openSUSE Security Announce
Threads by month
- ----- 2024 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
July 2022
- 1 participants
- 95 discussions
SUSE-SU-2022:2422-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 18 Jul '22
by opensuse-security@opensuse.org 18 Jul '22
18 Jul '22
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2422-1
Rating: important
References: #1065729 #1179195 #1180814 #1184924 #1185762
#1192761 #1193629 #1194013 #1195504 #1195775
#1196901 #1197362 #1197754 #1198020 #1198924
#1199482 #1199487 #1199489 #1199657 #1200217
#1200263 #1200343 #1200442 #1200571 #1200599
#1200600 #1200604 #1200605 #1200608 #1200619
#1200622 #1200692 #1200806 #1200807 #1200809
#1200810 #1200813 #1200816 #1200820 #1200821
#1200822 #1200825 #1200828 #1200829 #1200925
#1201050 #1201080 #1201143 #1201147 #1201149
#1201160 #1201171 #1201177 #1201193 #1201222
Cross-References: CVE-2021-26341 CVE-2021-4157 CVE-2022-1012
CVE-2022-1679 CVE-2022-20132 CVE-2022-20141
CVE-2022-20154 CVE-2022-29900 CVE-2022-29901
CVE-2022-33981 CVE-2022-34918
CVSS scores:
CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2021-26341 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2021-4157 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-4157 (SUSE): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
CVE-2022-1012 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-34918 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34918 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Availability 15-SP3
SUSE Linux Enterprise High Performance Computing
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Legacy Software 15-SP3
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Server
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 11 vulnerabilities and has 44 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre
like Branch Target Buffer attack, that can leak arbitrary kernel
information (bsc#1199657).
- CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that
could be used by a local attacker to escalate privileges (bnc#1201171).
- CVE-2021-26341: Some AMD CPUs may transiently execute beyond
unconditional direct branches, which may potentially result in data
leakage (bsc#1201050).
- CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in
the way a user forces the ath9k_htc_wait_for_target function to fail
with some input messages (bsc#1199487).
- CVE-2022-20132: Fixed out of bounds read due to improper input
validation in lg_probe and related functions of hid-lg.c (bsc#1200619).
- CVE-2022-1012: Fixed information leak caused by small table perturb size
in the TCP source port generation algorithm (bsc#1199482).
- CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)
- CVE-2022-20141: Fixed a possible use after free due to improper locking
in ip_check_mc_rcu() (bsc#1200604).
- CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS
subsystem, related to the replication of files with NFS. A user could
potentially crash the system or escalate privileges on the system
(bsc#1194013).
- CVE-2022-20154: Fixed a use after free due to a race condition in
lock_sock_nested of sock.c. This could lead to local escalation of
privilege with System execution privileges needed (bsc#1200599).
The following non-security bugs were fixed:
- ALSA: hda/conexant: Fix missing beep setup (git-fixes).
- ALSA: hda/realtek - Add HW8326 support (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes).
- ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes).
- ALSA: hda/via: Fix missing beep setup (git-fixes).
- arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399
(git-fixes)
- arm64: ftrace: fix branch range checks (git-fixes)
- ASoC: cs35l36: Update digital volume TLV (git-fixes).
- ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes).
- ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes).
- ASoC: cs42l56: Correct typo in minimum level for SX volume controls
(git-fixes).
- ASoC: cs53l30: Correct number of volume levels on SX controls
(git-fixes).
- ASoC: es8328: Fix event generation for deemphasis control (git-fixes).
- ASoC: nau8822: Add operation for internal PLL off and on (git-fixes).
- ASoC: wm8962: Fix suspend while playing music (git-fixes).
- ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes).
- ata: libata: add qc->flags in ata_qc_complete_template tracepoint
(git-fixes).
- ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
(git-fixes).
- bcache: avoid journal no-space deadlock by reserving 1 journal bucket
(git-fixes).
- bcache: avoid unnecessary soft lockup in kworker update_writeback_rate()
(bsc#1197362).
- bcache: fixup multiple threads crash (git-fixes).
- bcache: improve multithreaded bch_btree_check() (git-fixes).
- bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes).
- bcache: memset on stack variables in bch_btree_check() and
bch_sectors_dirty_init() (git-fixes).
- bcache: remove incremental dirty sector counting for
bch_sectors_dirty_init() (git-fixes).
- bio: fix page leak bio_add_hw_page failure (git-fixes).
- blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes).
- blk-iolatency: Fix inflight count imbalances and IO hangs on offline
(bsc#1200825).
- blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED
(bsc#1200263).
- blk-mq: do not update io_ticks with passthrough requests (bsc#1200816).
- blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762)
- blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes).
- block: advance iov_iter on bio_add_hw_page failure (git-fixes).
- block: do not merge across cgroup boundaries if blkcg is enabled
(bsc#1198020).
- block: Fix handling of offline queues in blk_mq_alloc_request_hctx()
(bsc#1185762).
- block: Fix kABI in blk-merge.c (bsc#1198020).
- block/keyslot-manager: prevent crash when num_slots=1 (git-fixes).
- bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove()
(git-fixes).
- caif_virtio: fix race between virtio_device_ready() and ndo_open()
(git-fixes).
- ceph: add some lockdep assertions around snaprealm handling
(bsc#1201147).
- ceph: clean up locking annotation for ceph_get_snap_realm and
__lookup_snap_realm (bsc#1201149).
- certs/blacklist_hashes.c: fix const confusion in certs blacklist
(git-fixes).
- cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217).
- cifs: adjust DebugData to use chans_need_reconnect for conn status
(bsc#1200217).
- cifs: alloc_path_with_tree_prefix: do not append sep. if the path is
empty (bsc#1200217).
- cifs: avoid parallel session setups on same channel (bsc#1200217).
- cifs: avoid race during socket reconnect between send and recv
(bsc#1200217).
- cifs: call cifs_reconnect when a connection is marked (bsc#1200217).
- cifs: call helper functions for marking channels for reconnect
(bsc#1200217).
- cifs: change smb2_query_info_compound to use a cached fid, if available
(bsc#1200217).
- cifs: check for smb1 in open_cached_dir() (bsc#1200217).
- cifs: check reconnects for channels of active tcons too (bsc#1200217).
- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217).
- cifs: cifs_ses_mark_for_reconnect should also update reconnect bits
(bsc#1200217).
- cifs: clean up an inconsistent indenting (bsc#1200217).
- cifs: destage any unwritten data to the server before calling
copychunk_write (bsc#1200217).
- cifs: do not build smb1ops if legacy support is disabled (bsc#1200217).
- cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set
(bsc#1200217).
- cifs: do not use tcpStatus after negotiate completes (bsc#1200217).
- cifs: do not use uninitialized data in the owner/group sid (bsc#1200217).
- cifs: fix confusing unneeded warning message on smb2.1 and earlier
(bsc#1200217).
- cifs: fix double free race when mount fails in cifs_get_root()
(bsc#1200217).
- cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217).
- cifs: fix handlecache and multiuser (bsc#1200217).
- cifs: fix hang on cifs_get_next_mid() (bsc#1200217).
- cifs: fix incorrect use of list iterator after the loop (bsc#1200217).
- cifs: fix minor compile warning (bsc#1200217).
- cifs: fix missed refcounting of ipc tcon (bsc#1200217).
- cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217).
- cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217).
- cifs: fix potential deadlock in direct reclaim (bsc#1200217).
- cifs: fix potential double free during failed mount (bsc#1200217).
- cifs: fix potential race with cifsd thread (bsc#1200217).
- cifs: fix set of group SID via NTSD xattrs (bsc#1200217).
- cifs: fix signed integer overflow when fl_end is OFFSET_MAX
(bsc#1200217).
- cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217).
- cifs: fix the cifs_reconnect path for DFS (bsc#1200217).
- cifs: fix the connection state transitions with multichannel
(bsc#1200217).
- cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share
(bsc#1200217).
- cifs: fix workstation_name for multiuser mounts (bsc#1200217).
- cifs: force new session setup and tcon for dfs (bsc#1200217).
- cifs: free ntlmsspblob allocated in negotiate (bsc#1200217).
- cifs: ignore resource_id while getting fscache super cookie
(bsc#1200217).
- cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217).
- cifs: make status checks in version independent callers (bsc#1200217).
- cifs: mark sessions for reconnection in helper function (bsc#1200217).
- cifs: modefromsids must add an ACE for authenticated users (bsc#1200217).
- cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217).
- cifs: move superblock magic defitions to magic.h (bsc#1200217).
- cifs: potential buffer overflow in handling symlinks (bsc#1200217).
- cifs: print TIDs as hex (bsc#1200217).
- cifs: protect all accesses to chan_* with chan_lock (bsc#1200217).
- cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs
refs (bsc#1200217).
- cifs: reconnect only the connection and not smb session where possible
(bsc#1200217).
