openSUSE Security Announce
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
August 2022
- 1 participants
- 110 discussions
SUSE-SU-2022:2754-1: moderate: Security update for libnbd
by opensuse-security@opensuse.org 10 Aug '22
by opensuse-security@opensuse.org 10 Aug '22
10 Aug '22
SUSE Security Update: Security update for libnbd
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2754-1
Rating: moderate
References: #1195636
Cross-References: CVE-2022-0485
CVSS scores:
CVE-2022-0485 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products:
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libnbd fixes the following issues:
- CVE-2022-0485: Fixed a missing error handling that may create corrupted
destination image (bsc#1195636).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2754=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2754=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libnbd-1.12.4-150300.8.12.1
libnbd-debuginfo-1.12.4-150300.8.12.1
libnbd-debugsource-1.12.4-150300.8.12.1
libnbd-devel-1.12.4-150300.8.12.1
libnbd0-1.12.4-150300.8.12.1
libnbd0-debuginfo-1.12.4-150300.8.12.1
nbdfuse-1.12.4-150300.8.12.1
nbdfuse-debuginfo-1.12.4-150300.8.12.1
- openSUSE Leap 15.4 (noarch):
libnbd-bash-completion-1.12.4-150300.8.12.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libnbd-1.12.4-150300.8.12.1
libnbd-debuginfo-1.12.4-150300.8.12.1
libnbd-debugsource-1.12.4-150300.8.12.1
libnbd-devel-1.12.4-150300.8.12.1
libnbd0-1.12.4-150300.8.12.1
libnbd0-debuginfo-1.12.4-150300.8.12.1
nbdfuse-1.12.4-150300.8.12.1
nbdfuse-debuginfo-1.12.4-150300.8.12.1
- openSUSE Leap 15.3 (noarch):
libnbd-bash-completion-1.12.4-150300.8.12.1
References:
https://www.suse.com/security/cve/CVE-2022-0485.html
https://bugzilla.suse.com/1195636
1
0
SUSE-SU-2022:2752-1: moderate: Security update for python-codecov
by opensuse-security@opensuse.org 10 Aug '22
by opensuse-security@opensuse.org 10 Aug '22
10 Aug '22
SUSE Security Update: Security update for python-codecov
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2752-1
Rating: moderate
References: #1201494
Cross-References: CVE-2019-10800
CVSS scores:
CVE-2019-10800 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python-codecov fixes the following issues:
- CVE-2019-10800: Fixed sanitization of gcov arguments before being being
provided to the popen method (bsc#1201494).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2752=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2752=1
Package List:
- openSUSE Leap 15.4 (noarch):
python3-codecov-2.0.15-150100.3.3.1
- openSUSE Leap 15.3 (noarch):
python2-codecov-2.0.15-150100.3.3.1
python3-codecov-2.0.15-150100.3.3.1
References:
https://www.suse.com/security/cve/CVE-2019-10800.html
https://bugzilla.suse.com/1201494
1
0
SUSE-SU-2022:2741-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 10 Aug '22
by opensuse-security@opensuse.org 10 Aug '22
10 Aug '22
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2741-1
Rating: important
References: #1178134 #1198829 #1199364 #1199647 #1199665
#1199670 #1200521 #1200598 #1200644 #1200651
#1200762 #1200910 #1201196 #1201206 #1201251
#1201381 #1201429 #1201458 #1201635 #1201636
#1201644 #1201664 #1201672 #1201673 #1201676
#1201846 #1201930 #1201940 #1201954 #1201956
#1201958 SLE-24559
Cross-References: CVE-2020-36557 CVE-2020-36558 CVE-2021-33655
CVE-2021-33656 CVE-2022-1116 CVE-2022-1462
CVE-2022-20166 CVE-2022-21505 CVE-2022-2318
CVE-2022-26365 CVE-2022-29581 CVE-2022-32250
CVE-2022-33740 CVE-2022-33741 CVE-2022-33742
CVE-2022-36946
CVSS scores:
CVE-2020-36557 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-36557 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-36558 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-36558 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33655 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33656 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33656 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
CVE-2022-1116 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1116 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1462 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-1462 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-20166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20166 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-21505 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2318 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-26365 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-32250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-32250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-33740 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2022-33741 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2022-33742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Public Cloud 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves 16 vulnerabilities, contains one
feature and has 15 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security bugfixes.
The following security bugs were fixed:
- CVE-2022-36946: Fixed an incorrect packet trucation operation which
could lead to denial of service (bnc#1201940).
- CVE-2022-29581: Fixed improper update of reference count in net/sched
that could cause root privilege escalation (bnc#1199665).
- CVE-2022-20166: Fixed several possible memory safety issues due to
unsafe operations (bsc#1200598).
- CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could
lead to a NULL pointer dereference and general protection fault
(bnc#1200910).
- CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl
and closing/opening of TTYs that could lead to a use-after-free
(bnc#1201429).
- CVE-2021-33655: Fixed an out of bounds write by ioctl cmd
FBIOPUT_VSCREENINFO (bnc#1201635).
- CVE-2021-33656: Fixed an out of bounds write related to ioctl cmd
PIO_FONT (bnc#1201636).
- CVE-2022-21505: Fixed a kernel lockdown bypass via IMA policy
(bsc#1201458).
- CVE-2022-1462: Fixed an out-of-bounds read flaw in the TTY subsystem
(bnc#1198829).
- CVE-2022-1116: Fixed an integer overflow vulnerability in io_uring which
allowed a local attacker to escalate privileges to root (bnc#1199647).-
CVE-2022-2318: Fixed a use-after-free vulnerability in the timer handler
in Rose subsystem that allowed unprivileged attackers to crash the
system (bsc#1201251).
- CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed
multiple potential data leaks with Block and Network devices when using
untrusted backends (bsc#1200762).
The following non-security bugs were fixed:
- Fixed a system crash related to the recent RETBLEED mitigation
(bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676).
- qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651
bsc#1200644 bsc#1201954 bsc#1201958).
- kvm: emulate: do not adjust size of fastop and setcc subroutines
(bsc#1201930).
- bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature
(bsc#1199364).
- bpf: enable BPF type format (BTF) (jsc#SLE-24559).
- nfs: avoid NULL pointer dereference when there is unflushed data
(bsc#1201196).
- hv_netvsc: Add (more) validation for untrusted Hyper-V values
(bsc#1199364).
- hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).
- hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
- hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer
(bsc#1199364).
- hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364).
- kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
- lkdtm: Disable return thunks in rodata.c (bsc#1178134).
- net, xdp: Introduce __xdp_build_skb_from_frame utility routine
(bsc#1199364).
- net, xdp: Introduce xdp_build_skb_from_frame utility routine
(bsc#1199364).
- nvme: consider also host_iface when checking ip options (bsc#1199670).
- powerpc/mobility: wait for memory transfer to complete (bsc#1201846
ltc#198761).
- powerpc/pseries/mobility: set NMI watchdog factor during an LPM
(bsc#1201846 ltc#198761).
- powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846
ltc#198761).
- scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).
- scsi: lpfc: Fix attempted FA-PWWN usage after feature disable
(bsc#1201956).
- scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test
(bsc#1201956 bsc#1200521).
- scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE
(bsc#1201956).
- scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb()
(bsc#1201956).
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed
user input (bsc#1201956).
- scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into
lpfc_sli_prep_abort_xri() (bsc#1201956).
- scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
- scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after
VMID (bsc#1201956).
- scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration
(bsc#1201956).
- scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb
(bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()
(bsc#1201958).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
- scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).
- scsi: qla2xxx: Fix response queue handler reading stale packets
(bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
- scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).
- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
- watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761).
- x86/bugs: Remove apostrophe typo (bsc#1178134).
- x86/entry: Remove skip_r11rcx (bsc#1201644).
