August 2022 - openSUSE Security Announce

openSUSE-SU-2022:10089-1: important: Security update for seamonkey
by opensuse-security＠opensuse.org 16 Aug '22

16 Aug '22

openSUSE Security Update: Security update for seamonkey ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10089-1 Rating: important References: Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for seamonkey fixes the following issues: update to SeaMonkey 2.53.13 * Updates to devtools. * Updates to build configuration. * Starting the switch from Python 2 to Python 3 in the build system. * Removal of array comprehensions, legacy iterators and generators bug 1414340 and bug 1098412. * Adding initial optional chaining and Promise.allSettled() support. * SeaMonkey 2.53.13 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.13 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 91.11 and Thunderbird 91.11 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. update to SeaMonkey 2.53.12 * Format Toolbar forgets its hidden status when switching to other view modes bug 1719020. * Remove obsolete plugin code from SeaMonkey bug 1762733. * Fix a few strict warnings in SeaMonkey bug 1755553. * Remove Run Flash from Site permissions and page info bug 1758289. * Use fixIterator and replace use of removeItemAt in FilterListDialog bug 1756359. * Remove RDF usage in tabmail.js bug 1758282. * Implement 'Edit Template' and 'New Message From Template' commands and UI bug 1759376. * [SM] Implement 'Edit Draft' command and hide it when not in a draft folder (port Thunderbird bug 1106412) bug 1256716. * Messages in Template folder need "Edit Template" button in header (like for Drafts) bug 80280. * Refactor and simplify the feed Subscribe dialog options updates bug 1420473. * Add system memory and disk size and placeDB page limit to about:support bug 1753729. * Remove warning about missing plugins in SeaMonkey 2.53 and 2.57 bug 1755558. * SeaMonkey 2.53.12 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.12 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 91.9 and Thunderbird 91.9 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. update to SeaMonkey 2.53.11.1 * Fix edge case when setting IntersectionObserver threshold bug 1758291. * OAuth2 prefs should use realuserName instead of username bug 1518126. * SeaMonkey 2.53.11.1 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.11.1 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 91.7 and Thunderbird 91.7 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. update to SeaMonkey 2.53.11 * Remove obsolete MOZ_EXTENSIONS check in suite bug 1749146. * Add connect button to cZ Networks Editor bug 1736443. * Remove freenode remnants from ChatZilla in SeaMonkey bug 1741082. * Prefer secure over insecure protocol in network list in ChatZilla bug 1744440. * Composer - Change tag textbox is not removed after use bug 1755369. * Clean up repo links in debugQA bug 1746790. * Fix misspelled references to macOS in suite bug 1749144. * Remove obsolete references to Java and Flash bug 1749141. * Help button not working in delete cert dialog bug 1750386. * Rearrange Message Filter Dialog to make room for new features bug 1735053. * Use Insert key as shortcut to create new message filters bug 1735055. * Rename some variables used in SeaMonkey's FilterListDialog to match Thunderbird's bug 1735056. * Implement Copy to New message filter functionality bug 1735057. * Add move to top / bottom buttons to message filters bug 1735059. * Add preference to not prompt for message filter deletion bug 1735061. * Clean up folder handling in FilterListDialog bug 1736425. * Add refresh function to Filter list dialog so that it can be updated when already open and new filters are added externally bug 1737450. * Use listbox rather than tree in FilterListDialog bug 1746081. * MsgFilterList(args) should take targetFilter and pass it to FilterListDialog bug 1753891. * Mail&News' start.xhtml: "We" link broken bug 1748178. * Add search functionality to filter dialog bug 1749207. * Move the taskbar refresh timer in SeaMonkey to idle dispatch bug 1746788. * Prevent subresource loads from showing the progress indicator on the tab in SeaMonkey bug 1746787. * SeaMonkey 2.53.11 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * Additional important security fixes up to Current Firefox 91.6 ESR and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. * SeaMonkey 2.53.11 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.0 release notes for specific changes and security fixes in this release. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10089=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 i586 x86_64): seamonkey-2.53.13-bp154.2.3.1 seamonkey-debuginfo-2.53.13-bp154.2.3.1 seamonkey-debugsource-2.53.13-bp154.2.3.1 seamonkey-dom-inspector-2.53.13-bp154.2.3.1 seamonkey-irc-2.53.13-bp154.2.3.1 References:

1 0

openSUSE-SU-2022:10091-1: important: Security update for canna
by opensuse-security＠opensuse.org 16 Aug '22

16 Aug '22

openSUSE Security Update: Security update for canna ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10091-1 Rating: important References: #1199280 Cross-References: CVE-2022-21950 CVSS scores: CVE-2022-21950 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for canna fixes the following issues: - CVE-2022-21950: Move UNIX socket dir from /tmp to /run to avoid local attackers being able to place bogus directories in its stead. Use systemd-tmpfiles for cleaning old sockets (boo#1199280). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10091=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): canna-3.7p3-bp154.3.3.1 canna-devel-3.7p3-bp154.3.3.1 canna-libs-3.7p3-bp154.3.3.1 - openSUSE Backports SLE-15-SP4 (aarch64_ilp32): canna-libs-64bit-3.7p3-bp154.3.3.1 - openSUSE Backports SLE-15-SP4 (x86_64): canna-libs-32bit-3.7p3-bp154.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-21950.html https://bugzilla.suse.com/1199280

1 0

openSUSE-SU-2022:10090-1: important: Security update for canna
by opensuse-security＠opensuse.org 16 Aug '22

16 Aug '22

openSUSE Security Update: Security update for canna ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10090-1 Rating: important References: #1199280 Cross-References: CVE-2022-21950 CVSS scores: CVE-2022-21950 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for canna fixes the following issues: - CVE-2022-21950: move UNIX socket dir from /tmp to /run to avoid local attackers being able to place bogus directories in its stead. Use systemd-tmpfiles for cleaning old sockets (boo#1199280). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-10090=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64): canna-3.7p3-bp153.2.3.1 canna-devel-3.7p3-bp153.2.3.1 canna-libs-3.7p3-bp153.2.3.1 - openSUSE Backports SLE-15-SP3 (aarch64_ilp32): canna-libs-64bit-3.7p3-bp153.2.3.1 - openSUSE Backports SLE-15-SP3 (x86_64): canna-libs-32bit-3.7p3-bp153.2.3.1 References: https://www.suse.com/security/cve/CVE-2022-21950.html https://bugzilla.suse.com/1199280

1 0

openSUSE-SU-2022:10087-1: important: Security update for opera
by opensuse-security＠opensuse.org 16 Aug '22

