation (bsc#1167773).
- ionic: remove the dbid_inuse bitmap (bsc#1167773).
- ionic: start watchdog after all is setup (bsc#1167773).
- ivtv: fix incorrect device_caps for ivtvfb (git-fixes).
- iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes).
- iwlwifi: mvm: fix the return type for DSM functions 1 and 2 (git-fixes).
- jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971).
- kABI: ivtv: restore caps member (git-fixes).
- Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH
(git-fixes).
- KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
- KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state
(git-fixes).
- lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes).
- lan743x: remove redundant assignment to variable rx_process_result
(git-fixes).
- lib/raid6/test: fix multiple definition linking error (git-fixes).
- lpfc: Readd update to version 14.2.0.1 (bsc#1197675 bsc#1196478
bsc#1198989) The update was reverted due to some regression on older
hardware. These have been fixed in the meantime, thus update the driver.
- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
(git-fixes).
- mac80211: fix rx reordering with non explicit / psmp ack policy
(git-fixes).
- mac80211: Reset MBSSID parameters upon connection (git-fixes).
- media: davinci: Make use of the helper function
devm_platform_ioremap_resource() (git-fixes).
- media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes).
- media: davinci: vpif: fix use-after-free on driver unbind (git-fixes).
- media: media-entity.h: Fix documentation for media_create_intf_link
(git-fixes).
- media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes).
- media: platform: add missing put_device() call in mtk_jpeg_probe() and
mtk_jpeg_remove() (git-fixes).
- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
(git-fixes).
- media: saa7134: fix incorrect use to determine if list is empty
(git-fixes).
- media: uvcvideo: Fix missing check to determine if element is found in
list (git-fixes).
- media: videobuf2: Fix the size printk format (git-fixes).
- media: vim2m: Register video device after setting up internals
(git-fixes).
- mfd: ipaq-micro: Fix error check return value of platform_get_irq()
(git-fixes).
- misc: ocxl: fix possible double free in ocxl_file_register_afu
(git-fixes).
- mm, page_alloc: fix build_zonerefs_node() (git-fixes).
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove()
(jsc#SLE-15176, jsc#SLE-16387).
- mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD
(git-fixes).
- mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
(git-fixes).
- mt76: Fix undefined behavior due to shift overflowing the constant
(git-fixes).
- mt76: mt7663s: fix rx buffer refcounting (git-fixes).
- mtd: rawnand: fix ecc parameters for mt7622 (git-fixes).
- mtd: rawnand: Fix return value check of wait_for_completion_timeout
(git-fixes).
- mtd: spi-nor: core: Check written SR value in
spi_nor_write_16bit_sr_and_check() (git-fixes).
- net: bcmgenet: Fix a resource leak in an error handling path in the
probe functin (git-fixes).
- net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs
(git-fixes).
- net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes).
- net: ethernet: Fix memleak in ethoc_probe (git-fixes).
- net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered
(git-fixes).
- net: hdlc_ppp: Fix issues when mod_timer is called while timer is
running (git-fixes).
- net: hns3: add a check for index in hclge_get_rss_key() (git-fixes).
- net: hns3: clear inited state and stop client after failed to register
netdev (bsc#1154353).
- net: hns3: fix bug when PF set the duplicate MAC address for VFs
(jsc#SLE-14777).
- net: hns3: fix kernel crash when unload VF while it is being reset
(git-fixes).
- net: korina: fix return value (git-fixes).
- net: mana: Add counter for packet dropped by XDP (bsc#1195651).
- net: mana: Add counter for XDP_TX (bsc#1195651).
- net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
- net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe()
(bsc#1195651).
- net: mana: Reuse XDP dropped page (bsc#1195651).
- net: mana: Use struct_size() helper in mana_gd_create_dma_region()
(bsc#1195651).
- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
(bsc#1183405).
- net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes).
- net: stmmac: dwmac-sun8i: Balance internal PHY resource references
(git-fixes).
- net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes).
- net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes).
- net/mlx5: Fix a race on command flush flow (jsc#SLE-15172).
- net/mlx5e: Fix the calling of update_buffer_lossy() API (jsc#SLE-15172).