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
(bsc#1201381).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2741=1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2741=1
Package List:
- openSUSE Leap 15.3 (noarch):
kernel-devel-azure-5.3.18-150300.38.75.1
kernel-source-azure-5.3.18-150300.38.75.1
- openSUSE Leap 15.3 (x86_64):
cluster-md-kmp-azure-5.3.18-150300.38.75.1
cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.75.1
dlm-kmp-azure-5.3.18-150300.38.75.1
dlm-kmp-azure-debuginfo-5.3.18-150300.38.75.1
gfs2-kmp-azure-5.3.18-150300.38.75.1
gfs2-kmp-azure-debuginfo-5.3.18-150300.38.75.1
kernel-azure-5.3.18-150300.38.75.1
kernel-azure-debuginfo-5.3.18-150300.38.75.1
kernel-azure-debugsource-5.3.18-150300.38.75.1
kernel-azure-devel-5.3.18-150300.38.75.1
kernel-azure-devel-debuginfo-5.3.18-150300.38.75.1
kernel-azure-extra-5.3.18-150300.38.75.1
kernel-azure-extra-debuginfo-5.3.18-150300.38.75.1
kernel-azure-livepatch-devel-5.3.18-150300.38.75.1
kernel-azure-optional-5.3.18-150300.38.75.1
kernel-azure-optional-debuginfo-5.3.18-150300.38.75.1
kernel-syms-azure-5.3.18-150300.38.75.1
kselftests-kmp-azure-5.3.18-150300.38.75.1
kselftests-kmp-azure-debuginfo-5.3.18-150300.38.75.1
ocfs2-kmp-azure-5.3.18-150300.38.75.1
ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.75.1
reiserfs-kmp-azure-5.3.18-150300.38.75.1
reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.75.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64):
kernel-azure-5.3.18-150300.38.75.1
kernel-azure-debuginfo-5.3.18-150300.38.75.1
kernel-azure-debugsource-5.3.18-150300.38.75.1
kernel-azure-devel-5.3.18-150300.38.75.1
kernel-azure-devel-debuginfo-5.3.18-150300.38.75.1
kernel-syms-azure-5.3.18-150300.38.75.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch):
kernel-devel-azure-5.3.18-150300.38.75.1
kernel-source-azure-5.3.18-150300.38.75.1
References:
https://www.suse.com/security/cve/CVE-2020-36557.html
https://www.suse.com/security/cve/CVE-2020-36558.html
https://www.suse.com/security/cve/CVE-2021-33655.html
https://www.suse.com/security/cve/CVE-2021-33656.html
https://www.suse.com/security/cve/CVE-2022-1116.html
https://www.suse.com/security/cve/CVE-2022-1462.html
https://www.suse.com/security/cve/CVE-2022-20166.html
https://www.suse.com/security/cve/CVE-2022-21505.html
https://www.suse.com/security/cve/CVE-2022-2318.html
https://www.suse.com/security/cve/CVE-2022-26365.html
https://www.suse.com/security/cve/CVE-2022-29581.html
https://www.suse.com/security/cve/CVE-2022-32250.html
https://www.suse.com/security/cve/CVE-2022-33740.html
https://www.suse.com/security/cve/CVE-2022-33741.html
https://www.suse.com/security/cve/CVE-2022-33742.html
https://www.suse.com/security/cve/CVE-2022-36946.html
https://bugzilla.suse.com/1178134
https://bugzilla.suse.com/1198829
https://bugzilla.suse.com/1199364
https://bugzilla.suse.com/1199647
https://bugzilla.suse.com/1199665
https://bugzilla.suse.com/1199670
https://bugzilla.suse.com/1200521
https://bugzilla.suse.com/1200598
https://bugzilla.suse.com/1200644
https://bugzilla.suse.com/1200651
https://bugzilla.suse.com/1200762
https://bugzilla.suse.com/1200910
https://bugzilla.suse.com/1201196
https://bugzilla.suse.com/1201206
https://bugzilla.suse.com/1201251
https://bugzilla.suse.com/1201381
https://bugzilla.suse.com/1201429
https://bugzilla.suse.com/1201458
https://bugzilla.suse.com/1201635
https://bugzilla.suse.com/1201636
https://bugzilla.suse.com/1201644
https://bugzilla.suse.com/1201664
https://bugzilla.suse.com/1201672
https://bugzilla.suse.com/1201673
https://bugzilla.suse.com/1201676
https://bugzilla.suse.com/1201846
https://bugzilla.suse.com/1201930
https://bugzilla.suse.com/1201940
https://bugzilla.suse.com/1201954
https://bugzilla.suse.com/1201956
https://bugzilla.suse.com/1201958
1
0
SUSE-SU-2022:2717-1: moderate: Security update for ncurses
by opensuse-security@opensuse.org 09 Aug '22
by opensuse-security@opensuse.org 09 Aug '22
09 Aug '22
SUSE Security Update: Security update for ncurses
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2717-1
Rating: moderate
References: #1198627
Cross-References: CVE-2022-29458
CVSS scores:
CVE-2022-29458 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CVE-2022-29458 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Module for Legacy Software 15-SP3
SUSE Linux Enterprise Module for Legacy Software 15-SP4
SUSE Linux Enterprise Server
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings
in tinfo/read_entry.c (bsc#1198627).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2717=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2717=1
- SUSE Linux Enterprise Module for Legacy Software 15-SP4:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-2717=1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2717=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2717=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2717=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2717=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2717=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2717=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2717=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libncurses5-6.1-150000.5.12.1
libncurses5-debuginfo-6.1-150000.5.12.1
libncurses6-6.1-150000.5.12.1
libncurses6-debuginfo-6.1-150000.5.12.1
ncurses-debugsource-6.1-150000.5.12.1
ncurses-devel-6.1-150000.5.12.1
ncurses-devel-debuginfo-6.1-150000.5.12.1
ncurses-utils-6.1-150000.5.12.1
ncurses-utils-debuginfo-6.1-150000.5.12.1
ncurses5-devel-6.1-150000.5.12.1
tack-6.1-150000.5.12.1
tack-debuginfo-6.1-150000.5.12.1
terminfo-6.1-150000.5.12.1
terminfo-base-6.1-150000.5.12.1
terminfo-iterm-6.1-150000.5.12.1
terminfo-screen-6.1-150000.5.12.1
- openSUSE Leap 15.4 (x86_64):
libncurses5-32bit-6.1-150000.5.12.1
libncurses5-32bit-debuginfo-6.1-150000.5.12.1
libncurses6-32bit-6.1-150000.5.12.1
libncurses6-32bit-debuginfo-6.1-150000.5.12.1
ncurses-devel-32bit-6.1-150000.5.12.1
ncurses-devel-32bit-debuginfo-6.1-150000.5.12.1
ncurses5-devel-32bit-6.1-150000.5.12.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libncurses5-6.1-150000.5.12.1
libncurses5-debuginfo-6.1-150000.5.12.1
libncurses6-6.1-150000.5.12.1
libncurses6-debuginfo-6.1-150000.5.12.1
ncurses-debugsource-6.1-150000.5.12.1
ncurses-devel-6.1-150000.5.12.1
ncurses-devel-debuginfo-6.1-150000.5.12.1
ncurses-utils-6.1-150000.5.12.1
ncurses-utils-debuginfo-6.1-150000.5.12.1
ncurses5-devel-6.1-150000.5.12.1
tack-6.1-150000.5.12.1
tack-debuginfo-6.1-150000.5.12.1
terminfo-6.1-150000.5.12.1
terminfo-base-6.1-150000.5.12.1
terminfo-iterm-6.1-150000.5.12.1
terminfo-screen-6.1-150000.5.12.1
- openSUSE Leap 15.3 (x86_64):
libncurses5-32bit-6.1-150000.5.12.1
libncurses5-32bit-debuginfo-6.1-150000.5.12.1
libncurses6-32bit-6.1-150000.5.12.1
libncurses6-32bit-debuginfo-6.1-150000.5.12.1
ncurses-devel-32bit-6.1-150000.5.12.1
ncurses-devel-32bit-debuginfo-6.1-150000.5.12.1
ncurses5-devel-32bit-6.1-150000.5.12.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64):
libncurses5-6.1-150000.5.12.1
libncurses5-debuginfo-6.1-150000.5.12.1
ncurses-debugsource-6.1-150000.5.12.1
ncurses5-devel-6.1-150000.5.12.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP4 (x86_64):
libncurses5-32bit-6.1-150000.5.12.1
libncurses5-32bit-debuginfo-6.1-150000.5.12.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64):
libncurses5-6.1-150000.5.12.1
libncurses5-debuginfo-6.1-150000.5.12.1
ncurses-debugsource-6.1-150000.5.12.1
ncurses5-devel-6.1-150000.5.12.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3 (x86_64):
libncurses5-32bit-6.1-150000.5.12.1
libncurses5-32bit-debuginfo-6.1-150000.5.12.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64):
ncurses-debugsource-6.1-150000.5.12.1
ncurses-devel-32bit-6.1-150000.5.12.1
ncurses-devel-32bit-debuginfo-6.1-150000.5.12.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64):
ncurses-debugsource-6.1-150000.5.12.1
ncurses-devel-32bit-6.1-150000.5.12.1
ncurses-devel-32bit-debuginfo-6.1-150000.5.12.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libncurses6-6.1-150000.5.12.1
libncurses6-debuginfo-6.1-150000.5.12.1
ncurses-debugsource-6.1-150000.5.12.1
ncurses-devel-6.1-150000.5.12.1
ncurses-devel-debuginfo-6.1-150000.5.12.1
ncurses-utils-6.1-150000.5.12.1
ncurses-utils-debuginfo-6.1-150000.5.12.1
tack-6.1-150000.5.12.1
tack-debuginfo-6.1-150000.5.12.1
terminfo-6.1-150000.5.12.1
terminfo-base-6.1-150000.5.12.1
terminfo-iterm-6.1-150000.5.12.1
terminfo-screen-6.1-150000.5.12.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
libncurses6-32bit-6.1-150000.5.12.1
libncurses6-32bit-debuginfo-6.1-150000.5.12.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libncurses6-6.1-150000.5.12.1
libncurses6-debuginfo-6.1-150000.5.12.1
ncurses-debugsource-6.1-150000.5.12.1
ncurses-devel-6.1-150000.5.12.1
ncurses-devel-debuginfo-6.1-150000.5.12.1
ncurses-utils-6.1-150000.5.12.1
ncurses-utils-debuginfo-6.1-150000.5.12.1
tack-6.1-150000.5.12.1
tack-debuginfo-6.1-150000.5.12.1
terminfo-6.1-150000.5.12.1
terminfo-base-6.1-150000.5.12.1
terminfo-iterm-6.1-150000.5.12.1
terminfo-screen-6.1-150000.5.12.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
libncurses6-32bit-6.1-150000.5.12.1
libncurses6-32bit-debuginfo-6.1-150000.5.12.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
libncurses6-6.1-150000.5.12.1
libncurses6-debuginfo-6.1-150000.5.12.1
ncurses-debugsource-6.1-150000.5.12.1
ncurses-utils-6.1-150000.5.12.1
ncurses-utils-debuginfo-6.1-150000.5.12.1
terminfo-6.1-150000.5.12.1
terminfo-base-6.1-150000.5.12.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
libncurses6-6.1-150000.5.12.1
libncurses6-debuginfo-6.1-150000.5.12.1
ncurses-debugsource-6.1-150000.5.12.1
ncurses-utils-6.1-150000.5.12.1
ncurses-utils-debuginfo-6.1-150000.5.12.1
terminfo-6.1-150000.5.12.1
terminfo-base-6.1-150000.5.12.1
References:
https://www.suse.com/security/cve/CVE-2022-29458.html
https://bugzilla.suse.com/1198627
1
0
SUSE-SU-2022:2722-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 09 Aug '22
by opensuse-security@opensuse.org 09 Aug '22
09 Aug '22
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2722-1
Rating: important
References: #1190256 #1190497 #1198410 #1198829 #1199086
#1199291 #1199364 #1199665 #1199670 #1200015
#1200465 #1200494 #1200644 #1200651 #1201258
#1201323 #1201381 #1201391 #1201427 #1201458
#1201471 #1201524 #1201592 #1201593 #1201595
#1201596 #1201635 #1201651 #1201675 #1201691
#1201705 #1201725 #1201846 #1201930 #1201954
#1201958 SLE-18130 SLE-20183 SLE-21132 SLE-24569
SLE-24570 SLE-24571 SLE-24578 SLE-24635 SLE-24682
Cross-References: CVE-2021-33655 CVE-2022-1462 CVE-2022-21505
CVE-2022-29581 CVE-2022-32250
CVSS scores:
CVE-2021-33655 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1462 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-1462 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-21505 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-32250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-32250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Public Cloud 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 5 vulnerabilities, contains 9
features and has 31 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO
(bnc#1201635).
- CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe
subsystem (bnc#1198829).
- CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy
(bsc#1201458).
- CVE-2022-29581: Fixed improper update of Reference Count in net/sched
that could cause root privilege escalation (bnc#1199665).
- CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem.
This flaw allowed a local attacker with user access to cause a privilege
escalation issue (bnc#1200015, bnc#1200494).
The following non-security bugs were fixed:
- 9p: Fix refcounting during full path walks for fid lookups (git-fixes).
- 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (git-fixes).
- 9p: fix fid refcount leak in v9fs_vfs_get_link (git-fixes).
- ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (git-fixes).
- ACPI: video: Fix acpi_video_handles_brightness_key_presses() (git-fixes).
- ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).
- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model
(git-fixes).
- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
(git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221
(git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
(git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes).
- ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes).
- ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0) (git-fixes).
- ALSA: usb-audio: Add quirk for Fiero SC-01 (git-fixes).
- ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices
(git-fixes).
- ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (git-fixes).
- ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of
idle (git-fixes).
- ARM: 9210/1: Mark the FDT_FIXED sections as shareable (git-fixes).
- ARM: 9213/1: Print message about disabled Spectre workarounds only once
(git-fixes).
- ARM: 9214/1: alignment: advance IT state after emulating Thumb
instruction (git-fixes).
- ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow (git-fixes).
- ARM: dts: at91: sama5d2: Fix typo in i2s1 node (git-fixes).
- ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (git-fixes).
- ARM: dts: stm32: use the correct clock source for CEC on stm32mp151
(git-fixes).
- ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (git-fixes).
- ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array
(git-fixes).
- ASoC: Intel: Skylake: Correct the ssp rate discovery in
skl_get_ssp_clks() (git-fixes).
- ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem
(git-fixes).
- ASoC: Intel: sof_sdw: handle errors on card registration (git-fixes).
- ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove
(git-fixes).
- ASoC: Remove unused hw_write_t type (git-fixes).
- ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow (git-fixes).
- ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe
(git-fixes).
- ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in
.set_jack_detect (git-fixes).
- ASoC: cs47l15: Fix event generation for low power mux control
(git-fixes).
- ASoC: dapm: Initialise kcontrol data for mux/demux controls (git-fixes).
- ASoC: madera: Fix event generation for OUT1 demux (git-fixes).
- ASoC: madera: Fix event generation for rate controls (git-fixes).
- ASoC: ops: Fix off by one in range control validation (git-fixes).
- ASoC: rt5682: Avoid the unexpected IRQ event during going to suspend
(git-fixes).
- ASoC: rt5682: Fix deadlock on resume (git-fixes).
- ASoC: rt5682: Re-detect the combo jack after resuming (git-fixes).
- ASoC: rt5682: fix an incorrect NULL check on list iterator (git-fixes).
- ASoC: rt5682: move clk related code to rt5682_i2c_probe (git-fixes).
- ASoC: rt7*-sdw: harden jack_detect_handler (git-fixes).
- ASoC: rt711-sdca-sdw: fix calibrate mutex initialization (git-fixes).
- ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver
(git-fixes).
- ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error
(git-fixes).
- ASoC: rt711: Add endianness flag in snd_soc_component_driver (git-fixes).
- ASoC: rt711: fix calibrate mutex initialization (git-fixes).
- ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).
- ASoC: tas2764: Add post reset delays (git-fixes).
- ASoC: tas2764: Correct playback volume range (git-fixes).
- ASoC: tas2764: Fix amp gain register offset & default (git-fixes).
- ASoC: tas2764: Fix and extend FSYNC polarity handling (git-fixes).
- ASoC: wcd938x: Fix event generation for some controls (git-fixes).
- ASoC: wm5110: Fix DRE control (git-fixes).
- Bluetooth: Add bt_skb_sendmmsg helper (git-fixes).
- Bluetooth: Add bt_skb_sendmsg helper (git-fixes).
- Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (git-fixes).
- Bluetooth: Fix passing NULL to PTR_ERR (git-fixes).
- Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg
(git-fixes).
- Bluetooth: SCO: Fix sco_send_frame returning skb->len (git-fixes).
- Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg
(git-fixes).
- Bluetooth: btusb: Add the new support IDs for WCN6855 (git-fixxes).
- Documentation: add description for net.core.gro_normal_batch (git-fixes).
- Documentation: add description for net.sctp.ecn_enable (git-fixes).
- Documentation: add description for net.sctp.intl_enable (git-fixes).
- Documentation: add description for net.sctp.reconf_enable (git-fixes).
- Documentation: fix udp_wmem_min in ip-sysctl.rst (git-fixes).
- Documentation: move watch_queue to core-api (git-fixes).
- Input: cpcap-pwrbutton - handle errors from platform_get_irq()
(git-fixes).
- Input: i8042 - Apply probe defer to more ASUS ZenBook models
(bsc#1190256).
- KVM: emulate: do not adjust size of fastop and setcc subroutines
(bsc#1201930).
- KVM: selftests: Make sure kvm_create_max_vcpus test won't hit
RLIMIT_NOFILE (git-fixes).
- KVM: selftests: Silence compiler warning in the kvm_page_table_test
(git-fixes).
- NFC: nxp-nci: do not print header length mismatch on i2c error
(git-fixes).
- VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).
- VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291,
jsc#SLE-24635).
- VMCI: Fix some error handling paths in vmci_guest_probe_device()
(bsc#1199291, jsc#SLE-24635).
- VMCI: Release notification_bitmap in error path (bsc#1199291,
jsc#SLE-24635).
- VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291,
jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291,
jsc#SLE-24635).
- VMCI: dma dg: allocate send and receive buffers for DMA datagrams
(bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: detect DMA datagram capability (bsc#1199291,
jsc#SLE-24635).
- VMCI: dma dg: register dummy IRQ handlers for DMA datagrams
(bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: whitespace formatting change for vmci register defines
(bsc#1199291, jsc#SLE-24635).
- XArray: Update the LRU list in xas_split() (git-fixes).
- arm64: Add HWCAP for self-synchronising virtual counter (git-fixes)
- arm64: Add cavium_erratum_23154_cpus missing sentinel (jsc#SLE-24682).
- arm64: cpufeature: add HWCAP for FEAT_AFP (git-fixes)
- arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot (git-fixes).
- arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes)
- arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC
(git-fixes).
- arm64: dts: rockchip: Assign RK3399 VDU clock rate (git-fixes).
- arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA
transfer (git-fixes)
- arm_pmu: Validate single/group leader events (git-fixes).
- asm-generic: remove a broken and needless ifdef conditional (git-fixes).
- batman-adv: Use netif_rx() (git-fixes).