16 Aug '22

openSUSE Security Update: Security update for opera ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10087-1 Rating: important References: Cross-References: CVE-2022-2163 CVE-2022-2294 CVE-2022-2295 CVE-2022-2296 CVE-2022-2477 CVE-2022-2478 CVE-2022-2479 CVE-2022-2480 CVE-2022-2481 CVSS scores: CVE-2022-2163 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2294 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2295 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2296 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2477 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2478 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2479 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-2480 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2481 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3:NonFree ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for opera fixes the following issues: opera was updated to 89.0.4447.71 - CHR-8957 Update chromium on desktop-stable-103-4447 to 103.0.5060.134 - DNA-100492 authPrivate.storeCredentials should work with running auth session - DNA-100649 ��Sign out�� from settings doesn��t also sign out from auth - DNA-100653 VPN Badge popup �� not working well with different page zoom being set in browser settings - DNA-100712 Wrong spacing on text to reset sync passphrase in settings - DNA-100799 VPN icon is ��pro�� on disconnected - DNA-100841 Remove Get Subscription and Get button from VPN pro settings - DNA-100883 Update missing translations from chromium - DNA-100899 Translation error in Turkish - DNA-100912 Unable to select pinboards when sync everything is enabled - DNA-100959 Use after move RecentSearchProvider::ExecuteWithDB - DNA-100960 Use after move CountryBlacklistServiceImpl::DownloadCountryBlacklist - DNA-100961 Use after move CategorizationDataCollection::Iterator::Iterator - DNA-100989 Crash at opera::EasyFileButton::SetThumbnail(gfx::ImageSkia const&) - The update to chromium 103.0.5060.134 fixes following issues: CVE-2022-2163, CVE-2022-2477, CVE-2022-2478, CVE-2022-2479 CVE-2022-2480, CVE-2022-2481 opera was updated to 89.0.4447.51 - DNA-99538 Typed content of address bar shared between tabs - DNA-100418 Set 360 so as search engine in China - DNA-100629 Launch Auth login when enabling sync while logged in - DNA-100776 Popup is too long if there are no services available opera was updated to 89.0.4447.48 - CHR-8940 Update chromium on desktop-stable-103-4447 to 103.0.5060.114 - DNA-100247 Make it possible to display hint when tab scrolling gets triggered - DNA-100482 Shopping corner icon availability - DNA-100575 Add unique IDs to all web element in opera account popup - DNA-100625 Opera account popup appears too high on Linux - DNA-100627 Enable #snap-from-panel on all stream - DNA-100636 DCHECK at suggestion_item.cc(484) - DNA-100685 Fix crash when attaching to tab strip scroll buttons - DNA-100693 Enable Sticky Site sidebar item to have notification bubble - DNA-100698 [AdBlock] Unhandled Disconnect list category: "emailaggressive" - DNA-100716 Misstype Settings "Enhanced address bar" - DNA-100732 Fix & escaping in translated strings - DNA-100759 Crash when loading personal news in private window - The update to chromium 103.0.5060.114 fixes following issues: CVE-2022-2294, CVE-2022-2295, CVE-2022-2296 opera was updated to 89.0.4447.38 - DNA-100283 Translations for O89 - Complete Opera 89.0 changelog at: https://blogs.opera.com/desktop/changelog-for-89/ opera was updated to 89.0.4447.37 - CHR-8929 Update chromium on desktop-stable-103-4447 to 103.0.5060.66 - DNA-99780 Crash at zmq::zmq_abort(char const*) - DNA-100377 New opera account popup doesn��t open on Linux - DNA-100589 Crash at base::internal::Invoker<T>::RunOnce (base::internal::BindStateBase*, scoped_refptr<T>&&) - DNA-100607 Sync ��Sign in�� button doesn��t work with Opera Account popup Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3:NonFree: zypper in -t patch openSUSE-2022-10087=1 Package List: - openSUSE Leap 15.3:NonFree (x86_64): opera-89.0.4447.71-lp153.2.54.1 References: https://www.suse.com/security/cve/CVE-2022-2163.html https://www.suse.com/security/cve/CVE-2022-2294.html https://www.suse.com/security/cve/CVE-2022-2295.html https://www.suse.com/security/cve/CVE-2022-2296.html https://www.suse.com/security/cve/CVE-2022-2477.html https://www.suse.com/security/cve/CVE-2022-2478.html https://www.suse.com/security/cve/CVE-2022-2479.html https://www.suse.com/security/cve/CVE-2022-2480.html https://www.suse.com/security/cve/CVE-2022-2481.html

1 0

openSUSE-SU-2022:10088-1: important: Security update for opera
by opensuse-security＠opensuse.org 16 Aug '22

16 Aug '22

openSUSE Security Update: Security update for opera ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10088-1 Rating: important References: Cross-References: CVE-2022-2163 CVE-2022-2294 CVE-2022-2295 CVE-2022-2296 CVE-2022-2477 CVE-2022-2478 CVE-2022-2479 CVE-2022-2480 CVE-2022-2481 CVSS scores: CVE-2022-2163 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2294 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2295 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2296 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2477 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2478 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2479 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-2480 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2481 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.4:NonFree ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for opera fixes the following issues: Opera was updated to 89.0.4447.71 - CHR-8957 Update chromium on desktop-stable-103-4447 to 103.0.5060.134 - DNA-100492 authPrivate.storeCredentials should work with running auth session - DNA-100649 ��Sign out�� from settings doesn��t also sign out from auth - DNA-100653 VPN Badge popup �� not working well with different page zoom being set in browser settings - DNA-100712 Wrong spacing on text to reset sync passphrase in settings - DNA-100799 VPN icon is ��pro�� on disconnected - DNA-100841 Remove Get Subscription and Get button from VPN pro settings - DNA-100883 Update missing translations from chromium - DNA-100899 Translation error in Turkish - DNA-100912 Unable to select pinboards when sync everything is enabled - DNA-100959 Use after move RecentSearchProvider::ExecuteWithDB - DNA-100960 Use after move CountryBlacklistServiceImpl::DownloadCountryBlacklist - DNA-100961 Use after move CategorizationDataCollection::Iterator::Iterator - DNA-100989 Crash at opera::EasyFileButton::SetThumbnail(gfx::ImageSkia const&) - The update to chromium 103.0.5060.134 fixes following issues: CVE-2022-2163, CVE-2022-2477, CVE-2022-2478, CVE-2022-2479 CVE-2022-2480, CVE-2022-2481 - Update to 89.0.4447.51 - DNA-99538 Typed content of address bar shared between tabs - DNA-100418 Set 360 so as search engine in China - DNA-100629 Launch Auth login when enabling sync while logged in - DNA-100776 Popup is too long if there are no services available - Update to 89.0.4447.48 - CHR-8940 Update chromium on desktop-stable-103-4447 to 103.0.5060.114 - DNA-100247 Make it possible to display hint when tab scrolling gets triggered - DNA-100482 Shopping corner icon availability - DNA-100575 Add unique IDs to all web element in opera account popup - DNA-100625 Opera account popup appears too high on Linux - DNA-100627 Enable #snap-from-panel on all stream - DNA-100636 DCHECK at suggestion_item.cc(484) - DNA-100685 Fix crash when attaching to tab strip scroll buttons - DNA-100693 Enable Sticky Site sidebar item to have notification bubble - DNA-100698 [AdBlock] Unhandled Disconnect list category: "emailaggressive" - DNA-100716 Misstype Settings "Enhanced address bar" - DNA-100732 Fix & escaping in translated strings - DNA-100759 Crash when loading personal news in private window - The update to chromium 103.0.5060.114 fixes following issues: CVE-2022-2294, CVE-2022-2295, CVE-2022-2296 - Update to 89.0.4447.38 - DNA-100283 Translations for O89 - Complete Opera 89.0 changelog at: https://blogs.opera.com/desktop/changelog-for-89/ - Changes in 89.0.4447.37 - CHR-8929 Update chromium on desktop-stable-103-4447 to 103.0.5060.66 - DNA-99780 Crash at zmq::zmq_abort(char const*) - DNA-100377 New opera account popup doesn��t open on Linux - DNA-100589 Crash at base::internal::Invoker<T>::RunOnce (base::internal::BindStateBase*, scoped_refptr<T>&&) - DNA-100607 Sync ��Sign in�� button doesn��t work with Opera Account popup Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4:NonFree: zypper in -t patch openSUSE-2022-10088=1 Package List: - openSUSE Leap 15.4:NonFree (x86_64): opera-89.0.4447.71-lp154.2.14.1 References: https://www.suse.com/security/cve/CVE-2022-2163.html https://www.suse.com/security/cve/CVE-2022-2294.html https://www.suse.com/security/cve/CVE-2022-2295.html https://www.suse.com/security/cve/CVE-2022-2296.html https://www.suse.com/security/cve/CVE-2022-2477.html https://www.suse.com/security/cve/CVE-2022-2478.html https://www.suse.com/security/cve/CVE-2022-2479.html https://www.suse.com/security/cve/CVE-2022-2480.html https://www.suse.com/security/cve/CVE-2022-2481.html

1 0

SUSE-SU-2022:2801-1: moderate: Security update for cifs-utils
by opensuse-security＠opensuse.org 12 Aug '22

12 Aug '22

SUSE Security Update: Security update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2801-1 Rating: moderate References: #1198976 Cross-References: CVE-2022-29869 CVSS scores: CVE-2022-29869 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-29869 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cifs-utils fixes the following issues: - CVE-2022-29869: Fixed verbose messages on option parsing causing information leak (bsc#1198976). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2801=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2801=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2801=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-150100.5.18.1 cifs-utils-debuginfo-6.9-150100.5.18.1 cifs-utils-debugsource-6.9-150100.5.18.1 cifs-utils-devel-6.9-150100.5.18.1 pam_cifscreds-6.9-150100.5.18.1 pam_cifscreds-debuginfo-6.9-150100.5.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-150100.5.18.1 cifs-utils-debuginfo-6.9-150100.5.18.1 cifs-utils-debugsource-6.9-150100.5.18.1 cifs-utils-devel-6.9-150100.5.18.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): cifs-utils-6.9-150100.5.18.1 cifs-utils-debuginfo-6.9-150100.5.18.1 cifs-utils-debugsource-6.9-150100.5.18.1 References: https://www.suse.com/security/cve/CVE-2022-29869.html https://bugzilla.suse.com/1198976