- netdevice: demote the type of some dev_addr_set() helpers (bsc#1200216).
- netfilter: conntrack: connection timeout after re-register (bsc#1199035).
- netfilter: conntrack: move synack init code to helper (bsc#1199035).
- netfilter: conntrack: re-init state for retransmitted syn-ack
(bsc#1199035).
- netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
(bsc#1199035).
- netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035).
- netfilter: nft_set_rbtree: overlap detection with element re-addition
after deletion (bsc#1176447).
- NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx
(git-fixes).
- NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
(git-fixes).
- NFC: netlink: fix sleep in atomic bug when firmware download timeout
(git-fixes).
- NFC: nfcmrvl: main: reorder destructive operations in
nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes).
- NFC: NULL out the dev->rfkill to prevent UAF (git-fixes).
- NFS: limit use of ACCESS cache for negative responses (bsc#1196570).
- NFSv4: Do not invalidate inode attributes on delegation return
(git-fixes).
- nl80211: show SSID for P2P_GO interfaces (git-fixes).
- nvdimm/region: always show the 'align' attribute (bsc#1199114).
- nvme-tcp: allow selecting the network interface for connections
(bsc#1199670).
- nvme-tcp: use __dev_get_by_name instead dev_get_by_name for
OPT_HOST_IFACE (bsc#1199670).
- objtool: Fix type of reloc::addend (git-fixes).
- PCI: aardvark: Clear all MSIs at setup (git-fixes).
- PCI: cadence: Fix find_first_zero_bit() limit (git-fixes).
- PCI: Do not enable AtomicOps on VFs (git-fixes).
- PCI: dwc: Fix setting error return on MSI DMA mapping failure
(git-fixes).
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time
(bsc#1199314).
- PCI: imx6: Fix PERST# start-up sequence (git-fixes).
- PCI: iproc: Set affinity mask on MSI interrupts (git-fixes).
- PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes).
- PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes).
- PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes).
- PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes).
- PCI/PM: Power up all devices during runtime resume (git-fixes).
- phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe
(git-fixes).
- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes).
- phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes).
- phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes).
- phy: samsung: exynos5250-sata: fix missing device put in probe error
paths (git-fixes).
- phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
(git-fixes).
- phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe
(git-fixes).
- phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks
(git-fixes).
- pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes).
- pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes).
- pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes).
- pinctrl/rockchip: support deferring other gpio params (git-fixes).
- ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826).
- ping: remove pr_err from ping_lookup (bsc#1195826).
- platform/chrome: cros_ec_debugfs: detach log reader wq from devm
(git-fixes).
- platform/x86: samsung-laptop: Fix an unsigned comparison which can never
be negative (git-fixes).
- powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117
ltc#159753).
- powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521
git-fixes).
- powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask
(bsc#1061840 git-fixes).
- powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395).
- powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269
ltc#169948 git-fixes).
- powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885
ltc#193722 git-fixes).
- powerpc/powernv: Get L1D flush requirements from device-tree
(bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Get STF barrier requirements from device-tree
(bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess
flushes (bsc#1188885 ltc#193722 git-fixes).
- powerpc/xive: Add some error handling code to 'xive_spapr_init()'
(git-fixes).
- powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes).
- pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes).
- pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes).
- qlcnic: Fix error code in probe (git-fixes).
- regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET
(git-fixes).
- regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
(git-fixes).
- reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes).
- rtc: fix use-after-free on device removal (git-fixes).
- rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes).
- rtc: mt6397: check return value after calling platform_get_resource()
(git-fixes).
- sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes).
- sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl
(git-fixes).
- sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes)
- sched/topology: Skip updating masks for non-online nodes (bsc#1197446
ltc#183000).
- scsi: dc395x: Fix a missing check on list iterator (git-fixes).
- scsi: fnic: Fix a tracing statement (git-fixes).
- scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631).
- scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes).
- scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045).
- scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045).
- scsi: lpfc: Change VMID registration to be based on fabric parameters
(bsc#1200045).
- scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI
(bsc#1200045).
- scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045).
- scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE
(bsc#1200045 bsc#1198989 bsc#1197675).
- scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045).
- scsi: lpfc: Decrement outstanding gidft_inp counter if
lpfc_err_lost_link() (bsc#1200045).
- scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE
(bsc#1200045).
- scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045).
- scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els()
(bsc#1200045).
- scsi: lpfc: Fix call trace observed during I/O with CMF enabled
(bsc#1200045).
- scsi: lpfc: Fix diagnostic fw logging after a function reset
(bsc#1200045).
- scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event()
(bsc#1200045).
- scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4()
(bsc#1200045).
- scsi: lpfc: Fix field overload in lpfc_iocbq data structure
(bsc#1200045).
- scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045).
- scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI
and PLOGI (bsc#1200045).
- scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp()
(bsc#1200045).
- scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock
(bsc#1200045).
- scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045 bsc#1198989
bsc#1197675).
- scsi: lpfc: Inhibit aborts if external loopback plug is inserted
(bsc#1200045).
- scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN
completion (bsc#1200045).
- scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg()
(bsc#1200045).
- scsi: lpfc: Move MI module parameter check to handle dynamic disable
(bsc#1200045).
- scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT
(bsc#1200045).
- scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045).
- scsi: lpfc: Register for Application Services FC-4 type in Fabric
topology (bsc#1200045).
- scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports
(bsc#1200045).
- scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045).
- scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe()
(bsc#1200045).
- scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path
(bsc#1200045).
- scsi: lpfc: Remove unneeded variable (bsc#1200045).
- scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down
(bsc#1200045).
- scsi: lpfc: Revise FDMI reporting of supported port speed for trunk
groups (bsc#1200045).
- scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045).
- scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or
aborted (bsc#1200045).
- scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan
(bsc#1200045).
- scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB
submit (bsc#1200045).
- scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045).
- scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045).
- scsi: lpfc: Update stat accounting for READ_STATUS mbox command
(bsc#1200045).
- scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check()
(bsc#1200045).
- scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O
(bsc#1200045).
- scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045).
- scsi: pm8001: Fix abort all task initialization (git-fixes).
- scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
(git-fixes).
- scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
(git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req()
(git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req()
(git-fixes).
- scsi: pm8001: Fix le32 values handling in
pm80xx_set_sas_protocol_timer_config() (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes).
- scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update()
(git-fixes).
- scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
(git-fixes).
- scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes).
- scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes).
- scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046).
- scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046).
- scsi: qla2xxx: Remove free_sg command flag (bsc#1200046).
- scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046).
- scsi: sr: Do not leak information in ioctl (git-fixes).
- scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes).
- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
(git-fixes).
- scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes).
- scsi: virtio-scsi: Eliminate anonymous module_init & module_exit
(git-fixes).
- scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes).
- selftests: firmware: Use smaller dictionary for XZ compression
(git-fixes).
- serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes).
- serial: 8250_mtk: Fix register address for XON/XOFF character
(git-fixes).
- serial: 8250_mtk: Fix UART_EFR register address (git-fixes).
- serial: 8250: Also set sticky MCR bits in console restoration
(git-fixes).
- serial: 8250: core: Remove unneeded <linux/pm_runtime.h> (git-fixes).
- serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
(git-fixes).
- serial: 8250: pxa: Remove unneeded <linux/pm_runtime.h> (git-fixes).
- serial: digicolor-usart: Do not allow CS5-6 (git-fixes).
- serial: imx: fix overrun interrupts in DMA mode (git-fixes).
- serial: meson: acquire port->lock in startup() (git-fixes).
- serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes).
- serial: rda-uart: Do not allow CS5-6 (git-fixes).
- serial: sh-sci: Do not allow CS5-6 (git-fixes).
- serial: sifive: Sanitize CSIZE and c_iflag (git-fixes).
- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes).
- serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes).
- serial: txx9: Do not allow CS5-6 (git-fixes).
- slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes).