- bcmgenet: add WOL IRQ check (git-fixes).
- be2net: Fix buffer overflow in be_get_module_eeprom (bsc#1201323).
- bitfield.h: Fix "type of reg too small for mask" test (git-fixes).
- blk-mq: add one API for waiting until quiesce is done (bsc#1201651).
- blk-mq: fix kabi support concurrent queue quiesce unquiesce
(bsc#1201651).
- blk-mq: support concurrent queue quiesce/unquiesce (bsc#1201651).
- can: bcm: use call_rcu() instead of costly synchronize_rcu() (git-fixes).
- can: grcan: grcan_probe(): remove extra of_node_get() (git-fixes).
- can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).
- can: m_can: m_can_chip_config(): actually enable internal timestamping
(git-fixes).
- can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling
for mcp2517fd (git-fixes).
- can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken
CRC on TBC register (git-fixes).
- can: rcar_canfd: add __maybe_unused annotation to silence warning
(git-fixes).
- ceph: fix up non-directory creation in SGID directories (bsc#1201595).
- cifs: fix reconnect on smb3 mount types (bsc#1201427).
- configfs: fix a race in configfs_{,un}register_subsystem() (git-fixes).
- cpufreq: mediatek: Unregister platform device on exit (git-fixes).
- cpufreq: mediatek: Use module_init and add module_exit (git-fixes).
- cpufreq: pmac32-cpufreq: Fix refcount leak bug (git-fixes).
- cpuidle: PSCI: Move the `has_lpi` check to the beginning of the
(git-fixes)
- crypto: hisilicon/qm - modify the uacce mode check (bsc#1201391).
- crypto: octeontx2 - Avoid stack variable overflow (jsc#SLE-24682).
- crypto: octeontx2 - CN10K CPT to RNM workaround (jsc#SLE-24682).
- crypto: octeontx2 - Use swap() instead of swap_engines() (jsc#SLE-24682).
- crypto: octeontx2 - add apis for custom engine groups (jsc#SLE-24682).
- crypto: octeontx2 - add synchronization between mailbox accesses
(jsc#SLE-24682).
- crypto: octeontx2 - fix missing unlock (jsc#SLE-24682).
- crypto: octeontx2 - increase CPT HW instruction queue length
(jsc#SLE-24682).
- crypto: octeontx2 - out of bounds access in
otx2_cpt_dl_custom_egrp_delete() (jsc#SLE-24682).
- crypto: octeontx2 - parameters for custom engine groups (jsc#SLE-24682).
- crypto: octeontx2 - select CONFIG_NET_DEVLINK (jsc#SLE-24682).
- crypto: octeontx2 - use swap() to make code cleaner (jsc#SLE-24682).
- crypto: qat - fix memory leak in RSA (git-fixes).
- crypto: qat - remove dma_free_coherent() for DH (git-fixes).
- crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
- crypto: qat - set CIPHER capability for DH895XCC (git-fixes).
- crypto: qat - set to zero DH parameters before free (git-fixes).
- crypto: testmgr - allow ecdsa-nist in FIPS mode
(jsc#SLE-21132,bsc#1201258).
- device property: Add fwnode_irq_get_byname (jsc#SLE-24569)
- device property: Check fwnode->secondary when finding properties
(git-fixes).
- dm: do not stop request queue after the dm device is suspended
(bsc#1201651).
- dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
(git-fixes).
- dma-debug: make things less spammy under memory pressure (git-fixes).
- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly
(git-fixes).
- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).
- dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
(git-fixes).
- dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes).
- dmaengine: qcom: bam_dma: fix runtime PM underflow (git-fixes).
- dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate
(git-fixes).
- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
(git-fixes).
- docs: firmware-guide: ACPI: Add named interrupt doc (jsc#SLE-24569)
- docs: net: dsa: add more info about the other arguments to
get_tag_protocol (git-fixes).
- docs: net: dsa: delete port_mdb_dump (git-fixes).
- docs: net: dsa: document change_tag_protocol (git-fixes).
- docs: net: dsa: document port_fast_age (git-fixes).
- docs: net: dsa: document port_setup and port_teardown (git-fixes).
- docs: net: dsa: document the shutdown behavior (git-fixes).
- docs: net: dsa: document the teardown method (git-fixes).
- docs: net: dsa: re-explain what port_fdb_dump actually does (git-fixes).
- docs: net: dsa: remove port_vlan_dump (git-fixes).
- docs: net: dsa: rename tag_protocol to get_tag_protocol (git-fixes).
- docs: net: dsa: update probing documentation (git-fixes).
- dpaa2-eth: Initialize mutex used in one step timestamping path
(git-fixes).
- dpaa2-eth: destroy workqueue at the end of remove function (git-fixes).
- dpaa2-eth: unregister the netdev before disconnecting from the PHY
(git-fixes).
- drbd: fix potential silent data corruption (git-fixes).
- drivers: net: smc911x: Check for error irq (git-fixes).
- drm/amd/display: Fix by adding FPU protection for
dcn30_internal_validate_bw (git-fixes).
- drm/amd/display: Ignore First MST Sideband Message Return Error
(git-fixes).
- drm/amd/display: Only use depth 36 bpp linebuffers on DCN display
engines (git-fixes).
- drm/amd/display: Set min dcfclk if pipe count is 0 (git-fixes).
- drm/amd/vcn: fix an error msg on vcn 3.0 (git-fixes).
- drm/amdgpu: To flush tlb for MMHUB of RAVEN series (git-fixes).
- drm/i915/dg2: Add Wa_22011100796 (git-fixes).
- drm/i915/gt: Serialize GRDOM access between multiple engine resets
(git-fixes).
- drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes).
- drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist()
(git-fixes).
- drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes).
- drm/i915/uc: correctly track uc_fw init failure (git-fixes).
- drm/i915: Fix a race between vma / object destruction and unbinding
(git-fixes).
- drm/i915: Require the vm mutex for i915_vma_bind() (git-fixes).
- drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()
(git-fixes).
- drm/imx/dcss: Add missing of_node_put() in fail path (git-fixes).
- drm/mediatek: Detect CMDQ execution timeout (git-fixes).
- drm/mediatek: Remove the pointer of struct cmdq_client (git-fixes).
- drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb
(git-fixes).
- drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes).
- drm/panfrost: Put mapping instead of shmem obj on
panfrost_mmu_map_fault_addr() error (git-fixes).
- drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (git-fixes).
- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (git-fixes).
- dt-bindings: gpio: Add Tegra241 support (jsc#SLE-24571)
- dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC
(git-fixes).
- dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible
(git-fixes).
- e1000e: Enable GPT clock before sending message to CSME (git-fixes).
- efi/x86: use naked RET on mixed mode call wrapper (git-fixes).
- erofs: fix deadlock when shrink erofs slab (git-fixes).
- ethernet: Fix error handling in xemaclite_of_probe (git-fixes).
- ethtool: Fix get module eeprom fallback (bsc#1201323).
- exfat: Define NLS_NAME_* as bit flags explicitly (bsc#1201725).
- exfat: Downgrade ENAMETOOLONG error message to debug messages
(bsc#1201725).
- exfat: Drop superfluous new line for error messages (bsc#1201725).
- exfat: Expand exfat_err() and co directly to pr_*() macro (bsc#1201725).
- exfat: Return ENAMETOOLONG consistently for oversized paths
(bsc#1201725).
- exfat: fix i_blocks for files truncated over 4 GiB (git-fixes).
- exfat: fix referencing wrong parent directory information after renaming
(git-fixes).
- exfat: reuse exfat_inode_info variable instead of calling EXFAT_I()
(git-fixes).
- exfat: use updated exfat_chain directly during renaming (git-fixes).
- export: fix string handling of namespace in EXPORT_SYMBOL_NS (git-fixes).
- fat: add ratelimit to fat*_ent_bread() (git-fixes).
- fbcon: Disallow setting font bigger than screen size (git-fixes).
- fbcon: Prevent that screen size is smaller than font size (git-fixes).
- fbdev: fbmem: Fix logo center image dx issue (git-fixes).
- fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).
- fix race between exit_itimers() and /proc/pid/timers (git-fixes).
- fjes: Check for error irq (git-fixes).
- fsl/fman: Check for null pointer after calling devm_ioremap (git-fixes).
- fsl/fman: Fix missing put_device() call in fman_port_probe (git-fixes).
- fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201593).
- fuse: make sure reclaim does not write the inode (bsc#1201592).
- gpio: gpio-xilinx: Fix integer overflow (git-fixes).
- gpio: pca953x: only use single read/write for No AI mode (git-fixes).
- gpio: pca953x: use the correct range when do regmap sync (git-fixes).
- gpio: pca953x: use the correct register address when regcache sync
during init (git-fixes).
- gpio: tegra186: Add IRQ per bank for Tegra241 (jsc#SLE-24571)
- gpio: tegra186: Add support for Tegra241 (jsc#SLE-24571)
- gve: Recording rx queue before sending to napi (git-fixes).
- hwmon: (occ) Prevent power cap command overwriting poll response
(git-fixes).