- cifs: release cached dentries only if mount is complete (bsc#1200217).
- cifs: remove check of list iterator against head past the loop body
(bsc#1200217).
- cifs: remove redundant assignment to pointer p (bsc#1200217).
- cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217).
- cifs: remove repeated state change in dfs tree connect (bsc#1200217).
- cifs: remove unused variable ses_selected (bsc#1200217).
- cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217).
- cifs: return the more nuanced writeback error on close() (bsc#1200217).
- cifs: sanitize multiple delimiters in prepath (bsc#1200217).
- cifs: serialize all mount attempts (bsc#1200217).
- cifs: set the CREATE_NOT_FILE when opening the directory in
use_cached_dir() (bsc#1200217).
- cifs: skip trailing separators of prefix paths (bsc#1200217).
- cifs: smbd: fix typo in comment (bsc#1200217).
- cifs: Split the smb3_add_credits tracepoint (bsc#1200217).
- cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217).
- cifs: track individual channel status using chans_need_reconnect
(bsc#1200217).
- cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217).
- cifs: update internal module number (bsc#1193629).
- cifs: update internal module number (bsc#1200217).
- cifs: update tcpStatus during negotiate and sess setup (bsc#1200217).
- cifs: use a different reconnect helper for non-cifsd threads
(bsc#1200217).
- cifs: use correct lock type in cifs_reconnect() (bsc#1200217).
- cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217).
- cifs: use new enum for ses_status (bsc#1200217).
- cifs: use the chans_need_reconnect bitmap for reconnect status
(bsc#1200217).
- cifs: verify that tcon is valid before dereference in cifs_kill_sb
(bsc#1200217).
- cifs: version operations for smb20 unneeded when legacy support disabled
(bsc#1200217).
- cifs: wait for tcon resource_id before getting fscache super
(bsc#1200217).
- cifs: we do not need a spinlock around the tree access during umount
(bsc#1200217).
- cifs: when extending a file with falloc we should make files not-sparse
(bsc#1200217).
- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
(git-fixes).
- drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes).
- drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924).
- drm/msm: Fix double pm_runtime_disable() call (git-fixes).
- drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes).
- drm/sun4i: Fix crash during suspend after component bind failure
(git-fixes).
- exec: Force single empty string when argv is empty (bsc#1200571).
- ext4: add check to prevent attempting to resize an fs with sparse_super2
(bsc#1197754).
- ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810).
- ext4: fix bug_on in __es_tree_search (bsc#1200809).
- ext4: fix race condition between ext4_write and ext4_convert_inline_data
(bsc#1200807).
- ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
(bsc#1200806).
- ext4: make variable "count" signed (bsc#1200820).
- Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217).
- fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143).
- gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes).
- gtp: use icmp_ndo_send helper (git-fixes).
- hwmon: (ibmaem) do not call platform_device_del() if
platform_device_add() fails (git-fixes).
- i2c: designware: Use standard optional ref clock implementation
(git-fixes).
- ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925).
- iio:accel:bma180: rearrange iio trigger get and register (git-fixes).
- iio: accel: mma8452: ignore the return value of reset operation
(git-fixes).
- iio: adc: axp288: Override TS pin bias current for some models
(git-fixes).
- iio: adc: vf610: fix conversion mode sysfs node name (git-fixes).
- iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes).
- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up()
(git-fixes).
- iio: trigger: sysfs: fix use-after-free on remove (git-fixes).
- init: Initialize noop_backing_dev_info early (bsc#1200822).
- inotify: show inotify mask flags in proc fdinfo (bsc#1200600).
- iomap: iomap_write_failed fix (bsc#1200829).
- ipvs: add sysctl_run_estimation to support disable estimation
(bsc#1195504).
- jfs: fix divide error in dbNextAG (bsc#1200828).
- kABI fix of sysctl_run_estimation (git-fixes).
- kabi: nvme workaround header include (bsc#1201193).
- kabi/severities: ignore KABI for NVMe target (bsc#1192761)
- linux/dim: Fix divide by 0 in RDMA DIM (git-fixes).
- md: fix update super 1.0 on rdev size change (git-fixes).
- move devm_allocate to end of structure for kABI (git-fixes).
- mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes).
- net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg
(git-fixes).
- net: ethernet: stmmac: Disable hardware multicast filter (git-fixes).
- net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
- net: lantiq: Add locking for TX DMA channel (git-fixes).
- net: rose: fix UAF bugs caused by timer handler (git-fixes).
- net: stmmac: reset Tx desc base address before restarting Tx (git-fixes).
- net: usb: ax88179_178a: Fix packet receiving (git-fixes).
- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes).
- nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes).
- NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes).
- NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes).
- NFS: Do not report errors from nfs_pageio_complete() more than once
(git-fixes).
- NFS: Do not report flush errors in nfs_write_end() (git-fixes).
- NFS: Further fixes to the writeback error handling (git-fixes).
- NFS: Memory allocation failures are not server fatal errors (git-fixes).
- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout
(git-fixes).
- nvdimm: Fix firmware activation deadlock scenarios (git-fixes).
- nvdimm/region: Fix default alignment for small regions (git-fixes).
- nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761).
- nvme: Add connect option 'discovery' (bsc#1192761).
- nvme: add new discovery log page entry definitions (bsc#1192761).
- nvme: display correct subsystem NQN (bsc#1192761).
- nvme: expose subsystem type in sysfs attribute 'subsystype'
(bsc#1192761).
- nvme: kabi fix nvme subsystype change (bsc#1192761)
- nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761).
- nvmet: add nvmet_req_subsys() helper (bsc#1192761).
- nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes).
- nvmet: do not check iosqes,iocqes for discovery controllers
(bsc#1192761).
- nvmet: fix freeing unallocated p2pmem (git-fixes).
- nvmet: make discovery NQN configurable (bsc#1192761).
- nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes).
- nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY
(git-fixes).
- nvmet: register discovery subsystem as 'current' (bsc#1192761).
- nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761).
- nvmet: switch check for subsystem type (bsc#1192761).
- phy: aquantia: Fix AN when higher speeds than 1G are not advertised
(git-fixes).
- pNFS: Do not keep retrying if the server replied
NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).
- powerpc/idle: Fix return value of __setup() handler (bsc#1065729).
- powerpc/perf: Fix the threshold compare group constraint for power9
(bsc#1065729).
- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address
(bsc#1200343 ltc#198477).
- random: Add and use pr_fmt() (bsc#1184924).
- random: remove unnecessary unlikely() (bsc#1184924).
- regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips
(git-fixes).
- Revert "block: Fix a lockdep complaint triggered by request queue
flushing" (git-fixes).
- scsi: core: Show SCMD_LAST in text form (git-fixes).
- scsi: ibmvfc: Allocate/free queue resource only during probe/remove
(jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
- scsi: ibmvfc: Store vhost pointer during subcrq allocation
(jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
- scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe
cmds (bsc#1201193).
- scsi: lpfc: Address NULL pointer dereference after starget_to_rport()
(bsc#1201193).
- scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193).
- scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193).
- scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd
completion (bsc#1201193).
- scsi: lpfc: Commonize VMID code location (bsc#1201193).
- scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in
lpfc_ct_reject_event() (bsc#1201193).
- scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
(bsc#1201193).
- scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted
(bsc#1201193).
- scsi: lpfc: Resolve some cleanup issues following abort path refactoring
(bsc#1201193).
- scsi: lpfc: Resolve some cleanup issues following SLI path refactoring
(bsc#1201193).
- scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent
(bsc#1201193).
- scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193).
- scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193).
- scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193).
- scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160).
- scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160).
- scsi: qla2xxx: edif: Add bsg interface to read doorbell events
(bsc#1201160).
- scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160).
- scsi: qla2xxx: edif: bsg refactor (bsc#1201160).
- scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription
(bsc#1201160).
- scsi: qla2xxx: edif: Fix n2n discovery issue with secure target
(bsc#1201160).
- scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160).
- scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160).
- scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160).
- scsi: qla2xxx: edif: Fix potential stuck session in sa update
(bsc#1201160).
- scsi: qla2xxx: edif: Fix session thrash (bsc#1201160).
- scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160).
- scsi: qla2xxx: edif: Reduce disruption due to multiple app start
(bsc#1201160).
- scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160).
- scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time
(bsc#1201160).
- scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160).
- scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160).
- scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication
application (bsc#1201160).
- scsi: qla2xxx: edif: Tear down session if keys have been removed
(bsc#1201160).
- scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160).
- scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts
(bsc#1201160).
- scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection
(bsc#1201160).
- scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160).
- scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests
(bsc#1201160).
- scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os
(bsc#1201160).
- scsi: qla2xxx: Fix losing target when it reappears during delete
(bsc#1201160).
- scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters
(bsc#1201160).
- scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160).
- scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160).
- scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160).
- scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160).
- scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160).
- scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160).
- scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes).
- scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes).
- scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes).
- scsi: sd: Signal drive managed SMR disks (git-fixes).
- scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes).
- scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes).
- scsi: sd_zbc: Improve zone revalidation (git-fixes).
- scsi: sd_zbc: Remove unused inline functions (git-fixes).
- scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes).
- scsi: smartpqi: create module parameters for LUN reset (bsc#1179195
bsc#1200622).
- smb3: add mount parm nosparse (bsc#1200217).
- smb3: add trace point for lease not found issue (bsc#1200217).
- smb3: add trace point for oplock not found (bsc#1200217).
- smb3: check for null tcon (bsc#1200217).
- smb3: cleanup and clarify status of tree connections (bsc#1200217).
- smb3: do not set rc when used and unneeded in query_info_compound
(bsc#1200217).
- SMB3: EBADF/EIO errors in rename/open caused by race condition in
smb2_compound_op (bsc#1200217).
- smb3: fix incorrect session setup check for multiuser mounts
(bsc#1200217).
- smb3: fix ksmbd bigendian bug in oplock break, and move its struct to
smbfs_common (bsc#1200217).
- smb3: fix snapshot mount option (bsc#1200217).
- smb3 improve error message when mount options conflict with posix
(bsc#1200217).
- smb3: move defines for ioctl protocol header and SMB2 sizes to
smbfs_common (bsc#1200217).
- smb3: move defines for query info and query fsinfo to smbfs_common
(bsc#1200217).
- smb3: move more common protocol header definitions to smbfs_common
(bsc#1200217).
- smb3: send NTLMSSP version information (bsc#1200217).
- soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe
(git-fixes).
- spi: Fix use-after-free with devm_spi_alloc_* (git-fixes).
- SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
(git-fixes).
- sunvnet: use icmp_ndo_send helper (git-fixes).
- tty: goldfish: Fix free_irq() on remove (git-fixes).
- usb: chipidea: udc: check request status before setting device address
(git-fixes).
- usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes).
- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
(git-fixes).
- usb: gadget: u_ether: fix regression in setting fixed MAC address
(git-fixes).
- usbnet: fix memory allocation in helpers (git-fixes).
- USB: serial: io_ti: add Agilent E5805A support (git-fixes).
- USB: serial: option: add Quectel EM05-G modem (git-fixes).
- USB: serial: option: add Quectel RM500K module support (git-fixes).
- USB: serial: option: add support for Cinterion MV31 with new baseline
(git-fixes).
- USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes).
- usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes).
- veth: fix races around rq->rx_notify_masked (git-fixes).
- virtio-mmio: fix missing put_device() when vm_cmdline_parent
registration failed (git-fixes).
- virtio-net: fix race between ndo_open() and virtio_device_ready()
(git-fixes).
- virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes).
- virtio-pci: Remove wrong address verification in vp_del_vqs()
(git-fixes).
- vmxnet3: fix minimum vectors alloc issue (bsc#1199489).
- writeback: Avoid skipping inode writeback (bsc#1200813).
- writeback: Fix inode->i_io_list not be protected by inode->i_lock error
(bsc#1200821).
- xhci: Add reset resume quirk for AMD xhci controller (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2422=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2422=1
- SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2422=1
- SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2422=1
Please note that this is the initial kernel livepatch without fixes
itself, this livepatch package is later updated by seperate standalone
livepatch updates.
- SUSE Linux Enterprise Module for Legacy Software 15-SP3:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2422=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2422=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2422=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2422=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2422=1
- SUSE Linux Enterprise High Availability 15-SP3:
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2422=1
Package List:
- openSUSE Leap 15.4 (aarch64):
dtb-al-5.3.18-150300.59.81.1
dtb-zte-5.3.18-150300.59.81.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-150300.59.81.1
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.81.1
dlm-kmp-default-5.3.18-150300.59.81.1
dlm-kmp-default-debuginfo-5.3.18-150300.59.81.1
gfs2-kmp-default-5.3.18-150300.59.81.1
gfs2-kmp-default-debuginfo-5.3.18-150300.59.81.1
kernel-default-5.3.18-150300.59.81.1
kernel-default-base-5.3.18-150300.59.81.1.150300.18.47.2
kernel-default-base-rebuild-5.3.18-150300.59.81.1.150300.18.47.2
kernel-default-debuginfo-5.3.18-150300.59.81.1
kernel-default-debugsource-5.3.18-150300.59.81.1
kernel-default-devel-5.3.18-150300.59.81.1
kernel-default-devel-debuginfo-5.3.18-150300.59.81.1
kernel-default-extra-5.3.18-150300.59.81.1
kernel-default-extra-debuginfo-5.3.18-150300.59.81.1
kernel-default-livepatch-5.3.18-150300.59.81.1
kernel-default-livepatch-devel-5.3.18-150300.59.81.1
kernel-default-optional-5.3.18-150300.59.81.1
kernel-default-optional-debuginfo-5.3.18-150300.59.81.1
kernel-obs-build-5.3.18-150300.59.81.1
kernel-obs-build-debugsource-5.3.18-150300.59.81.1
kernel-obs-qa-5.3.18-150300.59.81.1
kernel-syms-5.3.18-150300.59.81.1
kselftests-kmp-default-5.3.18-150300.59.81.1
kselftests-kmp-default-debuginfo-5.3.18-150300.59.81.1
ocfs2-kmp-default-5.3.18-150300.59.81.1
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.81.1
reiserfs-kmp-default-5.3.18-150300.59.81.1
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.81.1
- openSUSE Leap 15.3 (ppc64le x86_64):
kernel-debug-5.3.18-150300.59.81.1
kernel-debug-debuginfo-5.3.18-150300.59.81.1
kernel-debug-debugsource-5.3.18-150300.59.81.1
kernel-debug-devel-5.3.18-150300.59.81.1
kernel-debug-devel-debuginfo-5.3.18-150300.59.81.1
kernel-debug-livepatch-devel-5.3.18-150300.59.81.1
kernel-kvmsmall-5.3.18-150300.59.81.1
kernel-kvmsmall-debuginfo-5.3.18-150300.59.81.1
kernel-kvmsmall-debugsource-5.3.18-150300.59.81.1
kernel-kvmsmall-devel-5.3.18-150300.59.81.1
kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.81.1
kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.81.1
- openSUSE Leap 15.3 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-150300.59.81.1
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.81.1
dlm-kmp-preempt-5.3.18-150300.59.81.1
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.81.1
gfs2-kmp-preempt-5.3.18-150300.59.81.1
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.81.1
kernel-preempt-5.3.18-150300.59.81.1
kernel-preempt-debuginfo-5.3.18-150300.59.81.1
kernel-preempt-debugsource-5.3.18-150300.59.81.1
kernel-preempt-devel-5.3.18-150300.59.81.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.81.1
kernel-preempt-extra-5.3.18-150300.59.81.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.81.1
kernel-preempt-livepatch-devel-5.3.18-150300.59.81.1
kernel-preempt-optional-5.3.18-150300.59.81.1
kernel-preempt-optional-debuginfo-5.3.18-150300.59.81.1
kselftests-kmp-preempt-5.3.18-150300.59.81.1
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.81.1
ocfs2-kmp-preempt-5.3.18-150300.59.81.1
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.81.1
reiserfs-kmp-preempt-5.3.18-150300.59.81.1
reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.81.1
- openSUSE Leap 15.3 (aarch64):
cluster-md-kmp-64kb-5.3.18-150300.59.81.1
cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.81.1
dlm-kmp-64kb-5.3.18-150300.59.81.1
dlm-kmp-64kb-debuginfo-5.3.18-150300.59.81.1
dtb-al-5.3.18-150300.59.81.1
dtb-allwinner-5.3.18-150300.59.81.1
dtb-altera-5.3.18-150300.59.81.1
dtb-amd-5.3.18-150300.59.81.1
dtb-amlogic-5.3.18-150300.59.81.1
dtb-apm-5.3.18-150300.59.81.1
dtb-arm-5.3.18-150300.59.81.1
dtb-broadcom-5.3.18-150300.59.81.1
dtb-cavium-5.3.18-150300.59.81.1
dtb-exynos-5.3.18-150300.59.81.1
dtb-freescale-5.3.18-150300.59.81.1
dtb-hisilicon-5.3.18-150300.59.81.1
dtb-lg-5.3.18-150300.59.81.1
dtb-marvell-5.3.18-150300.59.81.1
dtb-mediatek-5.3.18-150300.59.81.1