- smp: Fix offline cpu check in flush_smp_call_function_queue()
(git-fixes).
- smsc911x: allow using IRQ0 (git-fixes).
- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
(git-fixes).
- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes).
- soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes).
- spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes).
- spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes).
- spi: spi-fsl-qspi: check return value after calling
platform_get_resource_byname() (git-fixes).
- spi: spi-ti-qspi: Fix return value handling of
wait_for_completion_timeout (git-fixes).
- staging: fieldbus: Fix the error handling path in
anybuss_host_common_probe() (git-fixes).
- SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
- SUNRPC: Ensure that the gssproxy client can start in a connected state
(git-fixes).
- thermal: int340x: Fix attr.show callback prototype (git-fixes).
- thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes).
- thermal/drivers/broadcom: Fix potential NULL dereference in
sr_thermal_probe (git-fixes).
- timekeeping: Really make sure wall_to_monotonic isn't (git-fixes)
- timers: Fix warning condition in __run_timers() (git-fixes)
- tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes).
- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
(bsc#1065729).
- tracing: Fix potential double free in create_var_ref() (git-fixes).
- tracing: Fix return value of trace_pid_write() (git-fixes).
- tty: fix deadlock caused by calling printk() under tty_port->lock
(git-fixes).
- tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes).
- tty: serial: fsl_lpuart: fix potential bug when using both
of_alias_get_id and ida_simple_get (git-fixes).
- tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe
(git-fixes).
- tty/serial: digicolor: fix possible null-ptr-deref in
digicolor_uart_probe() (git-fixes).
- usb: cdc-wdm: fix reading stuck on device close (git-fixes).
- usb: dwc3: core: Fix tx/rx threshold settings (git-fixes).
- usb: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
- usb: dwc3: gadget: Return proper request status (git-fixes).
- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes).
- usb: ehci-omap: drop unused ehci_read() function (git-fixes).
- usb: gadget: configfs: clear deactivation flag in
configfs_composite_unbind() (git-fixes).
- usb: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs
(bsc#1152489)
- usb: misc: fix improper handling of refcount in uss720_probe()
(git-fixes).
- usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes).
- usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes).
- usb: quirks: add a Realtek card reader (git-fixes).
- usb: quirks: add STRING quirk for VCOM device (git-fixes).
- usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes).
- usb: serial: option: add Fibocom L610 modem (git-fixes).
- usb: serial: option: add Fibocom MA510 modem (git-fixes).
- usb: serial: option: add support for Cinterion MV32-WA/MV32-WB
(git-fixes).
- usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
(git-fixes).
- usb: serial: pl2303: add device id for HP LM930 Display (git-fixes).
- usb: serial: qcserial: add support for Sierra Wireless EM7590
(git-fixes).
- usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
(git-fixes).
- usb: storage: karma: fix rio_karma_init return (git-fixes).
- usb: typec: mux: Check dev_set_name() return value (git-fixes).
- usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes).
- usb: typec: ucsi: Fix reuse of completion structure (git-fixes).
- usb: typec: ucsi: Fix role swapping (git-fixes).
- usb: usbip: add missing device lock on tweak configuration cmd
(git-fixes).
- usb: usbip: fix a refcount leak in stub_probe() (git-fixes).
- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
(git-fixes).
- watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes).
- wifi: mac80211: fix use-after-free in chanctx code (git-fixes).
- wireguard: device: check for metadata_dst with skb_valid_dst()
(git-fixes).
- xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms
(git-fixes).