- hwmon: (occ) Remove sequence numbering and checksum calculation
(git-fixes).
- hwrng: cavium - fix NULL but dereferenced coccicheck error
(jsc#SLE-24682).
- i2c: cadence: Change large transfer count reset logic to be
unconditional (git-fixes).
- i2c: cadence: Unregister the clk notifier in error path (git-fixes).
- i2c: mlxcpld: Fix register setting for 400KHz frequency (git-fixes).
- i2c: piix4: Fix a memory leak in the EFCH MMIO support (git-fixes).
- i2c: smbus: Check for parent device before dereference (git-fixes).
- i2c: smbus: Use device_*() functions instead of of_*() (jsc#SLE-24569)
- i2c: tegra: Add SMBus block read function (jsc#SLE-24569)
- i2c: tegra: Add the ACPI support (jsc#SLE-24569)
- i2c: tegra: use i2c_timings for bus clock freq (jsc#SLE-24569)
- ice: Avoid RTNL lock when re-creating auxiliary device (git-fixes).
- ice: Fix error with handling of bonding MTU (git-fixes).
- ice: Fix race condition during interface enslave (git-fixes).
- ice: stop disabling VFs due to PF error responses (git-fixes).
- ida: do not use BUG_ON() for debugging (git-fixes).
- ima: Fix a potential integer overflow in ima_appraise_measurement
(git-fixes).
- ima: Fix potential memory leak in ima_init_crypto() (git-fixes).
- ima: force signature verification when CONFIG_KEXEC_SIG is configured
(git-fixes).
- inet_diag: fix kernel-infoleak for UDP sockets (git-fixes).
- iov_iter: Fix iter_xarray_get_pages{,_alloc}() (git-fixes).
- iov_iter: fix build issue due to possible type mis-match (git-fixes).
- irqchip/gic-v3: Workaround Marvell erratum 38545 when reading IAR
(jsc#SLE-24682).
- irqchip/sifive-plic: Add missing thead,c900-plic match string
(git-fixes).
- irqchip: or1k-pic: Undefine mask_ack for level triggered hardware
(git-fixes).
- ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes).
- kABI workaround for phy_device changes (git-fixes).
- kABI workaround for rtsx_usb (git-fixes).
- kABI workaround for snd-soc-rt5682-* (git-fixes).
- kABI: fix adding field to scsi_device (git-fixes).
- kABI: fix adding field to ufs_hba (git-fixes).
- kABI: fix change of iscsi_host_remove() arguments (bsc#1198410).
- kABI: fix removal of iscsi_destroy_conn (bsc#1198410).
- kABI: i2c: smbus: restore of_ alert variant (jsc#SLE-24569). kABI fix
for "i2c: smbus: Use device_*() functions instead of of_*()"
- kabi/severities: Exclude ppc kvm
- kabi/severities: add intel ice
- kabi/severities: add stmmac network driver local symbols
- kabi/severities: ignore dropped symbol rt5682_headset_detect
- kasan: fix tag for large allocations when using CONFIG_SLAB (git fixes
(mm/kasan)).
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- kselftest/cgroup: fix test_stress.sh to use OUTPUT dir (git-fixes).
- kselftest/vm: fix tests build with old libc (git-fixes).
- kselftest: Fix vdso_test_abi return status (git-fixes).
- kselftest: signal all child processes (git-fixes).
- kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
- kvm: selftests: do not use bitfields larger than 32-bits for PTEs
(git-fixes).
- l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using
netdev_master_upper_dev_get_rcu (git-fixes).
- landlock: Add clang-format exceptions (git-fixes).
- landlock: Change landlock_add_rule(2) argument check ordering
(git-fixes).
- landlock: Change landlock_restrict_self(2) check ordering (git-fixes).
- landlock: Create find_rule() from unmask_layers() (git-fixes).
- landlock: Define access_mask_t to enforce a consistent access mask size
(git-fixes).
- landlock: Fix landlock_add_rule(2) documentation (git-fixes).
- landlock: Fix same-layer rule unions (git-fixes).
- landlock: Format with clang-format (git-fixes).
- landlock: Reduce the maximum number of layers to 16 (git-fixes).
- landlock: Use square brackets around "landlock-ruleset" (git-fixes).
- libceph: fix potential use-after-free on linger ping and resends
(bsc#1201596).
- lockdep: Correct lock_classes index mapping (git-fixes).
- locking/lockdep: Avoid potential access of invalid memory in lock_class
(git-fixes).
- locking/lockdep: Iterate lock_classes directly when reading lockdep
files (git-fixes).
- loop: Use pr_warn_once() for loop_control_remove() warning (git-fixes).
- loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
- macsec: always read MACSEC_SA_ATTR_PN as a u64 (git-fixes).
- macsec: fix NULL deref in macsec_add_rxsa (git-fixes).
- macsec: fix error message in macsec_add_rxsa and _txsa (git-fixes).
- macsec: limit replay window size with XPN (git-fixes).
- md: bcache: check the return value of kzalloc() in
detached_dev_do_request() (git-fixes).
- memcg: page_alloc: skip bulk allocator for __GFP_ACCOUNT (git fixes
(mm/pgalloc)).
- memregion: Fix memregion_free() fallback definition (git-fixes).
- minix: fix bug when opening a file with O_DIRECT (git-fixes).
- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer
(git-fixes).
- misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes).
- misc: rtsx_usb: use separate command and response buffers (git-fixes).
- mm/large system hash: avoid possible NULL deref in
alloc_large_system_hash (git fixes (mm/pgalloc)).
- mm/secretmem: avoid letting secretmem_users drop to zero (git fixes
(mm/secretmem)).
- mm/vmalloc: fix numa spreading for large hash tables (git fixes
(mm/vmalloc)).
- mm/vmalloc: make sure to dump unpurged areas in /proc/vmallocinfo (git
fixes (mm/vmalloc)).
- mm/vmalloc: repair warn_alloc()s in __vmalloc_area_node() (git fixes
(mm/vmalloc)).
- mm: do not try to NUMA-migrate COW pages that have other uses (git fixes
(mm/numa)).
- mm: swap: get rid of livelock in swapin readahead (git fixes (mm/swap)).
- mt76: mt7921: get rid of mt7921_mac_set_beacon_filter (git-fixes).
- mtd: rawnand: gpmi: validate controller clock rate (git-fixes).
- natsemi: xtensa: fix section mismatch warnings (git-fixes).
- nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes).
- net/fsl: xgmac_mdio: Add workaround for erratum A-009885 (git-fixes).
- net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
(git-fixes).
- net/qla3xxx: fix an error code in ql_adapter_up() (git-fixes).
- net: ag71xx: Fix a potential double free in error handling paths
(git-fixes).
- net: altera: set a couple error code in probe() (git-fixes).
- net: amd-xgbe: Fix skb data length underflow (git-fixes).
- net: amd-xgbe: disable interrupts during pci removal (git-fixes).
- net: amd-xgbe: ensure to reset the tx_timer_active flag (git-fixes).
- net: annotate data-races on txq->xmit_lock_owner (git-fixes).
- net: axienet: Fix TX ring slot available check (git-fixes).
- net: axienet: Wait for PhyRstCmplt after core reset (git-fixes).
- net: axienet: add missing memory barriers (git-fixes).
- net: axienet: fix for TX busy handling (git-fixes).
- net: axienet: fix number of TX ring slots for available check
(git-fixes).
- net: axienet: increase default TX ring size to 128 (git-fixes).
- net: axienet: increase reset timeout (git-fixes).
- net: axienet: limit minimum TX ring size (git-fixes).
- net: bcm4908: Handle dma_set_coherent_mask error codes (git-fixes).
- net: bcmgenet: Do not claim WOL when its not available (git-fixes).
- net: bcmgenet: skip invalid partial checksums (git-fixes).
- net: chelsio: cxgb3: check the return value of pci_find_capability()
(git-fixes).
- net: cpsw: Properly initialise struct page_pool_params (git-fixes).
- net: cpsw: avoid alignment faults by taking NET_IP_ALIGN into account
(git-fixes).
- net: dpaa_eth: remove dead select in menuconfig FSL_DPAA_ETH (git-fixes).
- net: dsa: ar9331: register the mdiobus under devres (git-fixes).
- net: dsa: bcm_sf2: do not use devres for mdiobus (git-fixes).
- net: dsa: be compatible with masters which unregister on shutdown
(git-fixes).
- net: dsa: felix: do not use devres for mdiobus (git-fixes).
- net: dsa: hellcreek: be compatible with masters which unregister on
shutdown (git-fixes).
- net: dsa: lan9303: add VLAN IDs to master device (git-fixes).
- net: dsa: lan9303: fix reset on probe (git-fixes).
- net: dsa: lantiq_gswip: do not use devres for mdiobus (git-fixes).
- net: dsa: microchip: ksz8863: be compatible with masters which
unregister on shutdown (git-fixes).
- net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate()
(git-fixes).
- net: dsa: mt7530: fix kernel bug in mdiobus_free() when unbinding
(git-fixes).
- net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY (git-fixes).
- net: dsa: mv88e6xxx: do not use devres for mdiobus (git-fixes).