dtb-nvidia-5.3.18-150300.59.81.1
dtb-qcom-5.3.18-150300.59.81.1
dtb-renesas-5.3.18-150300.59.81.1
dtb-rockchip-5.3.18-150300.59.81.1
dtb-socionext-5.3.18-150300.59.81.1
dtb-sprd-5.3.18-150300.59.81.1
dtb-xilinx-5.3.18-150300.59.81.1
dtb-zte-5.3.18-150300.59.81.1
gfs2-kmp-64kb-5.3.18-150300.59.81.1
gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.81.1
kernel-64kb-5.3.18-150300.59.81.1
kernel-64kb-debuginfo-5.3.18-150300.59.81.1
kernel-64kb-debugsource-5.3.18-150300.59.81.1
kernel-64kb-devel-5.3.18-150300.59.81.1
kernel-64kb-devel-debuginfo-5.3.18-150300.59.81.1
kernel-64kb-extra-5.3.18-150300.59.81.1
kernel-64kb-extra-debuginfo-5.3.18-150300.59.81.1
kernel-64kb-livepatch-devel-5.3.18-150300.59.81.1
kernel-64kb-optional-5.3.18-150300.59.81.1
kernel-64kb-optional-debuginfo-5.3.18-150300.59.81.1
kselftests-kmp-64kb-5.3.18-150300.59.81.1
kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.81.1
ocfs2-kmp-64kb-5.3.18-150300.59.81.1
ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.81.1
reiserfs-kmp-64kb-5.3.18-150300.59.81.1
reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.81.1
- openSUSE Leap 15.3 (noarch):
kernel-devel-5.3.18-150300.59.81.1
kernel-docs-5.3.18-150300.59.81.1
kernel-docs-html-5.3.18-150300.59.81.1
kernel-macros-5.3.18-150300.59.81.1
kernel-source-5.3.18-150300.59.81.1
kernel-source-vanilla-5.3.18-150300.59.81.1
- openSUSE Leap 15.3 (s390x):
kernel-zfcpdump-5.3.18-150300.59.81.1
kernel-zfcpdump-debuginfo-5.3.18-150300.59.81.1
kernel-zfcpdump-debugsource-5.3.18-150300.59.81.1
- SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
kernel-default-debuginfo-5.3.18-150300.59.81.1
kernel-default-debugsource-5.3.18-150300.59.81.1
kernel-default-extra-5.3.18-150300.59.81.1
kernel-default-extra-debuginfo-5.3.18-150300.59.81.1
kernel-preempt-debuginfo-5.3.18-150300.59.81.1
kernel-preempt-debugsource-5.3.18-150300.59.81.1
kernel-preempt-extra-5.3.18-150300.59.81.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.81.1
- SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):
kernel-default-debuginfo-5.3.18-150300.59.81.1
kernel-default-debugsource-5.3.18-150300.59.81.1
kernel-default-livepatch-5.3.18-150300.59.81.1
kernel-default-livepatch-devel-5.3.18-150300.59.81.1
kernel-livepatch-5_3_18-150300_59_81-default-1-150300.7.5.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-default-debuginfo-5.3.18-150300.59.81.1
kernel-default-debugsource-5.3.18-150300.59.81.1
reiserfs-kmp-default-5.3.18-150300.59.81.1
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.81.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-5.3.18-150300.59.81.1
kernel-obs-build-debugsource-5.3.18-150300.59.81.1
kernel-syms-5.3.18-150300.59.81.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):
kernel-preempt-debuginfo-5.3.18-150300.59.81.1
kernel-preempt-debugsource-5.3.18-150300.59.81.1
kernel-preempt-devel-5.3.18-150300.59.81.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.81.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):
kernel-docs-5.3.18-150300.59.81.1
kernel-source-5.3.18-150300.59.81.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-default-5.3.18-150300.59.81.1
kernel-default-base-5.3.18-150300.59.81.1.150300.18.47.2
kernel-default-debuginfo-5.3.18-150300.59.81.1
kernel-default-debugsource-5.3.18-150300.59.81.1
kernel-default-devel-5.3.18-150300.59.81.1
kernel-default-devel-debuginfo-5.3.18-150300.59.81.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):
kernel-preempt-5.3.18-150300.59.81.1
kernel-preempt-debuginfo-5.3.18-150300.59.81.1
kernel-preempt-debugsource-5.3.18-150300.59.81.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64):
kernel-64kb-5.3.18-150300.59.81.1
kernel-64kb-debuginfo-5.3.18-150300.59.81.1
kernel-64kb-debugsource-5.3.18-150300.59.81.1
kernel-64kb-devel-5.3.18-150300.59.81.1
kernel-64kb-devel-debuginfo-5.3.18-150300.59.81.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
kernel-devel-5.3.18-150300.59.81.1
kernel-macros-5.3.18-150300.59.81.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x):
kernel-zfcpdump-5.3.18-150300.59.81.1
kernel-zfcpdump-debuginfo-5.3.18-150300.59.81.1
kernel-zfcpdump-debugsource-5.3.18-150300.59.81.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
kernel-default-5.3.18-150300.59.81.1
kernel-default-base-5.3.18-150300.59.81.1.150300.18.47.2
kernel-default-debuginfo-5.3.18-150300.59.81.1
kernel-default-debugsource-5.3.18-150300.59.81.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
kernel-default-5.3.18-150300.59.81.1
kernel-default-base-5.3.18-150300.59.81.1.150300.18.47.2
kernel-default-debuginfo-5.3.18-150300.59.81.1
kernel-default-debugsource-5.3.18-150300.59.81.1
- SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-150300.59.81.1
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.81.1
dlm-kmp-default-5.3.18-150300.59.81.1
dlm-kmp-default-debuginfo-5.3.18-150300.59.81.1
gfs2-kmp-default-5.3.18-150300.59.81.1
gfs2-kmp-default-debuginfo-5.3.18-150300.59.81.1
kernel-default-debuginfo-5.3.18-150300.59.81.1
kernel-default-debugsource-5.3.18-150300.59.81.1
ocfs2-kmp-default-5.3.18-150300.59.81.1
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.81.1
References:
https://www.suse.com/security/cve/CVE-2021-26341.html
https://www.suse.com/security/cve/CVE-2021-4157.html
https://www.suse.com/security/cve/CVE-2022-1012.html
https://www.suse.com/security/cve/CVE-2022-1679.html
https://www.suse.com/security/cve/CVE-2022-20132.html
https://www.suse.com/security/cve/CVE-2022-20141.html
https://www.suse.com/security/cve/CVE-2022-20154.html
https://www.suse.com/security/cve/CVE-2022-29900.html
https://www.suse.com/security/cve/CVE-2022-29901.html
https://www.suse.com/security/cve/CVE-2022-33981.html
https://www.suse.com/security/cve/CVE-2022-34918.html
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1179195
https://bugzilla.suse.com/1180814
https://bugzilla.suse.com/1184924
https://bugzilla.suse.com/1185762
https://bugzilla.suse.com/1192761
https://bugzilla.suse.com/1193629
https://bugzilla.suse.com/1194013
https://bugzilla.suse.com/1195504
https://bugzilla.suse.com/1195775
https://bugzilla.suse.com/1196901
https://bugzilla.suse.com/1197362
https://bugzilla.suse.com/1197754
https://bugzilla.suse.com/1198020
https://bugzilla.suse.com/1198924
https://bugzilla.suse.com/1199482
https://bugzilla.suse.com/1199487
https://bugzilla.suse.com/1199489
https://bugzilla.suse.com/1199657
https://bugzilla.suse.com/1200217
https://bugzilla.suse.com/1200263
https://bugzilla.suse.com/1200343
https://bugzilla.suse.com/1200442
https://bugzilla.suse.com/1200571
https://bugzilla.suse.com/1200599
https://bugzilla.suse.com/1200600
https://bugzilla.suse.com/1200604
https://bugzilla.suse.com/1200605
https://bugzilla.suse.com/1200608
https://bugzilla.suse.com/1200619
https://bugzilla.suse.com/1200622
https://bugzilla.suse.com/1200692
https://bugzilla.suse.com/1200806
https://bugzilla.suse.com/1200807
https://bugzilla.suse.com/1200809
https://bugzilla.suse.com/1200810
https://bugzilla.suse.com/1200813
https://bugzilla.suse.com/1200816
https://bugzilla.suse.com/1200820
https://bugzilla.suse.com/1200821
https://bugzilla.suse.com/1200822
https://bugzilla.suse.com/1200825
https://bugzilla.suse.com/1200828
https://bugzilla.suse.com/1200829
https://bugzilla.suse.com/1200925
https://bugzilla.suse.com/1201050
https://bugzilla.suse.com/1201080
https://bugzilla.suse.com/1201143
https://bugzilla.suse.com/1201147
https://bugzilla.suse.com/1201149
https://bugzilla.suse.com/1201160
https://bugzilla.suse.com/1201171
https://bugzilla.suse.com/1201177
https://bugzilla.suse.com/1201193
https://bugzilla.suse.com/1201222
1
0
SUSE-SU-2022:2425-1: important: Security update for nodejs14
by opensuse-security@opensuse.org 18 Jul '22
by opensuse-security@opensuse.org 18 Jul '22
18 Jul '22
SUSE Security Update: Security update for nodejs14
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2425-1
Rating: important
References: #1201325 #1201326 #1201327 #1201328
Cross-References: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214
CVE-2022-32215
CVSS scores:
CVE-2022-32212 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
CVE-2022-32214 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2022-32215 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Web Scripting 15-SP3
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for nodejs14 fixes the following issues:
- CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP
addresses (bsc#1201328).
- CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of
Transfer-Encoding (bsc#1201325).
- CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting
of header fields (bsc#1201326).
- CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of
multi-line Transfer-Encoding (bsc#1201327).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2425=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2425=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2425=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2425=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2425=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2425=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2425=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2425=1
- SUSE Linux Enterprise Module for Web Scripting 15-SP3:
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-2425=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2425=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2425=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-2425=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
corepack14-14.20.0-150200.15.34.1
nodejs14-14.20.0-150200.15.34.1
nodejs14-debuginfo-14.20.0-150200.15.34.1
nodejs14-debugsource-14.20.0-150200.15.34.1
nodejs14-devel-14.20.0-150200.15.34.1
npm14-14.20.0-150200.15.34.1
- openSUSE Leap 15.4 (noarch):
nodejs14-docs-14.20.0-150200.15.34.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
nodejs14-14.20.0-150200.15.34.1
nodejs14-debuginfo-14.20.0-150200.15.34.1
nodejs14-debugsource-14.20.0-150200.15.34.1
nodejs14-devel-14.20.0-150200.15.34.1
npm14-14.20.0-150200.15.34.1
- openSUSE Leap 15.3 (noarch):
nodejs14-docs-14.20.0-150200.15.34.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
nodejs14-14.20.0-150200.15.34.1
nodejs14-debuginfo-14.20.0-150200.15.34.1
nodejs14-debugsource-14.20.0-150200.15.34.1
nodejs14-devel-14.20.0-150200.15.34.1
npm14-14.20.0-150200.15.34.1
- SUSE Manager Server 4.1 (noarch):
nodejs14-docs-14.20.0-150200.15.34.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
nodejs14-14.20.0-150200.15.34.1
nodejs14-debuginfo-14.20.0-150200.15.34.1
nodejs14-debugsource-14.20.0-150200.15.34.1
nodejs14-devel-14.20.0-150200.15.34.1
npm14-14.20.0-150200.15.34.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
nodejs14-docs-14.20.0-150200.15.34.1
- SUSE Manager Proxy 4.1 (noarch):
nodejs14-docs-14.20.0-150200.15.34.1
- SUSE Manager Proxy 4.1 (x86_64):
nodejs14-14.20.0-150200.15.34.1
nodejs14-debuginfo-14.20.0-150200.15.34.1
nodejs14-debugsource-14.20.0-150200.15.34.1
nodejs14-devel-14.20.0-150200.15.34.1
npm14-14.20.0-150200.15.34.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
nodejs14-14.20.0-150200.15.34.1
nodejs14-debuginfo-14.20.0-150200.15.34.1
nodejs14-debugsource-14.20.0-150200.15.34.1
nodejs14-devel-14.20.0-150200.15.34.1
npm14-14.20.0-150200.15.34.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
nodejs14-docs-14.20.0-150200.15.34.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
nodejs14-14.20.0-150200.15.34.1
nodejs14-debuginfo-14.20.0-150200.15.34.1
nodejs14-debugsource-14.20.0-150200.15.34.1
nodejs14-devel-14.20.0-150200.15.34.1
npm14-14.20.0-150200.15.34.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
nodejs14-docs-14.20.0-150200.15.34.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
nodejs14-docs-14.20.0-150200.15.34.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
nodejs14-14.20.0-150200.15.34.1
nodejs14-debuginfo-14.20.0-150200.15.34.1
nodejs14-debugsource-14.20.0-150200.15.34.1
nodejs14-devel-14.20.0-150200.15.34.1
npm14-14.20.0-150200.15.34.1
- SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64):
nodejs14-14.20.0-150200.15.34.1
nodejs14-debuginfo-14.20.0-150200.15.34.1
nodejs14-debugsource-14.20.0-150200.15.34.1
nodejs14-devel-14.20.0-150200.15.34.1
npm14-14.20.0-150200.15.34.1
- SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch):
nodejs14-docs-14.20.0-150200.15.34.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
nodejs14-14.20.0-150200.15.34.1
nodejs14-debuginfo-14.20.0-150200.15.34.1
nodejs14-debugsource-14.20.0-150200.15.34.1
nodejs14-devel-14.20.0-150200.15.34.1
npm14-14.20.0-150200.15.34.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
nodejs14-docs-14.20.0-150200.15.34.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
nodejs14-14.20.0-150200.15.34.1
nodejs14-debuginfo-14.20.0-150200.15.34.1
nodejs14-debugsource-14.20.0-150200.15.34.1
nodejs14-devel-14.20.0-150200.15.34.1
npm14-14.20.0-150200.15.34.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
nodejs14-docs-14.20.0-150200.15.34.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
nodejs14-14.20.0-150200.15.34.1
nodejs14-debuginfo-14.20.0-150200.15.34.1
nodejs14-debugsource-14.20.0-150200.15.34.1
nodejs14-devel-14.20.0-150200.15.34.1
npm14-14.20.0-150200.15.34.1
- SUSE Enterprise Storage 7 (noarch):
nodejs14-docs-14.20.0-150200.15.34.1
References:
https://www.suse.com/security/cve/CVE-2022-32212.html
https://www.suse.com/security/cve/CVE-2022-32213.html
https://www.suse.com/security/cve/CVE-2022-32214.html
https://www.suse.com/security/cve/CVE-2022-32215.html
https://bugzilla.suse.com/1201325
https://bugzilla.suse.com/1201326
https://bugzilla.suse.com/1201327
https://bugzilla.suse.com/1201328
1
0
SUSE-SU-2022:2411-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 15 Jul '22
by opensuse-security@opensuse.org 15 Jul '22
15 Jul '22
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2411-1
Rating: important
References: #1194013 #1196901 #1199487 #1199657 #1200571
#1200599 #1200604 #1200605 #1200608 #1200619
#1200692 #1200762 #1201050 #1201080 #1201251
Cross-References: CVE-2021-26341 CVE-2021-4157 CVE-2022-1679
CVE-2022-20132 CVE-2022-20141 CVE-2022-20154
CVE-2022-2318 CVE-2022-26365 CVE-2022-29900
CVE-2022-29901 CVE-2022-33740 CVE-2022-33741
CVE-2022-33742 CVE-2022-33981
CVSS scores:
CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2021-26341 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2021-4157 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-4157 (SUSE): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2318 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Availability 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise Module for Live Patching 15-SP1
SUSE Linux Enterprise Server 15-SP1
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP Applications 15-SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Server 4.0
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 14 vulnerabilities and has one errata
is now available.
Description:
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre
like Branch Target Buffer attack, that can leak arbitrary kernel
information (bsc#1199657).
- CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in
the way a user forces the ath9k_htc_wait_for_target function to fail
with some input messages (bsc#1199487).
- CVE-2022-20132: Fixed out of bounds read due to improper input
validation in lg_probe and related functions of hid-lg.c (bsc#1200619).
- CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)
- CVE-2022-20141: Fixed a possible use after free due to improper locking
in ip_check_mc_rcu() (bsc#1200604).
- CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS
subsystem, related to the replication of files with NFS. A user could
potentially crash the system or escalate privileges on the system
(bsc#1194013).
- CVE-2022-20154: Fixed a use after free due to a race condition in
lock_sock_nested of sock.c. This could lead to local escalation of
privilege with System execution privileges needed (bsc#1200599).
- CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer
handler in net/rose/rose_timer.c that allow attackers to crash the
system without any privileges (bsc#1201251).
- CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed
multiple potential data leaks with Block and Network devices when using
untrusted backends (bsc#1200762).
- CVE-2021-26341: Some AMD CPUs may transiently execute beyond
unconditional direct branches, which may potentially result in data
leakage (bsc#1201050).