- xhci: stop polling roothubs after shutdown (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2079=1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2079=1
Package List:
- openSUSE Leap 15.3 (x86_64):
cluster-md-kmp-azure-5.3.18-150300.38.59.1
cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.59.1
dlm-kmp-azure-5.3.18-150300.38.59.1
dlm-kmp-azure-debuginfo-5.3.18-150300.38.59.1
gfs2-kmp-azure-5.3.18-150300.38.59.1
gfs2-kmp-azure-debuginfo-5.3.18-150300.38.59.1
kernel-azure-5.3.18-150300.38.59.1
kernel-azure-debuginfo-5.3.18-150300.38.59.1
kernel-azure-debugsource-5.3.18-150300.38.59.1
kernel-azure-devel-5.3.18-150300.38.59.1
kernel-azure-devel-debuginfo-5.3.18-150300.38.59.1
kernel-azure-extra-5.3.18-150300.38.59.1
kernel-azure-extra-debuginfo-5.3.18-150300.38.59.1
kernel-azure-livepatch-devel-5.3.18-150300.38.59.1
kernel-azure-optional-5.3.18-150300.38.59.1
kernel-azure-optional-debuginfo-5.3.18-150300.38.59.1
kernel-syms-azure-5.3.18-150300.38.59.1
kselftests-kmp-azure-5.3.18-150300.38.59.1
kselftests-kmp-azure-debuginfo-5.3.18-150300.38.59.1
ocfs2-kmp-azure-5.3.18-150300.38.59.1
ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.59.1
reiserfs-kmp-azure-5.3.18-150300.38.59.1
reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.59.1
- openSUSE Leap 15.3 (noarch):
kernel-devel-azure-5.3.18-150300.38.59.1
kernel-source-azure-5.3.18-150300.38.59.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch):
kernel-devel-azure-5.3.18-150300.38.59.1
kernel-source-azure-5.3.18-150300.38.59.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64):
kernel-azure-5.3.18-150300.38.59.1
kernel-azure-debuginfo-5.3.18-150300.38.59.1
kernel-azure-debugsource-5.3.18-150300.38.59.1
kernel-azure-devel-5.3.18-150300.38.59.1
kernel-azure-devel-debuginfo-5.3.18-150300.38.59.1
kernel-syms-azure-5.3.18-150300.38.59.1
References:
https://www.suse.com/security/cve/CVE-2019-19377.html
https://www.suse.com/security/cve/CVE-2021-33061.html
https://www.suse.com/security/cve/CVE-2022-0168.html
https://www.suse.com/security/cve/CVE-2022-1184.html
https://www.suse.com/security/cve/CVE-2022-1652.html
https://www.suse.com/security/cve/CVE-2022-1729.html
https://www.suse.com/security/cve/CVE-2022-1972.html
https://www.suse.com/security/cve/CVE-2022-20008.html
https://www.suse.com/security/cve/CVE-2022-21123.html
https://www.suse.com/security/cve/CVE-2022-21125.html
https://www.suse.com/security/cve/CVE-2022-21127.html
https://www.suse.com/security/cve/CVE-2022-21166.html
https://www.suse.com/security/cve/CVE-2022-21180.html
https://www.suse.com/security/cve/CVE-2022-24448.html
https://www.suse.com/security/cve/CVE-2022-30594.html
https://bugzilla.suse.com/1055117
https://bugzilla.suse.com/1061840
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1103269
https://bugzilla.suse.com/1118212
https://bugzilla.suse.com/1152472
https://bugzilla.suse.com/1152489
https://bugzilla.suse.com/1153274
https://bugzilla.suse.com/1154353
https://bugzilla.suse.com/1156395
https://bugzilla.suse.com/1158266
https://bugzilla.suse.com/1167773
https://bugzilla.suse.com/1176447
https://bugzilla.suse.com/1178134
https://bugzilla.suse.com/1180100
https://bugzilla.suse.com/1183405
https://bugzilla.suse.com/1188885
https://bugzilla.suse.com/1195612
https://bugzilla.suse.com/1195651
https://bugzilla.suse.com/1195826
https://bugzilla.suse.com/1196426
https://bugzilla.suse.com/1196478
https://bugzilla.suse.com/1196570
https://bugzilla.suse.com/1196840
https://bugzilla.suse.com/1197446
https://bugzilla.suse.com/1197472
https://bugzilla.suse.com/1197601
https://bugzilla.suse.com/1197675
https://bugzilla.suse.com/1198438
https://bugzilla.suse.com/1198534
https://bugzilla.suse.com/1198577
https://bugzilla.suse.com/1198971
https://bugzilla.suse.com/1198989