1 0

openSUSE-SU-2022:10086-1: important: Security update for chromium
by opensuse-security＠opensuse.org 12 Aug '22

12 Aug '22

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10086-1 Rating: important References: #1202075 Cross-References: CVE-2022-2603 CVE-2022-2604 CVE-2022-2605 CVE-2022-2606 CVE-2022-2607 CVE-2022-2608 CVE-2022-2609 CVE-2022-2610 CVE-2022-2611 CVE-2022-2612 CVE-2022-2613 CVE-2022-2614 CVE-2022-2615 CVE-2022-2616 CVE-2022-2617 CVE-2022-2618 CVE-2022-2619 CVE-2022-2620 CVE-2022-2621 CVE-2022-2622 CVE-2022-2623 CVE-2022-2624 Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes 22 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Chromium 104.0.5112.79 (boo#1202075) * CVE-2022-2603: Use after free in Omnibox * CVE-2022-2604: Use after free in Safe Browsing * CVE-2022-2605: Out of bounds read in Dawn * CVE-2022-2606: Use after free in Managed devices API * CVE-2022-2607: Use after free in Tab Strip * CVE-2022-2608: Use after free in Overview Mode * CVE-2022-2609: Use after free in Nearby Share * CVE-2022-2610: Insufficient policy enforcement in Background Fetch * CVE-2022-2611: Inappropriate implementation in Fullscreen API * CVE-2022-2612: Side-channel information leakage in Keyboard input * CVE-2022-2613: Use after free in Input * CVE-2022-2614: Use after free in Sign-In Flow * CVE-2022-2615: Insufficient policy enforcement in Cookies * CVE-2022-2616: Inappropriate implementation in Extensions API * CVE-2022-2617: Use after free in Extensions API * CVE-2022-2618: Insufficient validation of untrusted input in Internals * CVE-2022-2619: Insufficient validation of untrusted input in Settings * CVE-2022-2620: Use after free in WebUI * CVE-2022-2621: Use after free in Extensions * CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing * CVE-2022-2623: Use after free in Offline * CVE-2022-2624: Heap buffer overflow in PDF - Switch back to Clang so that we can use BTI on aarch64 * Gold is too old - doesn't understand BTI * LD crashes on aarch64 - Re-enable LTO - Prepare move to FFmpeg 5 for new channel layout (requires 5.1+) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10086=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 x86_64): chromedriver-104.0.5112.79-bp154.2.20.1 chromium-104.0.5112.79-bp154.2.20.1 References: https://www.suse.com/security/cve/CVE-2022-2603.html https://www.suse.com/security/cve/CVE-2022-2604.html https://www.suse.com/security/cve/CVE-2022-2605.html https://www.suse.com/security/cve/CVE-2022-2606.html https://www.suse.com/security/cve/CVE-2022-2607.html https://www.suse.com/security/cve/CVE-2022-2608.html https://www.suse.com/security/cve/CVE-2022-2609.html https://www.suse.com/security/cve/CVE-2022-2610.html https://www.suse.com/security/cve/CVE-2022-2611.html https://www.suse.com/security/cve/CVE-2022-2612.html https://www.suse.com/security/cve/CVE-2022-2613.html https://www.suse.com/security/cve/CVE-2022-2614.html https://www.suse.com/security/cve/CVE-2022-2615.html https://www.suse.com/security/cve/CVE-2022-2616.html https://www.suse.com/security/cve/CVE-2022-2617.html https://www.suse.com/security/cve/CVE-2022-2618.html https://www.suse.com/security/cve/CVE-2022-2619.html https://www.suse.com/security/cve/CVE-2022-2620.html https://www.suse.com/security/cve/CVE-2022-2621.html https://www.suse.com/security/cve/CVE-2022-2622.html https://www.suse.com/security/cve/CVE-2022-2623.html https://www.suse.com/security/cve/CVE-2022-2624.html https://bugzilla.suse.com/1202075

1 0

SUSE-SU-2022:2803-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 12 Aug '22