The following non-security bugs were fixed:
- exec: Force single empty string when argv is empty (bsc#1200571).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2411=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2411=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2411=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2411=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2411=1
- SUSE Linux Enterprise Module for Live Patching 15-SP1:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-2411=1
Please note that this is the initial kernel livepatch without fixes
itself, this livepatch package is later updated by seperate standalone
livepatch updates. - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2411=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2411=1
- SUSE Linux Enterprise High Availability 15-SP1:
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2411=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-2411=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
kernel-default-base-debuginfo-4.12.14-150100.197.117.1
kernel-vanilla-4.12.14-150100.197.117.1
kernel-vanilla-base-4.12.14-150100.197.117.1
kernel-vanilla-base-debuginfo-4.12.14-150100.197.117.1
kernel-vanilla-debuginfo-4.12.14-150100.197.117.1
kernel-vanilla-debugsource-4.12.14-150100.197.117.1
kernel-vanilla-devel-4.12.14-150100.197.117.1
kernel-vanilla-devel-debuginfo-4.12.14-150100.197.117.1
kernel-vanilla-livepatch-devel-4.12.14-150100.197.117.1
- openSUSE Leap 15.4 (ppc64le x86_64):
kernel-debug-base-4.12.14-150100.197.117.1
kernel-debug-base-debuginfo-4.12.14-150100.197.117.1
- openSUSE Leap 15.4 (x86_64):
kernel-kvmsmall-base-4.12.14-150100.197.117.1
kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.117.1
- openSUSE Leap 15.4 (s390x):
kernel-default-man-4.12.14-150100.197.117.1
kernel-zfcpdump-man-4.12.14-150100.197.117.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
kernel-default-base-debuginfo-4.12.14-150100.197.117.1
kernel-vanilla-4.12.14-150100.197.117.1
kernel-vanilla-base-4.12.14-150100.197.117.1
kernel-vanilla-base-debuginfo-4.12.14-150100.197.117.1
kernel-vanilla-debuginfo-4.12.14-150100.197.117.1
kernel-vanilla-debugsource-4.12.14-150100.197.117.1
kernel-vanilla-devel-4.12.14-150100.197.117.1
kernel-vanilla-devel-debuginfo-4.12.14-150100.197.117.1
kernel-vanilla-livepatch-devel-4.12.14-150100.197.117.1
- openSUSE Leap 15.3 (ppc64le x86_64):
kernel-debug-base-4.12.14-150100.197.117.1
kernel-debug-base-debuginfo-4.12.14-150100.197.117.1
- openSUSE Leap 15.3 (x86_64):
kernel-kvmsmall-base-4.12.14-150100.197.117.1
kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.117.1
- openSUSE Leap 15.3 (s390x):
kernel-default-man-4.12.14-150100.197.117.1
kernel-zfcpdump-man-4.12.14-150100.197.117.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
kernel-default-4.12.14-150100.197.117.1
kernel-default-base-4.12.14-150100.197.117.1
kernel-default-base-debuginfo-4.12.14-150100.197.117.1
kernel-default-debuginfo-4.12.14-150100.197.117.1
kernel-default-debugsource-4.12.14-150100.197.117.1
kernel-default-devel-4.12.14-150100.197.117.1
kernel-default-devel-debuginfo-4.12.14-150100.197.117.1
kernel-obs-build-4.12.14-150100.197.117.1
kernel-obs-build-debugsource-4.12.14-150100.197.117.1
kernel-syms-4.12.14-150100.197.117.1
reiserfs-kmp-default-4.12.14-150100.197.117.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.117.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
kernel-devel-4.12.14-150100.197.117.1
kernel-docs-4.12.14-150100.197.117.1
kernel-macros-4.12.14-150100.197.117.1
kernel-source-4.12.14-150100.197.117.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-150100.197.117.1
kernel-default-base-4.12.14-150100.197.117.1
kernel-default-base-debuginfo-4.12.14-150100.197.117.1
kernel-default-debuginfo-4.12.14-150100.197.117.1
kernel-default-debugsource-4.12.14-150100.197.117.1
kernel-default-devel-4.12.14-150100.197.117.1
kernel-default-devel-debuginfo-4.12.14-150100.197.117.1
kernel-obs-build-4.12.14-150100.197.117.1
kernel-obs-build-debugsource-4.12.14-150100.197.117.1
kernel-syms-4.12.14-150100.197.117.1
reiserfs-kmp-default-4.12.14-150100.197.117.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.117.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
kernel-devel-4.12.14-150100.197.117.1
kernel-docs-4.12.14-150100.197.117.1
kernel-macros-4.12.14-150100.197.117.1
kernel-source-4.12.14-150100.197.117.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (s390x):
kernel-default-man-4.12.14-150100.197.117.1
kernel-zfcpdump-debuginfo-4.12.14-150100.197.117.1
kernel-zfcpdump-debugsource-4.12.14-150100.197.117.1
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
kernel-devel-4.12.14-150100.197.117.1
kernel-docs-4.12.14-150100.197.117.1
kernel-macros-4.12.14-150100.197.117.1
kernel-source-4.12.14-150100.197.117.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
kernel-default-4.12.14-150100.197.117.1
kernel-default-base-4.12.14-150100.197.117.1
kernel-default-base-debuginfo-4.12.14-150100.197.117.1
kernel-default-debuginfo-4.12.14-150100.197.117.1
kernel-default-debugsource-4.12.14-150100.197.117.1
kernel-default-devel-4.12.14-150100.197.117.1
kernel-default-devel-debuginfo-4.12.14-150100.197.117.1
kernel-obs-build-4.12.14-150100.197.117.1
kernel-obs-build-debugsource-4.12.14-150100.197.117.1
kernel-syms-4.12.14-150100.197.117.1
reiserfs-kmp-default-4.12.14-150100.197.117.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.117.1
- SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
kernel-default-debuginfo-4.12.14-150100.197.117.1
kernel-default-debugsource-4.12.14-150100.197.117.1
kernel-default-livepatch-4.12.14-150100.197.117.1
kernel-default-livepatch-devel-4.12.14-150100.197.117.1
kernel-livepatch-4_12_14-150100_197_117-default-1-150100.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
kernel-default-4.12.14-150100.197.117.1
kernel-default-base-4.12.14-150100.197.117.1
kernel-default-base-debuginfo-4.12.14-150100.197.117.1
kernel-default-debuginfo-4.12.14-150100.197.117.1
kernel-default-debugsource-4.12.14-150100.197.117.1
kernel-default-devel-4.12.14-150100.197.117.1
kernel-default-devel-debuginfo-4.12.14-150100.197.117.1
kernel-obs-build-4.12.14-150100.197.117.1
kernel-obs-build-debugsource-4.12.14-150100.197.117.1
kernel-syms-4.12.14-150100.197.117.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
kernel-devel-4.12.14-150100.197.117.1
kernel-docs-4.12.14-150100.197.117.1
kernel-macros-4.12.14-150100.197.117.1
kernel-source-4.12.14-150100.197.117.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
kernel-default-4.12.14-150100.197.117.1
kernel-default-base-4.12.14-150100.197.117.1
kernel-default-base-debuginfo-4.12.14-150100.197.117.1
kernel-default-debuginfo-4.12.14-150100.197.117.1
kernel-default-debugsource-4.12.14-150100.197.117.1
kernel-default-devel-4.12.14-150100.197.117.1
kernel-default-devel-debuginfo-4.12.14-150100.197.117.1
kernel-obs-build-4.12.14-150100.197.117.1
kernel-obs-build-debugsource-4.12.14-150100.197.117.1
kernel-syms-4.12.14-150100.197.117.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
kernel-devel-4.12.14-150100.197.117.1
kernel-docs-4.12.14-150100.197.117.1
kernel-macros-4.12.14-150100.197.117.1
kernel-source-4.12.14-150100.197.117.1
- SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-150100.197.117.1
cluster-md-kmp-default-debuginfo-4.12.14-150100.197.117.1
dlm-kmp-default-4.12.14-150100.197.117.1
dlm-kmp-default-debuginfo-4.12.14-150100.197.117.1
gfs2-kmp-default-4.12.14-150100.197.117.1
gfs2-kmp-default-debuginfo-4.12.14-150100.197.117.1
kernel-default-debuginfo-4.12.14-150100.197.117.1
kernel-default-debugsource-4.12.14-150100.197.117.1
ocfs2-kmp-default-4.12.14-150100.197.117.1
ocfs2-kmp-default-debuginfo-4.12.14-150100.197.117.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
kernel-default-4.12.14-150100.197.117.1
kernel-default-base-4.12.14-150100.197.117.1
kernel-default-base-debuginfo-4.12.14-150100.197.117.1
kernel-default-debuginfo-4.12.14-150100.197.117.1
kernel-default-debugsource-4.12.14-150100.197.117.1
kernel-default-devel-4.12.14-150100.197.117.1
kernel-default-devel-debuginfo-4.12.14-150100.197.117.1
kernel-obs-build-4.12.14-150100.197.117.1
kernel-obs-build-debugsource-4.12.14-150100.197.117.1
kernel-syms-4.12.14-150100.197.117.1
reiserfs-kmp-default-4.12.14-150100.197.117.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.117.1
- SUSE Enterprise Storage 6 (noarch):
kernel-devel-4.12.14-150100.197.117.1
kernel-docs-4.12.14-150100.197.117.1
kernel-macros-4.12.14-150100.197.117.1
kernel-source-4.12.14-150100.197.117.1
- SUSE CaaS Platform 4.0 (x86_64):
kernel-default-4.12.14-150100.197.117.1
kernel-default-base-4.12.14-150100.197.117.1
kernel-default-base-debuginfo-4.12.14-150100.197.117.1
kernel-default-debuginfo-4.12.14-150100.197.117.1
kernel-default-debugsource-4.12.14-150100.197.117.1
kernel-default-devel-4.12.14-150100.197.117.1
kernel-default-devel-debuginfo-4.12.14-150100.197.117.1
kernel-obs-build-4.12.14-150100.197.117.1
kernel-obs-build-debugsource-4.12.14-150100.197.117.1
kernel-syms-4.12.14-150100.197.117.1
reiserfs-kmp-default-4.12.14-150100.197.117.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.117.1
- SUSE CaaS Platform 4.0 (noarch):
kernel-devel-4.12.14-150100.197.117.1
kernel-docs-4.12.14-150100.197.117.1
kernel-macros-4.12.14-150100.197.117.1