- net: dsa: mv88e6xxx: fix use-after-free in mv88e6xxx_mdios_unregister
(git-fixes).
- net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN
(git-fixes).
- net: dsa: xrs700x: be compatible with masters which unregister on
shutdown (git-fixes).
- net: ethernet: lpc_eth: Handle error for clk_enable (git-fixes).
- net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config()
(git-fixes).
- net: ethernet: mtk_eth_soc: fix return values and refactor MDIO ops
(git-fixes).
- net: ethernet: ti: cpts: Handle error for clk_enable (git-fixes).
- net: fec: only clear interrupt of handling queue in fec_enet_rx_queue()
(git-fixes).
- net: ieee802154: ca8210: Fix lifs/sifs periods (git-fixes).
- net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
- net: ieee802154: hwsim: Ensure proper channel selection at probe time
(git-fixes).
- net: ieee802154: mcr20a: Fix lifs/sifs periods (git-fixes).
- net: ipa: add an interconnect dependency (git-fixes).
- net: ipa: fix atomic update in ipa_endpoint_replenish() (git-fixes).
- net: ipa: prevent concurrent replenish (git-fixes).
- net: ipa: use a bitmap for endpoint replenish_enabled (git-fixes).
- net: ks8851: Check for error irq (git-fixes).
- net: lantiq_xrx200: fix statistics of received bytes (git-fixes).
- net: ll_temac: check the return value of devm_kmalloc() (git-fixes).
- net: macb: Fix lost RX packet wakeup race in NAPI receive (git-fixes).
- net: macsec: Fix offload support for NETDEV_UNREGISTER event (git-fixes).
- net: macsec: Verify that send_sci is on when setting Tx sci explicitly
(git-fixes).
- net: marvell: mvpp2: Fix the computation of shared CPUs (git-fixes).
- net: marvell: prestera: Add missing of_node_put() in
prestera_switch_set_base_mac_addr (git-fixes).
- net: marvell: prestera: fix incorrect return of port_find (git-fixes).
- net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (git-fixes).
- net: mscc: ocelot: fix backwards compatibility with single-chain
tc-flower offload (git-fixes).
- net: mscc: ocelot: fix mutex lock error during ethtool stats read
(git-fixes).
- net: mscc: ocelot: fix using match before it is set (git-fixes).
- net: mv643xx_eth: process retval from of_get_mac_address (git-fixes).
- net: mvpp2: fix XDP rx queues registering (git-fixes).
- net: phy: Do not trigger state machine while in suspend (git-fixes).
- net: phylink: Force link down and retrigger resolve on interface change
(git-fixes).
- net: phylink: Force retrigger in case of latched link-fail indicator
(git-fixes).
- net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes).
- net: sfp: fix high power modules without diagnostic monitoring
(git-fixes).
- net: sfp: ignore disabled SFP node (git-fixes).
- net: sparx5: Fix add vlan when invalid operation (git-fixes).
- net: sparx5: Fix get_stat64 crash in tcpdump (git-fixes).
- net: stmmac: Add platform level debug register dump feature (git-fixes).
- net: stmmac: Avoid DMA_CHAN_CONTROL write if no Split Header support
(git-fixes).
- net: stmmac: configure PTP clock source prior to PTP initialization
(git-fixes).
- net: stmmac: dump gmac4 DMA registers correctly (git-fixes).
- net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup (git-fixes).
- net: stmmac: dwmac-visconti: Fix bit definitions for ETHER_CLK_SEL
(git-fixes).
- net: stmmac: dwmac-visconti: Fix clock configuration for RMII mode
(git-fixes).
- net: stmmac: dwmac-visconti: Fix value of ETHER_CLK_SEL_FREQ_SEL_2P5M
(git-fixes).
- net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for unexpected
speed request (git-fixes).
- net: stmmac: ensure PTP time register reads are consistent (git-fixes).
- net: stmmac: fix return value of __setup handler (git-fixes).
- net: stmmac: fix tc flower deletion for VLAN priority Rx steering
(git-fixes).
- net: stmmac: properly handle with runtime pm in stmmac_dvr_remove()
(git-fixes).
- net: stmmac: ptp: fix potentially overflowing expression (git-fixes).
- net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls
(git-fixes).
- net: stmmac: skip only stmmac_ptp_register when resume from suspend
(git-fixes).
- net: sxgbe: fix return value of __setup handler (git-fixes).
- net: systemport: Add global locking for descriptor lifecycle (git-fixes).
- net: usb: Correct PHY handling of smsc95xx (git-fixes).
- net: usb: Correct reset handling of smsc95xx (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
- netdevsim: do not overwrite read only ethtool parms (git-fixes).
- nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes).
- nilfs2: fix incorrect masking of permission flags for symlinks
(git-fixes).
- nilfs2: fix lockdep warnings during disk space reclamation (git-fixes).
- nilfs2: fix lockdep warnings in page operations for btree nodes
(git-fixes).
- nouveau/svm: Fix to migrate all requested pages (git-fixes).
- nvme-auth: retry command if DNR bit is not set (bsc#1201675).
- nvme: add APIs for stopping/starting admin queue (bsc#1201651).
- nvme: apply nvme API to quiesce/unquiesce admin queue (bsc#1201651).
- nvme: consider also host_iface when checking ip options (bsc#1199670).
- nvme: implement In-Band authentication (jsc#SLE-20183).
- nvme: kabi fixes for in-band authentication (bsc#1199086).
- nvme: loop: clear NVME_CTRL_ADMIN_Q_STOPPED after admin queue is
reallocated (bsc#1201651).
- nvme: paring quiesce/unquiesce (bsc#1201651).
- nvme: prepare for pairing quiescing and unquiescing (bsc#1201651).
- nvme: wait until quiesce is done (bsc#1201651).
- nvmet-auth: expire authentication sessions (jsc#SLE-20183).
- nvmet: implement basic In-Band Authentication (jsc#SLE-20183).
- octeontx2-af: Add a 'rvu_free_bitmap()' function (gix-fixes).
- octeontx2-af: Do not fixup all VF action entries (git-fixes).
- octeontx2-af: Fix a memleak bug in rvu_mbox_init() (git-fixes).
- octeontx2-af: Fix some memory leaks in the error handling path of
'cgx_lmac_init()' (git-fixes).
- octeontx2-af: cn10k: Do not enable RPM loopback for LPC interfaces
(git-fixes).
- octeontx2-pf: Forward error codes to VF (git-fixes).
- optee: add error checks in optee_ffa_do_call_with_arg() (git-fixes).
- page_alloc: fix invalid watemark check on a negative value (git fixes
(mm/pgalloc)).
- perf/amd/ibs: Add support for L3 miss filtering (jsc#SLE-24578).
- perf/amd/ibs: Advertise zen4_ibs_extensions as pmu capability attribute
(jsc#SLE-24578).
- perf/amd/ibs: Cascade pmu init functions' return value (jsc#SLE-24578).
- perf/amd/ibs: Use ->is_visible callback for dynamic attributes
(jsc#SLE-24578).
- pinctrl: armada-37xx: Convert to use dev_err_probe() (git-fixes).
- pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource()
(git-fixes).
- pinctrl: armada-37xx: Use temporary variable for struct device
(git-fixes).
- pinctrl: aspeed: Fix potential NULL dereference in
aspeed_pinmux_set_mux() (git-fixes).
- pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes).
- pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).
- platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes).
- power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe
(git-fixes).
- powerpc/mobility: wait for memory transfer to complete (bsc#1201846
ltc#198761).
- powerpc/pseries/mobility: set NMI watchdog factor during an LPM
(bsc#1201846 ltc#198761).
- powerpc/pseries: Interface to represent PAPR firmware attributes
(bsc#1200465 ltc#197256 jsc#SLE-18130).
- powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY (bsc#1200465
ltc#197256 jsc#SLE-18130).
- powerpc/pseries: rename min_common_depth to primary_domain_index
(bsc#1200465 ltc#197256 jsc#SLE-18130).
- powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846
ltc#198761).
- ppp: ensure minimum packet size in ppp_write() (git-fixes).
- qede: validate non LSO skb length (git-fixes).
- r8152: fix a WOL issue (git-fixes).
- r8169: fix accessing unset transport header (git-fixes).
- random: document add_hwgenerator_randomness() with other input functions
(git-fixes).
- random: fix typo in comments (git-fixes).
- raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes).
- reset: Fix devm bulk optional exclusive control getter (git-fixes).
- rocker: fix a sleeping in atomic bug (git-fixes).
- rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer
Dwarves 1.22 or newer is required to build kernels with BTF information
embedded in modules.
- rpm/modules.fips: add ecdsa_generic (jsc#SLE-21132,bsc#1201258).
- samples/landlock: Add clang-format exceptions (git-fixes).
- samples/landlock: Fix path_list memory leak (git-fixes).
- samples/landlock: Format with clang-format (git-fixes).
- scripts/dtc: Call pkg-config POSIXly correct (git-fixes).
- scripts/gdb: change kernel config dumping method (git-fixes).
- scripts: sphinx-pre-install: Fix ctex support on Debian (git-fixes).
- scripts: sphinx-pre-install: add required ctex dependency (git-fixes).