12 Aug '22

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2803-1 Rating: important References: #1190256 #1190497 #1199291 #1199356 #1199665 #1201258 #1201323 #1201391 #1201458 #1201592 #1201593 #1201595 #1201596 #1201635 #1201651 #1201691 #1201705 #1201726 #1201846 #1201930 #1202094 SLE-21132 SLE-24569 SLE-24570 SLE-24571 SLE-24578 SLE-24635 SLE-24682 Cross-References: CVE-2021-33655 CVE-2022-21505 CVE-2022-2585 CVE-2022-26373 CVE-2022-29581 CVSS scores: CVE-2021-33655 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-21505 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2585 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 5 vulnerabilities, contains 7 features and has 16 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-2585: Fixed use-after-free in POSIX CPU timer (bnc#1202094). - CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458). - CVE-2022-26373: Fixed CPU info leak via post-barrier RSB predictions (bsc#1201726). - CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665). The following non-security bugs were fixed: - ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (git-fixes). - ACPI: video: Fix acpi_video_handles_brightness_key_presses() (git-fixes). - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes). - ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0) (git-fixes). - ALSA: usb-audio: Add quirk for Fiero SC-01 (git-fixes). - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (git-fixes). - ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (git-fixes). - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (git-fixes). - ARM: 9210/1: Mark the FDT_FIXED sections as shareable (git-fixes). - ARM: 9213/1: Print message about disabled Spectre workarounds only once (git-fixes). - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (git-fixes). - ARM: dts: at91: sama5d2: Fix typo in i2s1 node (git-fixes). - ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (git-fixes). - ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 (git-fixes). - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (git-fixes). - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes). - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes). - ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem (git-fixes). - ASoC: Intel: sof_sdw: handle errors on card registration (git-fixes). - ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove (git-fixes). - ASoC: Remove unused hw_write_t type (git-fixes). - ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow (git-fixes). - ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe (git-fixes). - ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect (git-fixes). - ASoC: cs47l15: Fix event generation for low power mux control (git-fixes). - ASoC: dapm: Initialise kcontrol data for mux/demux controls (git-fixes). - ASoC: madera: Fix event generation for OUT1 demux (git-fixes). - ASoC: madera: Fix event generation for rate controls (git-fixes). - ASoC: ops: Fix off by one in range control validation (git-fixes). - ASoC: rt5682: Avoid the unexpected IRQ event during going to suspend (git-fixes). - ASoC: rt5682: Fix deadlock on resume (git-fixes). - ASoC: rt5682: Re-detect the combo jack after resuming (git-fixes). - ASoC: rt5682: fix an incorrect NULL check on list iterator (git-fixes). - ASoC: rt5682: move clk related code to rt5682_i2c_probe (git-fixes). - ASoC: rt7*-sdw: harden jack_detect_handler (git-fixes). - ASoC: rt711-sdca-sdw: fix calibrate mutex initialization (git-fixes). - ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error (git-fixes). - ASoC: rt711: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: rt711: fix calibrate mutex initialization (git-fixes). - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes). - ASoC: tas2764: Add post reset delays (git-fixes). - ASoC: tas2764: Correct playback volume range (git-fixes). - ASoC: tas2764: Fix amp gain register offset & default (git-fixes). - ASoC: tas2764: Fix and extend FSYNC polarity handling (git-fixes). - ASoC: wcd938x: Fix event generation for some controls (git-fixes). - ASoC: wm5110: Fix DRE control (git-fixes). - Bluetooth: btusb: Add the new support IDs for WCN6855 (git-fixxes). - Input: cpcap-pwrbutton - handle errors from platform_get_irq() (git-fixes). - Input: i8042 - Apply probe defer to more ASUS ZenBook models (bsc#1190256). - NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes). - VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635). - VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635). - VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635). - VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635). - arm64: Add HWCAP for self-synchronising virtual counter (git-fixes) - arm64: Add cavium_erratum_23154_cpus missing sentinel (jsc#SLE-24682). - arm64: cpufeature: add HWCAP for FEAT_AFP (git-fixes) - arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot (git-fixes). - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes) - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes). - arm64: dts: rockchip: Assign RK3399 VDU clock rate (git-fixes). - arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA transfer (git-fixes) - batman-adv: Use netif_rx() (git-fixes). - bcmgenet: add WOL IRQ check (git-fixes). - be2net: Fix buffer overflow in be_get_module_eeprom (bsc#1201323). - blk-mq: add one API for waiting until quiesce is done (bsc#1201651). - blk-mq: fix kabi support concurrent queue quiesce unquiesce (bsc#1201651). - blk-mq: support concurrent queue quiesce/unquiesce (bsc#1201651). - can: bcm: use call_rcu() instead of costly synchronize_rcu() (git-fixes). - can: grcan: grcan_probe(): remove extra of_node_get() (git-fixes). - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes). - can: m_can: m_can_chip_config(): actually enable internal timestamping (git-fixes). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for mcp2517fd (git-fixes). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on TBC register (git-fixes). - ceph: fix up non-directory creation in SGID directories (bsc#1201595). - cpufreq: mediatek: Unregister platform device on exit (git-fixes). - cpufreq: mediatek: Use module_init and add module_exit (git-fixes). - cpufreq: pmac32-cpufreq: Fix refcount leak bug (git-fixes). - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes) - crypto: hisilicon/qm - modify the uacce mode check (bsc#1201391). - crypto: octeontx2 - Avoid stack variable overflow (jsc#SLE-24682). - crypto: octeontx2 - CN10K CPT to RNM workaround (jsc#SLE-24682). - crypto: octeontx2 - Use swap() instead of swap_engines() (jsc#SLE-24682). - crypto: octeontx2 - add apis for custom engine groups (jsc#SLE-24682). - crypto: octeontx2 - add synchronization between mailbox accesses (jsc#SLE-24682). - crypto: octeontx2 - fix missing unlock (jsc#SLE-24682). - crypto: octeontx2 - increase CPT HW instruction queue length (jsc#SLE-24682). - crypto: octeontx2 - out of bounds access in otx2_cpt_dl_custom_egrp_delete() (jsc#SLE-24682). - crypto: octeontx2 - parameters for custom engine groups (jsc#SLE-24682). - crypto: octeontx2 - select CONFIG_NET_DEVLINK (jsc#SLE-24682). - crypto: octeontx2 - use swap() to make code cleaner (jsc#SLE-24682). - crypto: qat - fix memory leak in RSA (git-fixes). - crypto: qat - remove dma_free_coherent() for DH (git-fixes). - crypto: qat - remove dma_free_coherent() for RSA (git-fixes). - crypto: qat - set CIPHER capability for DH895XCC (git-fixes). - crypto: qat - set to zero DH parameters before free (git-fixes). - crypto: testmgr - allow ecdsa-nist in FIPS mode (jsc#SLE-21132,bsc#1201258). - device property: Add fwnode_irq_get_byname (jsc#SLE-24569) - dm: do not stop request queue after the dm device is suspended (bsc#1201651). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes). - dmaengine: lgm: Fix an error handling path in intel_ldma_probe() (git-fixes). - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes). - dmaengine: qcom: bam_dma: fix runtime PM underflow (git-fixes). - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes). - docs: firmware-guide: ACPI: Add named interrupt doc (jsc#SLE-24569) - docs: net: dsa: add more info about the other arguments to get_tag_protocol (git-fixes). - docs: net: dsa: delete port_mdb_dump (git-fixes). - docs: net: dsa: document change_tag_protocol (git-fixes). - docs: net: dsa: document port_fast_age (git-fixes). - docs: net: dsa: document port_setup and port_teardown (git-fixes). - docs: net: dsa: document the shutdown behavior (git-fixes). - docs: net: dsa: document the teardown method (git-fixes). - docs: net: dsa: re-explain what port_fdb_dump actually does (git-fixes). - docs: net: dsa: remove port_vlan_dump (git-fixes). - docs: net: dsa: rename tag_protocol to get_tag_protocol (git-fixes). - docs: net: dsa: update probing documentation (git-fixes). - dpaa2-eth: Initialize mutex used in one step timestamping path (git-fixes). - dpaa2-eth: destroy workqueue at the end of remove function (git-fixes). - dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes). - drbd: fix potential silent data corruption (git-fixes). - drivers: net: smc911x: Check for error irq (git-fixes). - drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw (git-fixes). - drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines (git-fixes). - drm/amd/display: Set min dcfclk if pipe count is 0 (git-fixes). - drm/amd/vcn: fix an error msg on vcn 3.0 (git-fixes). - drm/amdgpu: To flush tlb for MMHUB of RAVEN series (git-fixes). - drm/i915/dg2: Add Wa_22011100796 (git-fixes). - drm/i915/gt: Serialize GRDOM access between multiple engine resets (git-fixes). - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes). - drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist() (git-fixes). - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes). - drm/i915/uc: correctly track uc_fw init failure (git-fixes). - drm/i915: Fix a race between vma / object destruction and unbinding (git-fixes). - drm/i915: Require the vm mutex for i915_vma_bind() (git-fixes). - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes). - drm/imx/dcss: Add missing of_node_put() in fail path (git-fixes). - drm/mediatek: Detect CMDQ execution timeout (git-fixes). - drm/mediatek: Remove the pointer of struct cmdq_client (git-fixes). - drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb (git-fixes). - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes). - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes). - drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (git-fixes). - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (git-fixes). - dt-bindings: gpio: Add Tegra241 support (jsc#SLE-24571) - dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC (git-fixes). - dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible (git-fixes). - e1000e: Enable GPT clock before sending message to CSME (git-fixes). - efi/x86: use naked RET on mixed mode call wrapper (git-fixes). - ethernet: Fix error handling in xemaclite_of_probe (git-fixes). - ethtool: Fix get module eeprom fallback (bsc#1201323). - fbcon: Disallow setting font bigger than screen size (git-fixes). - fbcon: Prevent that screen size is smaller than font size (git-fixes). - fbdev: fbmem: Fix logo center image dx issue (git-fixes). - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes). - fjes: Check for error irq (git-fixes). - fsl/fman: Check for null pointer after calling devm_ioremap (git-fixes). - fsl/fman: Fix missing put_device() call in fman_port_probe (git-fixes). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201593). - fuse: make sure reclaim does not write the inode (bsc#1201592). - gpio: gpio-xilinx: Fix integer overflow (git-fixes). - gpio: pca953x: only use single read/write for No AI mode (git-fixes). - gpio: pca953x: use the correct range when do regmap sync (git-fixes). - gpio: pca953x: use the correct register address when regcache sync during init (git-fixes). - gpio: tegra186: Add IRQ per bank for Tegra241 (jsc#SLE-24571) - gpio: tegra186: Add support for Tegra241 (jsc#SLE-24571) - gve: Recording rx queue before sending to napi (git-fixes). - hwmon: (occ) Prevent power cap command overwriting poll response (git-fixes). - hwmon: (occ) Remove sequence numbering and checksum calculation (git-fixes). - hwrng: cavium - fix NULL but dereferenced coccicheck error (jsc#SLE-24682). - i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes). - i2c: cadence: Unregister the clk notifier in error path (git-fixes). - i2c: mlxcpld: Fix register setting for 400KHz frequency (git-fixes). - i2c: piix4: Fix a memory leak in the EFCH MMIO support (git-fixes). - i2c: smbus: Check for parent device before dereference (git-fixes). - i2c: smbus: Use device_*() functions instead of of_*() (jsc#SLE-24569) - i2c: tegra: Add SMBus block read function (jsc#SLE-24569) - i2c: tegra: Add the ACPI support (jsc#SLE-24569) - i2c: tegra: use i2c_timings for bus clock freq (jsc#SLE-24569) - ice: Avoid RTNL lock when re-creating auxiliary device (git-fixes). - ice: Fix error with handling of bonding MTU (git-fixes). - ice: Fix race condition during interface enslave (git-fixes). - ice: stop disabling VFs due to PF error responses (git-fixes). - ida: do not use BUG_ON() for debugging (git-fixes). - ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes). - ima: Fix potential memory leak in ima_init_crypto() (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (git-fixes). - irqchip/gic-v3: Workaround Marvell erratum 38545 when reading IAR (jsc#SLE-24682). - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (git-fixes). - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - kABI workaround for phy_device changes (git-fixes). - kABI workaround for rtsx_usb (git-fixes). - kABI workaround for snd-soc-rt5682-* (git-fixes). - kABI: fix adding field to scsi_device (git-fixes). - kABI: fix adding field to ufs_hba (git-fixes). - kABI: i2c: smbus: restore of_ alert variant (jsc#SLE-24569). kABI fix for "i2c: smbus: Use device_*() functions instead of of_*()" - kabi/severities: add intel ice - kabi/severities: add stmmac network driver local symbols - kabi/severities: ignore dropped symbol rt5682_headset_detect - kasan: fix tag for large allocations when using CONFIG_SLAB (git fixes (mm/kasan)). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - libceph: fix potential use-after-free on linger ping and resends (bsc#1201596). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - memcg: page_alloc: skip bulk allocator for __GFP_ACCOUNT (git fixes (mm/pgalloc)). - memregion: Fix memregion_free() fallback definition (git-fixes). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes). - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes). - misc: rtsx_usb: use separate command and response buffers (git-fixes). - mm/large system hash: avoid possible NULL deref in alloc_large_system_hash (git fixes (mm/pgalloc)). - mm/secretmem: avoid letting secretmem_users drop to zero (git fixes (mm/secretmem)). - mm/vmalloc: fix numa spreading for large hash tables (git fixes (mm/vmalloc)). - mm/vmalloc: make sure to dump unpurged areas in /proc/vmallocinfo (git fixes (mm/vmalloc)). - mm/vmalloc: repair warn_alloc()s in __vmalloc_area_node() (git fixes (mm/vmalloc)). - mm: do not try to NUMA-migrate COW pages that have other uses (git fixes (mm/numa)). - mm: swap: get rid of livelock in swapin readahead (git fixes (mm/swap)). - mt76: mt7921: get rid of mt7921_mac_set_beacon_filter (git-fixes). - natsemi: xtensa: fix section mismatch warnings (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - net/fsl: xgmac_mdio: Add workaround for erratum A-009885 (git-fixes). - net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (git-fixes). - net/qla3xxx: fix an error code in ql_adapter_up() (git-fixes). - net: ag71xx: Fix a potential double free in error handling paths (git-fixes). - net: altera: set a couple error code in probe() (git-fixes). - net: amd-xgbe: Fix skb data length underflow (git-fixes). - net: amd-xgbe: disable interrupts during pci removal (git-fixes). - net: amd-xgbe: ensure to reset the tx_timer_active flag (git-fixes). - net: annotate data-races on txq->xmit_lock_owner (git-fixes). - net: axienet: Fix TX ring slot available check (git-fixes). - net: axienet: Wait for PhyRstCmplt after core reset (git-fixes). - net: axienet: add missing memory barriers (git-fixes). - net: axienet: fix for TX busy handling (git-fixes). - net: axienet: fix number of TX ring slots for available check (git-fixes). - net: axienet: increase default TX ring size to 128 (git-fixes). - net: axienet: increase reset timeout (git-fixes). - net: axienet: limit minimum TX ring size (git-fixes). - net: bcm4908: Handle dma_set_coherent_mask error codes (git-fixes). - net: bcmgenet: Do not claim WOL when its not available (git-fixes). - net: bcmgenet: skip invalid partial checksums (git-fixes). - net: chelsio: cxgb3: check the return value of pci_find_capability() (git-fixes). - net: cpsw: Properly initialise struct page_pool_params (git-fixes). - net: cpsw: avoid alignment faults by taking NET_IP_ALIGN into account (git-fixes). - net: dsa: ar9331: register the mdiobus under devres (git-fixes). - net: dsa: bcm_sf2: do not use devres for mdiobus (git-fixes). - net: dsa: felix: do not use devres for mdiobus (git-fixes). - net: dsa: lan9303: add VLAN IDs to master device (git-fixes). - net: dsa: lan9303: fix reset on probe (git-fixes). - net: dsa: lantiq_gswip: do not use devres for mdiobus (git-fixes). - net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate() (git-fixes). - net: dsa: mt7530: fix kernel bug in mdiobus_free() when unbinding (git-fixes). - net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY (git-fixes). - net: dsa: mv88e6xxx: do not use devres for mdiobus (git-fixes). - net: dsa: mv88e6xxx: fix use-after-free in mv88e6xxx_mdios_unregister (git-fixes). - net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN (git-fixes). - net: ethernet: lpc_eth: Handle error for clk_enable (git-fixes). - net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config() (git-fixes). - net: ethernet: mtk_eth_soc: fix return values and refactor MDIO ops (git-fixes). - net: ethernet: ti: cpts: Handle error for clk_enable (git-fixes). - net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (git-fixes). - net: ieee802154: ca8210: Fix lifs/sifs periods (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: ieee802154: hwsim: Ensure proper channel selection at probe time (git-fixes). - net: ieee802154: mcr20a: Fix lifs/sifs periods (git-fixes). - net: ipa: add an interconnect dependency (git-fixes). - net: ipa: fix atomic update in ipa_endpoint_replenish() (git-fixes). - net: ipa: prevent concurrent replenish (git-fixes). - net: ipa: use a bitmap for endpoint replenish_enabled (git-fixes). - net: ks8851: Check for error irq (git-fixes). - net: lantiq_xrx200: fix statistics of received bytes (git-fixes). - net: ll_temac: check the return value of devm_kmalloc() (git-fixes). - net: macb: Fix lost RX packet wakeup race in NAPI receive (git-fixes). - net: macsec: Fix offload support for NETDEV_UNREGISTER event (git-fixes). - net: macsec: Verify that send_sci is on when setting Tx sci explicitly (git-fixes). - net: marvell: mvpp2: Fix the computation of shared CPUs (git-fixes). - net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr (git-fixes). - net: marvell: prestera: fix incorrect return of port_find (git-fixes). - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (git-fixes). - net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower offload (git-fixes). - net: mscc: ocelot: fix mutex lock error during ethtool stats read (git-fixes). - net: mscc: ocelot: fix using match before it is set (git-fixes). - net: mv643xx_eth: process retval from of_get_mac_address (git-fixes). - net: mvpp2: fix XDP rx queues registering (git-fixes). - net: phy: Do not trigger state machine while in suspend (git-fixes). - net: phylink: Force link down and retrigger resolve on interface change (git-fixes). - net: phylink: Force retrigger in case of latched link-fail indicator (git-fixes). - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes). - net: sfp: fix high power modules without diagnostic monitoring (git-fixes). - net: sfp: ignore disabled SFP node (git-fixes). - net: sparx5: Fix add vlan when invalid operation (git-fixes). - net: sparx5: Fix get_stat64 crash in tcpdump (git-fixes). - net: stmmac: Add platform level debug register dump feature (git-fixes). - net: stmmac: Avoid DMA_CHAN_CONTROL write if no Split Header support (git-fixes). - net: stmmac: configure PTP clock source prior to PTP initialization (git-fixes). - net: stmmac: dump gmac4 DMA registers correctly (git-fixes). - net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup (git-fixes). - net: stmmac: dwmac-visconti: Fix bit definitions for ETHER_CLK_SEL (git-fixes). - net: stmmac: dwmac-visconti: Fix clock configuration for RMII mode (git-fixes). - net: stmmac: dwmac-visconti: Fix value of ETHER_CLK_SEL_FREQ_SEL_2P5M (git-fixes). - net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for unexpected speed request (git-fixes). - net: stmmac: ensure PTP time register reads are consistent (git-fixes). - net: stmmac: fix return value of __setup handler (git-fixes). - net: stmmac: fix tc flower deletion for VLAN priority Rx steering (git-fixes). - net: stmmac: properly handle with runtime pm in stmmac_dvr_remove() (git-fixes). - net: stmmac: ptp: fix potentially overflowing expression (git-fixes). - net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls (git-fixes). - net: stmmac: skip only stmmac_ptp_register when resume from suspend (git-fixes). - net: sxgbe: fix return value of __setup handler (git-fixes). - net: systemport: Add global locking for descriptor lifecycle (git-fixes). - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). - netdevsim: do not overwrite read only ethtool parms (git-fixes). - nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes). - nvme: add APIs for stopping/starting admin queue (bsc#1201651). - nvme: apply nvme API to quiesce/unquiesce admin queue (bsc#1201651). - nvme: loop: clear NVME_CTRL_ADMIN_Q_STOPPED after admin queue is reallocated (bsc#1201651). - nvme: paring quiesce/unquiesce (bsc#1201651). - nvme: prepare for pairing quiescing and unquiescing (bsc#1201651). - nvme: wait until quiesce is done (bsc#1201651). - octeontx2-af: Do not fixup all VF action entries (git-fixes). - octeontx2-af: Fix a memleak bug in rvu_mbox_init() (git-fixes). - octeontx2-af: cn10k: Do not enable RPM loopback for LPC interfaces (git-fixes). - octeontx2-pf: Forward error codes to VF (git-fixes). - page_alloc: fix invalid watemark check on a negative value (git fixes (mm/pgalloc)). - perf/amd/ibs: Add support for L3 miss filtering (jsc#SLE-24578). - perf/amd/ibs: Advertise zen4_ibs_extensions as pmu capability attribute (jsc#SLE-24578). - perf/amd/ibs: Cascade pmu init functions' return value (jsc#SLE-24578). - perf/amd/ibs: Use ->is_visible callback for dynamic attributes (jsc#SLE-24578). - pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux() (git-fixes). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes). - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes). - posix_cpu_timers: fix race between exit_itimers() and /proc/pid/timers (git-fixes). - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - ppp: ensure minimum packet size in ppp_write() (git-fixes). - qede: validate non LSO skb length (git-fixes). - r8152: fix a WOL issue (git-fixes). - r8169: fix accessing unset transport header (git-fixes). - random: document add_hwgenerator_randomness() with other input functions (git-fixes). - random: fix typo in comments (git-fixes). - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes). - reset: Fix devm bulk optional exclusive control getter (git-fixes). - rocker: fix a sleeping in atomic bug (git-fixes). - rpm/modules.fips: add ecdsa_generic (jsc#SLE-21132,bsc#1201258). - sched/core: Do not requeue task on CPU excluded from cpus_mask (bnc#1199356). - scsi: avoid to quiesce sdev->request_queue two times (bsc#1201651). - scsi: core: sd: Add silence_suspend flag to suppress some PM messages (git-fixes). - scsi: iscsi: Exclude zero from the endpoint ID range (git-fixes). - scsi: lpfc: Fix mailbox command failure during driver initialization (git-fixes). - scsi: make sure that request queue queiesce and unquiesce balanced (bsc#1201651). - scsi: scsi_debug: Do not call kcalloc() if size arg is zero (git-fixes). - scsi: scsi_debug: Fix type in min_t to avoid stack OOB (git-fixes). - scsi: scsi_debug: Fix zone transition to full condition (git-fixes). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: sd: Fix potential NULL pointer dereference (git-fixes). - scsi: sd: Fix sd_do_mode_sense() buffer length handling (git-fixes). - scsi: ufs: Fix a deadlock in the error handler (git-fixes). - scsi: ufs: Fix runtime PM messages never-ending cycle (git-fixes). - scsi: ufs: Remove dead code (git-fixes). - scsi: ufs: core: scsi_get_lba() error fix (git-fixes). - serial: 8250: Fix PM usage_count for console handover (git-fixes). - serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes). - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes). - serial: sc16is7xx: Clear RS485 bits in the shutdown (git-fixes). - serial: stm32: Clear prev values before setting RTS delays (git-fixes). - soc: ixp4xx/npe: Fix unused match warning (git-fixes). - spi: Add Tegra234 QUAD SPI compatible (jsc#SLE-24570) - spi: amd: Limit max transfer and message size (git-fixes). - spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers (git-fixes). - spi: tegra210-quad: add acpi support (jsc#SLE-24570) - spi: tegra210-quad: add new chips to compatible (jsc#SLE-24570) - spi: tegra210-quad: combined sequence mode (jsc#SLE-24570) - spi: tegra210-quad: use device_reset method (jsc#SLE-24570) - spi: tegra210-quad: use devm call for cdata memory (jsc#SLE-24570) - supported.conf: mark marvell octeontx2 crypto driver as supported (jsc#SLE-24682) Mark rvu_cptpf.ko and rvu_cptvf.ko as supported. - supported.conf: rvu_mbox as supported (jsc#SLE-24682) - sysctl: Fix data races in proc_dointvec() (git-fixes). - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes). - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes). - sysctl: Fix data races in proc_douintvec() (git-fixes). - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes). - sysctl: Fix data races in proc_doulongvec_minmax() (git-fixes). - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes). - sysctl: Fix data-races in proc_dou8vec_minmax() (git-fixes). - tee: fix put order in teedev_close_context() (git-fixes). - tty: serial: samsung_tty: set dma burst_size to 1 (git-fixes). - tun: fix bonding active backup with arp monitoring (git-fixes). - usb: dwc3: gadget: Fix event pending check (git-fixes). - usb: serial: ftdi_sio: add Belimo device ids (git-fixes). - usb: typec: add missing uevent when partner support PD (git-fixes). - usbnet: fix memory leak in error case (git-fixes). - veth: Do not record rx queue hint in veth_xmit (git-fixes). - veth: ensure skb entering GRO are not cloned (git-fixes). - video: of_display_timing.h: include errno.h (git-fixes). - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). - virtio_mmio: Restore guest page size on resume (git-fixes). - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (git-fixes). - vt: fix memory overlapping when deleting chars in the buffer (git-fixes). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes). - wifi: mac80211_hwsim: set virtio device ready in probe() (git-fixes). - x86/bugs: Remove apostrophe typo (bsc#1190497). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2803=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-2803=1 - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-2803=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-2803=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2803=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2803=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2803=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.14.21-150400.24.18.1 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.18.1 dlm-kmp-default-5.14.21-150400.24.18.1 dlm-kmp-default-debuginfo-5.14.21-150400.24.18.1 gfs2-kmp-default-5.14.21-150400.24.18.1 gfs2-kmp-default-debuginfo-5.14.21-150400.24.18.1 kernel-default-5.14.21-150400.24.18.1 kernel-default-base-5.14.21-150400.24.18.1.150400.24.5.4 kernel-default-base-rebuild-5.14.21-150400.24.18.1.150400.24.5.4 kernel-default-debuginfo-5.14.21-150400.24.18.1 kernel-default-debugsource-5.14.21-150400.24.18.1 kernel-default-devel-5.14.21-150400.24.18.1 kernel-default-devel-debuginfo-5.14.21-150400.24.18.1 kernel-default-extra-5.14.21-150400.24.18.1 kernel-default-extra-debuginfo-5.14.21-150400.24.18.1 kernel-default-livepatch-5.14.21-150400.24.18.1 kernel-default-livepatch-devel-5.14.21-150400.24.18.1 kernel-default-optional-5.14.21-150400.24.18.1 kernel-default-optional-debuginfo-5.14.21-150400.24.18.1 kernel-obs-build-5.14.21-150400.24.18.1 kernel-obs-build-debugsource-5.14.21-150400.24.18.1 kernel-obs-qa-5.14.21-150400.24.18.1 kernel-syms-5.14.21-150400.24.18.1 kselftests-kmp-default-5.14.21-150400.24.18.1 kselftests-kmp-default-debuginfo-5.14.21-150400.24.18.1 ocfs2-kmp-default-5.14.21-150400.24.18.1 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.18.1 reiserfs-kmp-default-5.14.21-150400.24.18.1 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.18.1 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): kernel-kvmsmall-5.14.21-150400.24.18.1 kernel-kvmsmall-debuginfo-5.14.21-150400.24.18.1 kernel-kvmsmall-debugsource-5.14.21-150400.24.18.1 kernel-kvmsmall-devel-5.14.21-150400.24.18.1 kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.18.1 kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.18.1 - openSUSE Leap 15.4 (ppc64le x86_64): kernel-debug-5.14.21-150400.24.18.1 kernel-debug-debuginfo-5.14.21-150400.24.18.1 kernel-debug-debugsource-5.14.21-150400.24.18.1 kernel-debug-devel-5.14.21-150400.24.18.1 kernel-debug-devel-debuginfo-5.14.21-150400.24.18.1 kernel-debug-livepatch-devel-5.14.21-150400.24.18.1 - openSUSE Leap 15.4 (aarch64): cluster-md-kmp-64kb-5.14.21-150400.24.18.1 cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.18.1 dlm-kmp-64kb-5.14.21-150400.24.18.1 dlm-kmp-64kb-debuginfo-5.14.21-150400.24.18.1 dtb-allwinner-5.14.21-150400.24.18.1 dtb-altera-5.14.21-150400.24.18.1 dtb-amazon-5.14.21-150400.24.18.1 dtb-amd-5.14.21-150400.24.18.1 dtb-amlogic-5.14.21-150400.24.18.1 dtb-apm-5.14.21-150400.24.18.1 dtb-apple-5.14.21-150400.24.18.1 dtb-arm-5.14.21-150400.24.18.1 dtb-broadcom-5.14.21-150400.24.18.1 dtb-cavium-5.14.21-150400.24.18.1 dtb-exynos-5.14.21-150400.24.18.1 dtb-freescale-5.14.21-150400.24.18.1 dtb-hisilicon-5.14.21-150400.24.18.1 dtb-lg-5.14.21-150400.24.18.1 dtb-marvell-5.14.21-150400.24.18.1 dtb-mediatek-5.14.21-150400.24.18.1 dtb-nvidia-5.14.21-150400.24.18.1 dtb-qcom-5.14.21-150400.24.18.1 dtb-renesas-5.14.21-150400.24.18.1 dtb-rockchip-5.14.21-150400.24.18.1 dtb-socionext-5.14.21-150400.24.18.1 dtb-sprd-5.14.21-150400.24.18.1 dtb-xilinx-5.14.21-150400.24.18.1 gfs2-kmp-64kb-5.14.21-150400.24.18.1 gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.18.1 kernel-64kb-5.14.21-150400.24.18.1 kernel-64kb-debuginfo-5.14.21-150400.24.18.1 kernel-64kb-debugsource-5.14.21-150400.24.18.1 kernel-64kb-devel-5.14.21-150400.24.18.1 kernel-64kb-devel-debuginfo-5.14.21-150400.24.18.1 kernel-64kb-extra-5.14.21-150400.24.18.1 kernel-64kb-extra-debuginfo-5.14.21-150400.24.18.1 kernel-64kb-livepatch-devel-5.14.21-150400.24.18.1 kernel-64kb-optional-5.14.21-150400.24.18.1 kernel-64kb-optional-debuginfo-5.14.21-150400.24.18.1 kselftests-kmp-64kb-5.14.21-150400.24.18.1 kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.18.1 ocfs2-kmp-64kb-5.14.21-150400.24.18.1 ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.18.1 reiserfs-kmp-64kb-5.14.21-150400.24.18.1 reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.18.1 - openSUSE Leap 15.4 (noarch): kernel-devel-5.14.21-150400.24.18.1 kernel-docs-5.14.21-150400.24.18.1 kernel-docs-html-5.14.21-150400.24.18.1 kernel-macros-5.14.21-150400.24.18.1 kernel-source-5.14.21-150400.24.18.1 kernel-source-vanilla-5.14.21-150400.24.18.1 - openSUSE Leap 15.4 (s390x): kernel-zfcpdump-5.14.21-150400.24.18.1 kernel-zfcpdump-debuginfo-5.14.21-150400.24.18.1 kernel-zfcpdump-debugsource-5.14.21-150400.24.18.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): kernel-default-debuginfo-5.14.21-150400.24.18.1 kernel-default-debugsource-5.14.21-150400.24.18.1 kernel-default-extra-5.14.21-150400.24.18.1 kernel-default-extra-debuginfo-5.14.21-150400.24.18.1 - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-default-debuginfo-5.14.21-150400.24.18.1 kernel-default-debugsource-5.14.21-150400.24.18.1 kernel-default-livepatch-5.14.21-150400.24.18.1 kernel-default-livepatch-devel-5.14.21-150400.24.18.1 kernel-livepatch-5_14_21-150400_24_18-default-1-150400.9.5.2 kernel-livepatch-5_14_21-150400_24_18-default-debuginfo-1-150400.9.5.2 kernel-livepatch-SLE15-SP4_Update_2-debugsource-1-150400.9.5.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.14.21-150400.24.18.1 kernel-default-debugsource-5.14.21-150400.24.18.1 reiserfs-kmp-default-5.14.21-150400.24.18.1 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.14.21-150400.24.18.1 kernel-obs-build-debugsource-5.14.21-150400.24.18.1 kernel-syms-5.14.21-150400.24.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): kernel-docs-5.14.21-150400.24.18.1 kernel-source-5.14.21-150400.24.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-5.14.21-150400.24.18.1 kernel-default-base-5.14.21-150400.24.18.1.150400.24.5.4 kernel-default-debuginfo-5.14.21-150400.24.18.1 kernel-default-debugsource-5.14.21-150400.24.18.1 kernel-default-devel-5.14.21-150400.24.18.1 kernel-default-devel-debuginfo-5.14.21-150400.24.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64): kernel-64kb-5.14.21-150400.24.18.1 kernel-64kb-debuginfo-5.14.21-150400.24.18.1 kernel-64kb-debugsource-5.14.21-150400.24.18.1 kernel-64kb-devel-5.14.21-150400.24.18.1 kernel-64kb-devel-debuginfo-5.14.21-150400.24.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): kernel-devel-5.14.21-150400.24.18.1 kernel-macros-5.14.21-150400.24.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (s390x): kernel-zfcpdump-5.14.21-150400.24.18.1 kernel-zfcpdump-debuginfo-5.14.21-150400.24.18.1 kernel-zfcpdump-debugsource-5.14.21-150400.24.18.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.14.21-150400.24.18.1 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.18.1 dlm-kmp-default-5.14.21-150400.24.18.1 dlm-kmp-default-debuginfo-5.14.21-150400.24.18.1 gfs2-kmp-default-5.14.21-150400.24.18.1 gfs2-kmp-default-debuginfo-5.14.21-150400.24.18.1 kernel-default-debuginfo-5.14.21-150400.24.18.1 kernel-default-debugsource-5.14.21-150400.24.18.1 ocfs2-kmp-default-5.14.21-150400.24.18.1 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.18.1 References: https://www.suse.com/security/cve/CVE-2021-33655.html https://www.suse.com/security/cve/CVE-2022-21505.html https://www.suse.com/security/cve/CVE-2022-2585.html https://www.suse.com/security/cve/CVE-2022-26373.html https://www.suse.com/security/cve/CVE-2022-29581.html https://bugzilla.suse.com/1190256 https://bugzilla.suse.com/1190497 https://bugzilla.suse.com/1199291 https://bugzilla.suse.com/1199356 https://bugzilla.suse.com/1199665 https://bugzilla.suse.com/1201258 https://bugzilla.suse.com/1201323 https://bugzilla.suse.com/1201391 https://bugzilla.suse.com/1201458 https://bugzilla.suse.com/1201592 https://bugzilla.suse.com/1201593 https://bugzilla.suse.com/1201595 https://bugzilla.suse.com/1201596 https://bugzilla.suse.com/1201635 https://bugzilla.suse.com/1201651 https://bugzilla.suse.com/1201691 https://bugzilla.suse.com/1201705 https://bugzilla.suse.com/1201726 https://bugzilla.suse.com/1201846 https://bugzilla.suse.com/1201930 https://bugzilla.suse.com/1202094