kernel-source-4.12.14-150100.197.117.1
References:
https://www.suse.com/security/cve/CVE-2021-26341.html
https://www.suse.com/security/cve/CVE-2021-4157.html
https://www.suse.com/security/cve/CVE-2022-1679.html
https://www.suse.com/security/cve/CVE-2022-20132.html
https://www.suse.com/security/cve/CVE-2022-20141.html
https://www.suse.com/security/cve/CVE-2022-20154.html
https://www.suse.com/security/cve/CVE-2022-2318.html
https://www.suse.com/security/cve/CVE-2022-26365.html
https://www.suse.com/security/cve/CVE-2022-29900.html
https://www.suse.com/security/cve/CVE-2022-29901.html
https://www.suse.com/security/cve/CVE-2022-33740.html
https://www.suse.com/security/cve/CVE-2022-33741.html
https://www.suse.com/security/cve/CVE-2022-33742.html
https://www.suse.com/security/cve/CVE-2022-33981.html
https://bugzilla.suse.com/1194013
https://bugzilla.suse.com/1196901
https://bugzilla.suse.com/1199487
https://bugzilla.suse.com/1199657
https://bugzilla.suse.com/1200571
https://bugzilla.suse.com/1200599
https://bugzilla.suse.com/1200604
https://bugzilla.suse.com/1200605
https://bugzilla.suse.com/1200608
https://bugzilla.suse.com/1200619
https://bugzilla.suse.com/1200692
https://bugzilla.suse.com/1200762
https://bugzilla.suse.com/1201050
https://bugzilla.suse.com/1201080
https://bugzilla.suse.com/1201251
1
0
SUSE-SU-2022:2405-1: moderate: Security update for p11-kit
by opensuse-security@opensuse.org 15 Jul '22
by opensuse-security@opensuse.org 15 Jul '22
15 Jul '22
SUSE Security Update: Security update for p11-kit
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2405-1
Rating: moderate
References: #1180065
Cross-References: CVE-2020-29362
CVSS scores:
CVE-2020-29362 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2020-29362 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for p11-kit fixes the following issues:
- CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array
which could lead to crashes (bsc#1180065)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2405=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2405=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2405=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2405=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2405=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libp11-kit0-0.23.2-150000.4.16.1
libp11-kit0-debuginfo-0.23.2-150000.4.16.1
p11-kit-0.23.2-150000.4.16.1
p11-kit-debuginfo-0.23.2-150000.4.16.1
p11-kit-debugsource-0.23.2-150000.4.16.1
p11-kit-devel-0.23.2-150000.4.16.1
p11-kit-nss-trust-0.23.2-150000.4.16.1
p11-kit-tools-0.23.2-150000.4.16.1
p11-kit-tools-debuginfo-0.23.2-150000.4.16.1
- openSUSE Leap 15.3 (x86_64):
libp11-kit0-32bit-0.23.2-150000.4.16.1
libp11-kit0-32bit-debuginfo-0.23.2-150000.4.16.1
p11-kit-32bit-0.23.2-150000.4.16.1
p11-kit-32bit-debuginfo-0.23.2-150000.4.16.1
p11-kit-nss-trust-32bit-0.23.2-150000.4.16.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64):
p11-kit-32bit-0.23.2-150000.4.16.1
p11-kit-32bit-debuginfo-0.23.2-150000.4.16.1
p11-kit-debugsource-0.23.2-150000.4.16.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libp11-kit0-0.23.2-150000.4.16.1
libp11-kit0-debuginfo-0.23.2-150000.4.16.1
p11-kit-0.23.2-150000.4.16.1
p11-kit-debuginfo-0.23.2-150000.4.16.1
p11-kit-debugsource-0.23.2-150000.4.16.1
p11-kit-devel-0.23.2-150000.4.16.1
p11-kit-nss-trust-0.23.2-150000.4.16.1
p11-kit-tools-0.23.2-150000.4.16.1
p11-kit-tools-debuginfo-0.23.2-150000.4.16.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
libp11-kit0-32bit-0.23.2-150000.4.16.1
libp11-kit0-32bit-debuginfo-0.23.2-150000.4.16.1
p11-kit-32bit-debuginfo-0.23.2-150000.4.16.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
libp11-kit0-0.23.2-150000.4.16.1
libp11-kit0-debuginfo-0.23.2-150000.4.16.1
p11-kit-0.23.2-150000.4.16.1
p11-kit-debuginfo-0.23.2-150000.4.16.1
p11-kit-debugsource-0.23.2-150000.4.16.1
p11-kit-tools-0.23.2-150000.4.16.1
p11-kit-tools-debuginfo-0.23.2-150000.4.16.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
libp11-kit0-0.23.2-150000.4.16.1
libp11-kit0-debuginfo-0.23.2-150000.4.16.1
p11-kit-0.23.2-150000.4.16.1
p11-kit-debuginfo-0.23.2-150000.4.16.1
p11-kit-debugsource-0.23.2-150000.4.16.1
p11-kit-tools-0.23.2-150000.4.16.1
p11-kit-tools-debuginfo-0.23.2-150000.4.16.1
References:
https://www.suse.com/security/cve/CVE-2020-29362.html
https://bugzilla.suse.com/1180065
1
0
SUSE-SU-2022:2402-1: important: Security update for python-PyJWT
by opensuse-security@opensuse.org 14 Jul '22
by opensuse-security@opensuse.org 14 Jul '22
14 Jul '22
SUSE Security Update: Security update for python-PyJWT
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2402-1
Rating: important
References: #1199756
Cross-References: CVE-2022-29217
CVSS scores:
CVE-2022-29217 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-29217 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python-PyJWT fixes the following issues:
- CVE-2022-29217: Fixed key confusion through non-blocklisted public key
format (bsc#1199756).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2402=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2402=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2402=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2402=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2402=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2402=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2402=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2402=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2402=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2402=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2402=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2402=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2402=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-2402=1
Package List:
- openSUSE Leap 15.4 (noarch):
python3-PyJWT-1.7.1-150200.3.3.1
- openSUSE Leap 15.3 (noarch):
python2-PyJWT-1.7.1-150200.3.3.1
python3-PyJWT-1.7.1-150200.3.3.1
- SUSE Manager Server 4.1 (noarch):
python3-PyJWT-1.7.1-150200.3.3.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
python3-PyJWT-1.7.1-150200.3.3.1
- SUSE Manager Proxy 4.1 (noarch):
python3-PyJWT-1.7.1-150200.3.3.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
python3-PyJWT-1.7.1-150200.3.3.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
python3-PyJWT-1.7.1-150200.3.3.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
python3-PyJWT-1.7.1-150200.3.3.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch):
python2-PyJWT-1.7.1-150200.3.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):
python3-PyJWT-1.7.1-150200.3.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
python3-PyJWT-1.7.1-150200.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
python3-PyJWT-1.7.1-150200.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
python3-PyJWT-1.7.1-150200.3.3.1
- SUSE Enterprise Storage 7 (noarch):
python3-PyJWT-1.7.1-150200.3.3.1
References:
https://www.suse.com/security/cve/CVE-2022-29217.html
https://bugzilla.suse.com/1199756
1
0
SUSE-SU-2022:2400-1: important: Security update for oracleasm
by opensuse-security@opensuse.org 14 Jul '22
by opensuse-security@opensuse.org 14 Jul '22
14 Jul '22
SUSE Security Update: Security update for oracleasm
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2400-1
Rating: important
References: #1198581
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update of oracleasm fixes the following issue:
- rebuild with new secure boot key due to grub2 boothole 3 issues
(bsc#1198581)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2400=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2400=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2400=1
Package List:
- openSUSE Leap 15.4 (x86_64):
oracleasm-kmp-rt-2.0.8_k5.3.18_8.13-150300.19.5.3
oracleasm-kmp-rt-debuginfo-2.0.8_k5.3.18_8.13-150300.19.5.3
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
oracleasm-debugsource-2.0.8-150300.19.5.3
oracleasm-kmp-default-2.0.8_k5.3.18_150300.59.76-150300.19.5.3
oracleasm-kmp-default-debuginfo-2.0.8_k5.3.18_150300.59.76-150300.19.5.3
- openSUSE Leap 15.3 (aarch64 x86_64):
oracleasm-kmp-preempt-2.0.8_k5.3.18_150300.59.76-150300.19.5.3
oracleasm-kmp-preempt-debuginfo-2.0.8_k5.3.18_150300.59.76-150300.19.5.3
- openSUSE Leap 15.3 (aarch64):
oracleasm-kmp-64kb-2.0.8_k5.3.18_150300.59.76-150300.19.5.3
oracleasm-kmp-64kb-debuginfo-2.0.8_k5.3.18_150300.59.76-150300.19.5.3
- openSUSE Leap 15.3 (x86_64):
oracleasm-kmp-rt-2.0.8_k5.3.18_8.13-150300.19.5.3
oracleasm-kmp-rt-debuginfo-2.0.8_k5.3.18_8.13-150300.19.5.3
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
oracleasm-kmp-default-2.0.8_k5.3.18_150300.59.76-150300.19.5.3
oracleasm-kmp-default-debuginfo-2.0.8_k5.3.18_150300.59.76-150300.19.5.3
References:
https://bugzilla.suse.com/1198581
1
0
SUSE-SU-2022:2396-1: important: Security update for logrotate
by opensuse-security@opensuse.org 14 Jul '22
by opensuse-security@opensuse.org 14 Jul '22
14 Jul '22
SUSE Security Update: Security update for logrotate
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2396-1
Rating: important
References: #1192449 #1199652 #1200278 #1200802
Cross-References: CVE-2022-1348
CVSS scores:
CVE-2022-1348 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1348 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has three fixes
is now available.