- scsi: avoid to quiesce sdev->request_queue two times (bsc#1201651).
- scsi: core: sd: Add silence_suspend flag to suppress some PM messages
(git-fixes).
- scsi: iscsi: Add helper functions to manage iscsi_cls_conn (bsc#1198410).
- scsi: iscsi: Add helper to remove a session from the kernel
(bsc#1198410).
- scsi: iscsi: Allow iscsi_if_stop_conn() to be called from kernel
(bsc#1198410).
- scsi: iscsi: Clean up bound endpoints during shutdown (bsc#1198410).
- scsi: iscsi: Exclude zero from the endpoint ID range (git-fixes).
- scsi: iscsi: Fix HW conn removal use after free (bsc#1198410).
- scsi: iscsi: Fix session removal on shutdown (bsc#1198410).
- scsi: libiscsi: Teardown iscsi_cls_conn gracefully (bsc#1198410).
- scsi: lpfc: Fix mailbox command failure during driver initialization
(git-fixes).
- scsi: make sure that request queue queiesce and unquiesce balanced
(bsc#1201651).
- scsi: megaraid: Clear READ queue map's nr_queues (git-fixes).
- scsi: qedi: Use QEDI_MODE_NORMAL for error handling (bsc#1198410).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()
(bsc#1201958).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
- scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).
- scsi: qla2xxx: Fix response queue handler reading stale packets
(bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
- scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).
- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
- scsi: scsi_debug: Do not call kcalloc() if size arg is zero (git-fixes).
- scsi: scsi_debug: Fix type in min_t to avoid stack OOB (git-fixes).
- scsi: scsi_debug: Fix zone transition to full condition (git-fixes).
- scsi: scsi_debug: Sanity check block descriptor length in
resp_mode_select() (git-fixes).
- scsi: sd: Fix potential NULL pointer dereference (git-fixes).
- scsi: sd: Fix sd_do_mode_sense() buffer length handling (git-fixes).
- scsi: ufs: Fix a deadlock in the error handler (git-fixes).
- scsi: ufs: Fix runtime PM messages never-ending cycle (git-fixes).
- scsi: ufs: Remove dead code (git-fixes).
- scsi: ufs: core: scsi_get_lba() error fix (git-fixes).
- seccomp: Invalidate seccomp mode to catch death failures (git-fixes).
- selftest/net/forwarding: declare NETIFS p9 p10 (git-fixes).
- selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465
ltc#197256 jsc#SLE-18130).
- selftest/vm: fix map_fixed_noreplace test failure (git-fixes).
- selftest/vm: verify mmap addr in mremap_test (git-fixes).
- selftest/vm: verify remap destination address in mremap_test (git-fixes).
- selftests, x86: fix how check_cc.sh is being invoked (git-fixes).
- selftests/exec: Add non-regular to TEST_GEN_PROGS (git-fixes).
- selftests/exec: Remove pipe from TEST_GEN_FILES (git-fixes).
- selftests/fib_tests: Rework fib_rp_filter_test() (git-fixes).
- selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT
(git-fixes).
- selftests/ftrace: make kprobe profile testcase description unique
(git-fixes).
- selftests/landlock: Add clang-format exceptions (git-fixes).
- selftests/landlock: Add tests for O_PATH (git-fixes).
- selftests/landlock: Add tests for unknown access rights (git-fixes).
- selftests/landlock: Extend access right tests to directories (git-fixes).
- selftests/landlock: Extend tests for minimal valid attribute size
(git-fixes).
- selftests/landlock: Format with clang-format (git-fixes).
- selftests/landlock: Fully test file rename with "remove" access
(git-fixes).
- selftests/landlock: Make tests build with old libc (git-fixes).
- selftests/landlock: Normalize array assignment (git-fixes).
- selftests/landlock: Test landlock_create_ruleset(2) argument check
ordering (git-fixes).
- selftests/memfd: clean up mapping in mfd_fail_write (git-fixes).
- selftests/memfd: remove unused variable (git-fixes).
- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
(git-fixes).
- selftests/net: so_txtime: fix parsing of start time stamp on 32 bit
systems (git-fixes).
- selftests/net: so_txtime: usage(): fix documentation of default clock
(git-fixes).
- selftests/net: timestamping: Fix bind_phc check (git-fixes).
- selftests/net: udpgso_bench_tx: fix dst ip argument (git-fixes).
- selftests/powerpc/spectre_v2: Return skip code when miss_percent is high
(git-fixes).
- selftests/powerpc: Add a test of sigreturning to the kernel (git-fixes).
- selftests/resctrl: Fix null pointer dereference on open failed
(git-fixes).
- selftests/rseq: Change type of rseq_offset to ptrdiff_t (git-fixes).
- selftests/rseq: Fix ppc32 missing instruction selection "u" and "x" for
load/store (git-fixes).
- selftests/rseq: Fix ppc32 offsets by using long rather than off_t
(git-fixes).
- selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big
endian (git-fixes).
- selftests/rseq: Fix warnings about #if checks of undefined tokens
(git-fixes).
- selftests/rseq: Fix: work-around asm goto compiler bugs (git-fixes).
- selftests/rseq: Introduce rseq_get_abi() helper (git-fixes).
- selftests/rseq: Introduce thread pointer getters (git-fixes).
- selftests/rseq: Remove arm/mips asm goto compiler work-around
(git-fixes).
- selftests/rseq: Remove useless assignment to cpu variable (git-fixes).
- selftests/rseq: Remove volatile from __rseq_abi (git-fixes).
- selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35
(git-fixes).
- selftests/rseq: introduce own copy of rseq uapi header (git-fixes).
- selftests/rseq: remove ARRAY_SIZE define from individual tests
(git-fixes).
- selftests/rseq: x86-32: use %gs segment selector for accessing rseq
thread area (git-fixes).
- selftests/rseq: x86-64: use %fs segment selector for accessing rseq
thread area (git-fixes).
- selftests/seccomp: Do not call read() on TTY from background pgrp
(git-fixes).
- selftests/seccomp: Fix seccomp failure by adding missing headers
(git-fixes).
- selftests/sgx: Treat CC as one argument (git-fixes).
- selftests/vm/transhuge-stress: fix ram size thinko (git-fixes).
- selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup
setting (git-fixes).
- selftests/x86: Add validity check and allow field splitting (git-fixes).
- selftests/zram01.sh: Fix compression ratio calculation (git-fixes).
- selftests/zram: Adapt the situation that /dev/zram0 is being used
(git-fixes).
- selftests/zram: Skip max_comp_streams interface on newer kernel
(git-fixes).
- selftests: Add duplicate config only for MD5 VRF tests (git-fixes).
- selftests: Fix IPv6 address bind tests (git-fixes).
- selftests: Fix raw socket bind tests with VRF (git-fixes).
- selftests: add ping test with ping_group_range tuned (git-fixes).
- selftests: cgroup: Make cg_create() use 0755 for permission instead of
0644 (git-fixes).
- selftests: cgroup: Test open-time cgroup namespace usage for migration
checks (git-fixes).
- selftests: cgroup: Test open-time credential usage for migration checks
(git-fixes).
- selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST (git-fixes).
- selftests: fixup build warnings in pidfd / clone3 tests (git-fixes).
- selftests: forwarding: fix error message in learning_test (git-fixes).
- selftests: forwarding: fix flood_unicast_test when h2 supports
IFF_UNICAST_FLT (git-fixes).
- selftests: forwarding: fix learning_test when h1 supports
IFF_UNICAST_FLT (git-fixes).
- selftests: futex: Use variable MAKE instead of make (git-fixes).
- selftests: gpio: fix gpio compiling error (git-fixes).
- selftests: harness: avoid false negatives if test has no ASSERTs
(git-fixes).
- selftests: icmp_redirect: pass xfail=0 to log_test() (git-fixes).
- selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is
operational (git-fixes).
- selftests: mlxsw: resource_scale: Fix return value (git-fixes).
- selftests: mlxsw: tc_police_scale: Make test more robust (git-fixes).
- selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets
(git-fixes).
- selftests: mptcp: add csum mib check for mptcp_connect (git-fixes).
- selftests: mptcp: fix diag instability (git-fixes).
- selftests: mptcp: fix ipv6 routing setup (git-fixes).
- selftests: mptcp: more stable diag tests (git-fixes).
- selftests: net: Correct case name (git-fixes).
- selftests: net: Correct ping6 expected rc from 2 to 1 (git-fixes).
- selftests: net: Fix a typo in udpgro_fwd.sh (git-fixes).
- selftests: net: tls: remove unused variable and code (git-fixes).
- selftests: net: udpgro_fwd.sh: explicitly checking the available ping
feature (git-fixes).
- selftests: net: using ping6 for IPv6 in udpgro_fwd.sh (git-fixes).
- selftests: netfilter: add a vrf+conntrack testcase (git-fixes).
- selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh
(git-fixes).
- selftests: netfilter: disable rp_filter on router (git-fixes).
- selftests: netfilter: fix exit value for nft_concat_range (git-fixes).
- selftests: nft_concat_range: add test for reload with no element add/del
(git-fixes).