https://bugzilla.suse.com/1199035
https://bugzilla.suse.com/1199052
https://bugzilla.suse.com/1199063
https://bugzilla.suse.com/1199114
https://bugzilla.suse.com/1199314
https://bugzilla.suse.com/1199505
https://bugzilla.suse.com/1199507
https://bugzilla.suse.com/1199564
https://bugzilla.suse.com/1199626
https://bugzilla.suse.com/1199631
https://bugzilla.suse.com/1199650
https://bugzilla.suse.com/1199670
https://bugzilla.suse.com/1199839
https://bugzilla.suse.com/1200019
https://bugzilla.suse.com/1200045
https://bugzilla.suse.com/1200046
https://bugzilla.suse.com/1200192
https://bugzilla.suse.com/1200216
1
0
SUSE-SU-2022:2081-1: important: Security update for 389-ds
by opensuse-security@opensuse.org 14 Jun '22
by opensuse-security@opensuse.org 14 Jun '22
14 Jun '22
SUSE Security Update: Security update for 389-ds
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2081-1
Rating: important
References: #1195324 #1199889
Cross-References: CVE-2021-4091 CVE-2022-1949
CVSS scores:
CVE-2021-4091 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-4091 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1949 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-1949 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for 389-ds fixes the following issues:
- CVE-2021-4091: Fixed double free in psearch (bsc#1195324).
- CVE-2022-1949: Fixed full access control bypass with simple crafted
query (bsc#1199889).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2081=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2081=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
389-ds-1.4.4.19~git38.9951c1101-150300.3.17.1
389-ds-debuginfo-1.4.4.19~git38.9951c1101-150300.3.17.1
389-ds-debugsource-1.4.4.19~git38.9951c1101-150300.3.17.1
389-ds-devel-1.4.4.19~git38.9951c1101-150300.3.17.1
389-ds-snmp-1.4.4.19~git38.9951c1101-150300.3.17.1
389-ds-snmp-debuginfo-1.4.4.19~git38.9951c1101-150300.3.17.1
lib389-1.4.4.19~git38.9951c1101-150300.3.17.1
libsvrcore0-1.4.4.19~git38.9951c1101-150300.3.17.1
libsvrcore0-debuginfo-1.4.4.19~git38.9951c1101-150300.3.17.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
389-ds-1.4.4.19~git38.9951c1101-150300.3.17.1
389-ds-debuginfo-1.4.4.19~git38.9951c1101-150300.3.17.1
389-ds-debugsource-1.4.4.19~git38.9951c1101-150300.3.17.1
389-ds-devel-1.4.4.19~git38.9951c1101-150300.3.17.1
lib389-1.4.4.19~git38.9951c1101-150300.3.17.1
libsvrcore0-1.4.4.19~git38.9951c1101-150300.3.17.1
libsvrcore0-debuginfo-1.4.4.19~git38.9951c1101-150300.3.17.1
References:
https://www.suse.com/security/cve/CVE-2021-4091.html
https://www.suse.com/security/cve/CVE-2022-1949.html
https://bugzilla.suse.com/1195324
https://bugzilla.suse.com/1199889
1
0
SUSE-SU-2022:2072-1: important: Security update for webkit2gtk3
by opensuse-security@opensuse.org 14 Jun '22
by opensuse-security@opensuse.org 14 Jun '22
14 Jun '22
SUSE Security Update: Security update for webkit2gtk3
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2072-1
Rating: important
References: #1199287 #1200106
Cross-References: CVE-2022-26700 CVE-2022-26709 CVE-2022-26716
CVE-2022-26717 CVE-2022-26719 CVE-2022-30293
CVSS scores:
CVE-2022-26700 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-26709 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-26716 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-26717 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-26719 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-30293 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-30293 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This update for webkit2gtk3 fixes the following issues:
Update to version 2.36.3 (bsc#1200106)
- CVE-2022-30293: Fixed heap-based buffer overflow in
WebCore::TextureMapperLayer::setContentsLayer (bsc#1199287).