1 0

SUSE-SU-2022:2763-1: moderate: Security update for sssd
by opensuse-security＠opensuse.org 10 Aug '22

10 Aug '22

SUSE Security Update: Security update for sssd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2763-1 Rating: moderate References: #1182058 #1189492 #1190775 #1195552 #1196166 Cross-References: CVE-2021-3621 CVSS scores: CVE-2021-3621 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3621 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommand (bsc#1189492). - Add 'ldap_ignore_unreadable_references' parameter to skip unreadable objects referenced by 'member' attributte (bsc#1190775) - Fix 32-bit libraries package. Libraries were moved from sssd to sssd-common but baselibs.conf was not updated accordingly (bsc#1182058, bsc#1196166) - Remove caches only when performing a package downgrade. The sssd daemon takes care of upgrading the database format when necessary (bsc#1195552) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2763=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2763=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-2.5.2-150400.4.5.14 libipa_hbac0-2.5.2-150400.4.5.14 libipa_hbac0-debuginfo-2.5.2-150400.4.5.14 libnfsidmap-sss-2.5.2-150400.4.5.14 libnfsidmap-sss-debuginfo-2.5.2-150400.4.5.14 libsss_certmap-devel-2.5.2-150400.4.5.14 libsss_certmap0-2.5.2-150400.4.5.14 libsss_certmap0-debuginfo-2.5.2-150400.4.5.14 libsss_idmap-devel-2.5.2-150400.4.5.14 libsss_idmap0-2.5.2-150400.4.5.14 libsss_idmap0-debuginfo-2.5.2-150400.4.5.14 libsss_nss_idmap-devel-2.5.2-150400.4.5.14 libsss_nss_idmap0-2.5.2-150400.4.5.14 libsss_nss_idmap0-debuginfo-2.5.2-150400.4.5.14 libsss_simpleifp-devel-2.5.2-150400.4.5.14 libsss_simpleifp0-2.5.2-150400.4.5.14 libsss_simpleifp0-debuginfo-2.5.2-150400.4.5.14 python3-ipa_hbac-2.5.2-150400.4.5.14 python3-ipa_hbac-debuginfo-2.5.2-150400.4.5.14 python3-sss-murmur-2.5.2-150400.4.5.14 python3-sss-murmur-debuginfo-2.5.2-150400.4.5.14 python3-sss_nss_idmap-2.5.2-150400.4.5.14 python3-sss_nss_idmap-debuginfo-2.5.2-150400.4.5.14 python3-sssd-config-2.5.2-150400.4.5.14 python3-sssd-config-debuginfo-2.5.2-150400.4.5.14 sssd-2.5.2-150400.4.5.14 sssd-ad-2.5.2-150400.4.5.14 sssd-ad-debuginfo-2.5.2-150400.4.5.14 sssd-common-2.5.2-150400.4.5.14 sssd-common-debuginfo-2.5.2-150400.4.5.14 sssd-dbus-2.5.2-150400.4.5.14 sssd-dbus-debuginfo-2.5.2-150400.4.5.14 sssd-debugsource-2.5.2-150400.4.5.14 sssd-ipa-2.5.2-150400.4.5.14 sssd-ipa-debuginfo-2.5.2-150400.4.5.14 sssd-kcm-2.5.2-150400.4.5.14 sssd-kcm-debuginfo-2.5.2-150400.4.5.14 sssd-krb5-2.5.2-150400.4.5.14 sssd-krb5-common-2.5.2-150400.4.5.14 sssd-krb5-common-debuginfo-2.5.2-150400.4.5.14 sssd-krb5-debuginfo-2.5.2-150400.4.5.14 sssd-ldap-2.5.2-150400.4.5.14 sssd-ldap-debuginfo-2.5.2-150400.4.5.14 sssd-proxy-2.5.2-150400.4.5.14 sssd-proxy-debuginfo-2.5.2-150400.4.5.14 sssd-tools-2.5.2-150400.4.5.14 sssd-tools-debuginfo-2.5.2-150400.4.5.14 sssd-winbind-idmap-2.5.2-150400.4.5.14 sssd-winbind-idmap-debuginfo-2.5.2-150400.4.5.14 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-2.5.2-150400.4.5.14 libipa_hbac0-2.5.2-150400.4.5.14 libipa_hbac0-debuginfo-2.5.2-150400.4.5.14 libsss_certmap-devel-2.5.2-150400.4.5.14 libsss_certmap0-2.5.2-150400.4.5.14 libsss_certmap0-debuginfo-2.5.2-150400.4.5.14 libsss_idmap-devel-2.5.2-150400.4.5.14 libsss_idmap0-2.5.2-150400.4.5.14 libsss_idmap0-debuginfo-2.5.2-150400.4.5.14 libsss_nss_idmap-devel-2.5.2-150400.4.5.14 libsss_nss_idmap0-2.5.2-150400.4.5.14 libsss_nss_idmap0-debuginfo-2.5.2-150400.4.5.14 libsss_simpleifp-devel-2.5.2-150400.4.5.14 libsss_simpleifp0-2.5.2-150400.4.5.14 libsss_simpleifp0-debuginfo-2.5.2-150400.4.5.14 python3-sssd-config-2.5.2-150400.4.5.14 python3-sssd-config-debuginfo-2.5.2-150400.4.5.14 sssd-2.5.2-150400.4.5.14 sssd-ad-2.5.2-150400.4.5.14 sssd-ad-debuginfo-2.5.2-150400.4.5.14 sssd-common-2.5.2-150400.4.5.14 sssd-common-debuginfo-2.5.2-150400.4.5.14 sssd-dbus-2.5.2-150400.4.5.14 sssd-dbus-debuginfo-2.5.2-150400.4.5.14 sssd-debugsource-2.5.2-150400.4.5.14 sssd-ipa-2.5.2-150400.4.5.14 sssd-ipa-debuginfo-2.5.2-150400.4.5.14 sssd-kcm-2.5.2-150400.4.5.14 sssd-kcm-debuginfo-2.5.2-150400.4.5.14 sssd-krb5-2.5.2-150400.4.5.14 sssd-krb5-common-2.5.2-150400.4.5.14 sssd-krb5-common-debuginfo-2.5.2-150400.4.5.14 sssd-krb5-debuginfo-2.5.2-150400.4.5.14 sssd-ldap-2.5.2-150400.4.5.14 sssd-ldap-debuginfo-2.5.2-150400.4.5.14 sssd-proxy-2.5.2-150400.4.5.14 sssd-proxy-debuginfo-2.5.2-150400.4.5.14 sssd-tools-2.5.2-150400.4.5.14 sssd-tools-debuginfo-2.5.2-150400.4.5.14 sssd-winbind-idmap-2.5.2-150400.4.5.14 sssd-winbind-idmap-debuginfo-2.5.2-150400.4.5.14 References: https://www.suse.com/security/cve/CVE-2021-3621.html https://bugzilla.suse.com/1182058 https://bugzilla.suse.com/1189492 https://bugzilla.suse.com/1190775 https://bugzilla.suse.com/1195552 https://bugzilla.suse.com/1196166

1 0

SUSE-SU-2022:2748-1: important: Security update for MozillaThunderbird
by opensuse-security＠opensuse.org 10 Aug '22

10 Aug '22

SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2748-1 Rating: important References: #1201758 Cross-References: CVE-2022-36318 CVE-2022-36319 CVSS scores: CVE-2022-36318 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-36319 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 91.12 * changed: Support for Google Talk chat accounts removed * fixed: OpenPGP signatures were broken when "Primary Password" dialog remained open * fixed: Various security fixes - Security fixes (MFSA 2022-31) (bsc#1201758): - CVE-2022-36319: Fixed mouse Position spoofing with CSS transforms (bmo#1737722) - CVE-2022-36318: Fixed directory indexes for bundled resources reflected URL parameters (bmo#1771774) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2748=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2748=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-2748=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2748=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2748=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2748=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-91.12.0-150200.8.79.1 MozillaThunderbird-debuginfo-91.12.0-150200.8.79.1 MozillaThunderbird-debugsource-91.12.0-150200.8.79.1 MozillaThunderbird-translations-common-91.12.0-150200.8.79.1 MozillaThunderbird-translations-other-91.12.0-150200.8.79.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-91.12.0-150200.8.79.1 MozillaThunderbird-debuginfo-91.12.0-150200.8.79.1 MozillaThunderbird-debugsource-91.12.0-150200.8.79.1 MozillaThunderbird-translations-common-91.12.0-150200.8.79.1 MozillaThunderbird-translations-other-91.12.0-150200.8.79.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): MozillaThunderbird-91.12.0-150200.8.79.1 MozillaThunderbird-debuginfo-91.12.0-150200.8.79.1 MozillaThunderbird-debugsource-91.12.0-150200.8.79.1 MozillaThunderbird-translations-common-91.12.0-150200.8.79.1 MozillaThunderbird-translations-other-91.12.0-150200.8.79.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): MozillaThunderbird-91.12.0-150200.8.79.1 MozillaThunderbird-debuginfo-91.12.0-150200.8.79.1 MozillaThunderbird-debugsource-91.12.0-150200.8.79.1 MozillaThunderbird-translations-common-91.12.0-150200.8.79.1 MozillaThunderbird-translations-other-91.12.0-150200.8.79.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): MozillaThunderbird-91.12.0-150200.8.79.1 MozillaThunderbird-debuginfo-91.12.0-150200.8.79.1 MozillaThunderbird-debugsource-91.12.0-150200.8.79.1 MozillaThunderbird-translations-common-91.12.0-150200.8.79.1 MozillaThunderbird-translations-other-91.12.0-150200.8.79.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): MozillaThunderbird-91.12.0-150200.8.79.1 MozillaThunderbird-debuginfo-91.12.0-150200.8.79.1 MozillaThunderbird-debugsource-91.12.0-150200.8.79.1 MozillaThunderbird-translations-common-91.12.0-150200.8.79.1 MozillaThunderbird-translations-other-91.12.0-150200.8.79.1 References: https://www.suse.com/security/cve/CVE-2022-36318.html https://www.suse.com/security/cve/CVE-2022-36319.html https://bugzilla.suse.com/1201758

1 0