Description:
This update for logrotate fixes the following issues:
Security issues fixed:
- CVE-2022-1348: Fixed insecure permissions for state file creation
(bsc#1199652).
- Improved coredump handing for SUID binaries (bsc#1192449).
Non-security issues fixed:
- Fixed "logrotate emits unintended warning: keyword size not properly
separated, found 0x3d" (bsc#1200278, bsc#1200802).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2396=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2396=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
logrotate-3.18.1-150400.3.7.1
logrotate-debuginfo-3.18.1-150400.3.7.1
logrotate-debugsource-3.18.1-150400.3.7.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
logrotate-3.18.1-150400.3.7.1
logrotate-debuginfo-3.18.1-150400.3.7.1
logrotate-debugsource-3.18.1-150400.3.7.1
References:
https://www.suse.com/security/cve/CVE-2022-1348.html
https://bugzilla.suse.com/1192449
https://bugzilla.suse.com/1199652
https://bugzilla.suse.com/1200278
https://bugzilla.suse.com/1200802
1
0
SUSE-SU-2022:2395-1: important: Security update for virglrenderer
by opensuse-security@opensuse.org 14 Jul '22
by opensuse-security@opensuse.org 14 Jul '22
14 Jul '22
SUSE Security Update: Security update for virglrenderer
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2395-1
Rating: important
References: #1195389
Cross-References: CVE-2022-0135
CVSS scores:
CVE-2022-0135 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for virglrenderer fixes the following issues:
- CVE-2022-0135: Fix OOB in read_transfer_data. (bsc#1195389)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2395=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2395=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libvirglrenderer1-0.9.1-150400.3.3.1
libvirglrenderer1-debuginfo-0.9.1-150400.3.3.1
virglrenderer-debuginfo-0.9.1-150400.3.3.1
virglrenderer-debugsource-0.9.1-150400.3.3.1
virglrenderer-devel-0.9.1-150400.3.3.1
virglrenderer-test-server-0.9.1-150400.3.3.1
virglrenderer-test-server-debuginfo-0.9.1-150400.3.3.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
libvirglrenderer1-0.9.1-150400.3.3.1
libvirglrenderer1-debuginfo-0.9.1-150400.3.3.1
virglrenderer-debuginfo-0.9.1-150400.3.3.1
virglrenderer-debugsource-0.9.1-150400.3.3.1
virglrenderer-devel-0.9.1-150400.3.3.1
References:
https://www.suse.com/security/cve/CVE-2022-0135.html
https://bugzilla.suse.com/1195389
1
0
openSUSE-SU-2022:10057-1: important: Security update for opera
by opensuse-security@opensuse.org 13 Jul '22
by opensuse-security@opensuse.org 13 Jul '22
13 Jul '22
openSUSE Security Update: Security update for opera
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10057-1
Rating: important
References:
Cross-References: CVE-2022-2007 CVE-2022-2008 CVE-2022-2010
CVE-2022-2011 CVE-2022-2294
Affected Products:
openSUSE Leap 15.3:NonFree
openSUSE Leap 15.4:NonFree
______________________________________________________________________________
An update that fixes 5 vulnerabilities is now available.
Description:
This update for opera fixes the following issues:
opera was updated to 88.0.4412.74:
- DNA-100645 Cherry-pick CVE-2022-2294 onto stabilization branches
Update to 88.0.4412.53
- DNA-99108 [Lin] Options on video pop out not possible to change
- DNA-99832 On automatic video popout, close button should not stop video
- DNA-99833 Allow turning on and off of each 'BABE' section from gear
icon
- DNA-99852 Default browser in Mac installer
- DNA-99993 Crashes in AudioFileReaderTest,
FFmpegAACBitstreamConverterTest
- DNA-100045 iFrame Exception not unblocked with Acceptable Ads
- DNA-100291 Update snapcraft uploading/releasing in scripts to use
craft store
Changes in 88.0.4412.40
- CHR-8905 Update chromium on desktop-stable-102-4412 to 102.0.5005.115
- DNA-99713 Sizing issues with video conferencing controls in PiP window
- DNA-99831 Add 'back to tab' button like on video pop-out
- The update to chromium 102.0.5005.115 fixes following issues:
CVE-2022-2007, CVE-2022-2008, CVE-2022-2010, CVE-2022-2011
Changes in 88.0.4412.27
- DNA-99725 Crash at opera::ModalDialogViews::Show()
- DNA-99752 Do not allow to uncheck all lists for adBlock
- DNA-99918 Enable #scrollable-tab-strip on desktop-stable-102-4412
- DNA-99969 Promote O88 to stable
- Complete Opera 88.0 changelog at:
https://blogs.opera.com/desktop/changelog-for-88/
Update to 87.0.4390.45
- DNA-99478 Top Sites don���t always has big icon
- DNA-99702 Enable Acceptable Ads for stable stream
- DNA-99725 Crash at opera::ModalDialogViews::Show()
- DNA-99752 Do not allow to uncheck all lists for adBlock
- Update to 87.0.4390.36
- CHR-8883 Update chromium on desktop-stable-101-4390 to 101.0.4951.67
- DNA-99190 Investigate windows installer signature errors on win7
- DNA-99502 Sidebar ��� API to open panels
- DNA-99593 Report sad tab displayed counts per kind
- DNA-99628 Personalized Speed Dial context menu issue fix
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:NonFree:
zypper in -t patch openSUSE-2022-10057=1
- openSUSE Leap 15.3:NonFree:
zypper in -t patch openSUSE-2022-10057=1
Package List:
- openSUSE Leap 15.4:NonFree (x86_64):
opera-88.0.4412.74-lp154.2.11.1
- openSUSE Leap 15.3:NonFree (x86_64):
opera-88.0.4412.74-lp153.2.51.1
References:
https://www.suse.com/security/cve/CVE-2022-2007.html
https://www.suse.com/security/cve/CVE-2022-2008.html
https://www.suse.com/security/cve/CVE-2022-2010.html
https://www.suse.com/security/cve/CVE-2022-2011.html
https://www.suse.com/security/cve/CVE-2022-2294.html
1
0
SUSE-SU-2022:2378-1: important: Security update for cifs-utils
by opensuse-security@opensuse.org 13 Jul '22
by opensuse-security@opensuse.org 13 Jul '22
13 Jul '22
SUSE Security Update: Security update for cifs-utils
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2378-1
Rating: important
References: #1197216
Cross-References: CVE-2022-27239
CVSS scores:
CVE-2022-27239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-27239 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for cifs-utils fixes the following issues:
- CVE-2022-27239: Fixed a buffer overflow in the command line ip option
(bsc#1197216).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2378=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2378=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
cifs-utils-6.15-150400.3.6.1
cifs-utils-debuginfo-6.15-150400.3.6.1
cifs-utils-debugsource-6.15-150400.3.6.1
cifs-utils-devel-6.15-150400.3.6.1
pam_cifscreds-6.15-150400.3.6.1
pam_cifscreds-debuginfo-6.15-150400.3.6.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
cifs-utils-6.15-150400.3.6.1
cifs-utils-debuginfo-6.15-150400.3.6.1
cifs-utils-debugsource-6.15-150400.3.6.1
cifs-utils-devel-6.15-150400.3.6.1
References:
https://www.suse.com/security/cve/CVE-2022-27239.html
https://bugzilla.suse.com/1197216
1
0