- CVE-2022-26700: Fixed memory corruption issue that may lead to code
execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26709: Fixed use after free issue that may lead to code
execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26716: Fixed use after free issue that may lead to code
execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26717: Fixed memory corruption issue that may lead to code
execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26719: Fixed memory corruption issue that may lead to code
execution when processing maliciously crafted web content (bsc#1200106).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2072=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2072=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2072=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2072=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2072=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2072=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2072=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2072=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2072=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2072=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2072=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2072=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-2072=1
Package List:
- openSUSE Leap 15.4 (noarch):
libwebkit2gtk3-lang-2.36.3-150200.35.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1
typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1
webkit-jsc-4-2.36.3-150200.35.1
webkit-jsc-4-debuginfo-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1
webkit2gtk3-debugsource-2.36.3-150200.35.1
webkit2gtk3-devel-2.36.3-150200.35.1
webkit2gtk3-minibrowser-2.36.3-150200.35.1
webkit2gtk3-minibrowser-debuginfo-2.36.3-150200.35.1
- openSUSE Leap 15.3 (x86_64):
libjavascriptcoregtk-4_0-18-32bit-2.36.3-150200.35.1
libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-32bit-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-32bit-debuginfo-2.36.3-150200.35.1
- openSUSE Leap 15.3 (noarch):
libwebkit2gtk3-lang-2.36.3-150200.35.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1
typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1
webkit2gtk3-debugsource-2.36.3-150200.35.1
webkit2gtk3-devel-2.36.3-150200.35.1
- SUSE Manager Server 4.1 (noarch):
libwebkit2gtk3-lang-2.36.3-150200.35.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
libwebkit2gtk3-lang-2.36.3-150200.35.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1
typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1
webkit2gtk3-debugsource-2.36.3-150200.35.1
webkit2gtk3-devel-2.36.3-150200.35.1
- SUSE Manager Proxy 4.1 (noarch):
libwebkit2gtk3-lang-2.36.3-150200.35.1
- SUSE Manager Proxy 4.1 (x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1
typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1
webkit2gtk3-debugsource-2.36.3-150200.35.1
webkit2gtk3-devel-2.36.3-150200.35.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1
typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1
webkit2gtk3-debugsource-2.36.3-150200.35.1
webkit2gtk3-devel-2.36.3-150200.35.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
libwebkit2gtk3-lang-2.36.3-150200.35.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1
typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1
webkit2gtk3-debugsource-2.36.3-150200.35.1
webkit2gtk3-devel-2.36.3-150200.35.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
libwebkit2gtk3-lang-2.36.3-150200.35.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1
typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1
webkit2gtk3-debugsource-2.36.3-150200.35.1
webkit2gtk3-devel-2.36.3-150200.35.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
libwebkit2gtk3-lang-2.36.3-150200.35.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1
webkit2gtk3-debugsource-2.36.3-150200.35.1
webkit2gtk3-devel-2.36.3-150200.35.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1
webkit2gtk3-debugsource-2.36.3-150200.35.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
libwebkit2gtk3-lang-2.36.3-150200.35.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1
typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1
webkit2gtk3-debugsource-2.36.3-150200.35.1
webkit2gtk3-devel-2.36.3-150200.35.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
libwebkit2gtk3-lang-2.36.3-150200.35.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1
typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1
webkit2gtk3-debugsource-2.36.3-150200.35.1
webkit2gtk3-devel-2.36.3-150200.35.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
libwebkit2gtk3-lang-2.36.3-150200.35.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-2.36.3-150200.35.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1
typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1
webkit2gtk3-debugsource-2.36.3-150200.35.1
webkit2gtk3-devel-2.36.3-150200.35.1
- SUSE Enterprise Storage 7 (noarch):
libwebkit2gtk3-lang-2.36.3-150200.35.1
References:
https://www.suse.com/security/cve/CVE-2022-26700.html
https://www.suse.com/security/cve/CVE-2022-26709.html
https://www.suse.com/security/cve/CVE-2022-26716.html
https://www.suse.com/security/cve/CVE-2022-26717.html
https://www.suse.com/security/cve/CVE-2022-26719.html
https://www.suse.com/security/cve/CVE-2022-30293.html
https://bugzilla.suse.com/1199287
https://bugzilla.suse.com/1200106
1
0