- selftests: ocelot: tc_flower_chains: specify conform-exceed action for
policer (git-fixes).
- selftests: openat2: Add missing dependency in Makefile (git-fixes).
- selftests: openat2: Print also errno in failure messages (git-fixes).
- selftests: openat2: Skip testcases that fail with EOPNOTSUPP (git-fixes).
- selftests: pmtu.sh: Kill nettest processes launched in subshell
(git-fixes).
- selftests: pmtu.sh: Kill tcpdump processes launched by subshell
(git-fixes).
- selftests: rtc: Increase test timeout so that all tests run (git-fixes).
- selftests: skip mincore.check_file_mmap when fs lacks needed support
(git-fixes).
- selftests: test_vxlan_under_vrf: Fix broken test case (git-fixes).
- selftests: vm: Makefile: rename TARGETS to VMTARGETS (git-fixes).
- selftests: vm: fix clang build error multiple output files (git-fixes).
- selftests: x86: fix [-Wstringop-overread] warn in
test_process_vm_readv() (git-fixes).
- serial: 8250: Fix PM usage_count for console handover (git-fixes).
- serial: 8250: fix return error code in serial8250_request_std_resource()
(git-fixes).
- serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes).
- serial: sc16is7xx: Clear RS485 bits in the shutdown (git-fixes).
- serial: stm32: Clear prev values before setting RTS delays (git-fixes).
- smsc95xx: Ignore -ENODEV errors when device is unplugged (git-fixes).
- soc: ixp4xx/npe: Fix unused match warning (git-fixes).
- spi: Add Tegra234 QUAD SPI compatible (jsc#SLE-24570)
- spi: amd: Limit max transfer and message size (git-fixes).
- spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non
DMA transfers (git-fixes).
- spi: tegra210-quad: add acpi support (jsc#SLE-24570)
- spi: tegra210-quad: add new chips to compatible (jsc#SLE-24570)
- spi: tegra210-quad: combined sequence mode (jsc#SLE-24570)
- spi: tegra210-quad: use device_reset method (jsc#SLE-24570)
- spi: tegra210-quad: use devm call for cdata memory (jsc#SLE-24570)
- supported.conf: mark drivers/nvme/common as supported (jsc#SLE-20183)
- supported.conf: mark marvell octeontx2 crypto driver as supported
(jsc#SLE-24682) Mark rvu_cptpf.ko and rvu_cptvf.ko as supported.
- supported.conf: rvu_mbox as supported (jsc#SLE-24682)
- sysctl: Fix data races in proc_dointvec() (git-fixes).
- sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).
- sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_douintvec() (git-fixes).
- sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_doulongvec_minmax() (git-fixes).
- sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes).
- sysctl: Fix data-races in proc_dou8vec_minmax() (git-fixes).
- tee: fix put order in teedev_close_context() (git-fixes).
- tee: optee: do not check memref size on return from Secure World
(git-fixes).
- tee: tee_get_drvdata(): fix description of return value (git-fixes).
- testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu
set (git-fixes).
- testing: nvdimm: asm/mce.h is not needed in nfit.c (git-fixes).
- testing: nvdimm: iomap: make __nfit_test_ioremap a macro (git-fixes).
- tests: fix idmapped mount_setattr test (git-fixes).
- tools include UAPI: Sync sound/asound.h copy with the kernel sources
(git-fixes).
- tools/nolibc: fix incorrect truncation of exit code (git-fixes).
- tools/nolibc: i386: fix initial stack alignment (git-fixes).
- tools/nolibc: x86-64: Fix startup code bug (git-fixes).
- tools/testing/scatterlist: add missing defines (git-fixes).
- tty: n_gsm: Modify CR,PF bit when config requester (git-fixes).
- tty: n_gsm: Save dlci address open status when config requester
(git-fixes).
- tty: n_gsm: fix buffer over-read in gsm_dlci_data() (git-fixes).
- tty: n_gsm: fix decoupled mux resource (git-fixes).
- tty: n_gsm: fix encoding of command/response bit (git-fixes).
- tty: n_gsm: fix frame reception handling (git-fixes).
- tty: n_gsm: fix incorrect UA handling (git-fixes).
- tty: n_gsm: fix insufficient txframe size (git-fixes).
- tty: n_gsm: fix invalid gsmtty_write_room() result (git-fixes).
- tty: n_gsm: fix invalid use of MSC in advanced option (git-fixes).
- tty: n_gsm: fix malformed counter for out of frame data (git-fixes).
- tty: n_gsm: fix missing explicit ldisc flush (git-fixes).
- tty: n_gsm: fix missing tty wakeup in convergence layer type 2
(git-fixes).
- tty: n_gsm: fix missing update of modem controls after DLCI open
(git-fixes).
- tty: n_gsm: fix mux activation issues in gsm_config() (git-fixes).
- tty: n_gsm: fix mux cleanup after unregister tty device (git-fixes).
- tty: n_gsm: fix reset fifo race condition (git-fixes).
- tty: n_gsm: fix restart handling via CLD command (git-fixes).
- tty: n_gsm: fix software flow control handling (git-fixes).
- tty: n_gsm: fix sometimes uninitialized warning in
gsm_dlci_modem_output() (git-fixes).
- tty: n_gsm: fix wrong DLCI release order (git-fixes).
- tty: n_gsm: fix wrong command frame length field encoding (git-fixes).
- tty: n_gsm: fix wrong command retry handling (git-fixes).
- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2
(git-fixes).
- tty: n_gsm: fix wrong signal octets encoding in MSC (git-fixes).
- tty: serial: samsung_tty: set dma burst_size to 1 (git-fixes).
- tun: avoid double free in tun_free_netdev (git-fixes).
- tun: fix bonding active backup with arp monitoring (git-fixes).
- tunnels: do not assume mac header is set in skb_tunnel_check_pmtu()
(git-fixes).
- tuntap: add sanity checks about msg_controllen in sendmsg (git-fixes).
- uaccess: fix type mismatch warnings from access_ok() (git-fixes).
- ucounts: Base set_cred_ucounts changes on the real user (git-fixes).
- ucounts: Fix rlimit max values check (git-fixes).
- ucounts: Fix systemd LimitNPROC with private users regression
(git-fixes).
- ucounts: Handle wrapping in is_ucounts_overlimit (git-fixes).
- ucounts: In set_cred_ucounts assume new->ucounts is non-NULL (git-fixes).
- udmabuf: add back sanity check (git-fixes).
- usb: dwc3: gadget: Fix event pending check (git-fixes).
- usb: serial: ftdi_sio: add Belimo device ids (git-fixes).
- usb: typec: add missing uevent when partner support PD (git-fixes).
- usbnet: Run unregister_netdev() before unbind() again (git-fixes).
- usbnet: fix memory leak in error case (git-fixes).
- userfaultfd/selftests: fix hugetlb area allocations (git-fixes).
- veth: Do not record rx queue hint in veth_xmit (git-fixes).
- veth: ensure skb entering GRO are not cloned (git-fixes).
- video: of_display_timing.h: include errno.h (git-fixes).
- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
- virtio_mmio: Restore guest page size on resume (git-fixes).
- vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit
(git-fixes).
- vsock/virtio: enable VQs early on probe (git-fixes).
- vsock/virtio: initialize vdev->priv before using VQs (git-fixes).
- vsock/virtio: read the negotiated features before using VQs (git-fixes).
- vsock: remove vsock from connected table when connect is interrupted by
a signal (git-fixes).
- vt: fix memory overlapping when deleting chars in the buffer (git-fixes).
- watch-queue: remove spurious double semicolon (git-fixes).
- watch_queue: Fix missing locking in add_watch_to_object() (git-fixes).
- watch_queue: Fix missing rcu annotation (git-fixes).
- watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761).
- watchqueue: make sure to serialize 'wqueue->defunct' properly
(git-fixes).
- wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes).
- wifi: mac80211_hwsim: set virtio device ready in probe() (git-fixes).
- wireguard: device: check for metadata_dst with skb_valid_dst()
(git-fixes).
- x86/bugs: Remove apostrophe typo (bsc#1190497).
- x86/entry: Remove skip_r11rcx (bsc#1201524).
- x86/ibt,xen: Sprinkle the ENDBR (bsc#1201471).
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
(bsc#1201381).
- xhci: Set HCD flag to defer primary roothub registration (git-fixes).
- xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit (git-fixes).
- xhci: dbc: create and remove dbc structure in dbgtty driver (git-fixes).
- xhci: dbc: refactor xhci_dbc_init() (git-fixes).
- xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create
(git-fixes).
- xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes).
- zonefs: Clear inode information flags on inode creation (git-fixes).
- zonefs: Fix management of open zones (git-fixes).
- zonefs: add MODULE_ALIAS_FS (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2722=1
- SUSE Linux Enterprise Module for Public Cloud 15-SP4:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-2722=1
Package List:
- openSUSE Leap 15.4 (aarch64 x86_64):
cluster-md-kmp-azure-5.14.21-150400.14.10.1
cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.10.1
dlm-kmp-azure-5.14.21-150400.14.10.1
dlm-kmp-azure-debuginfo-5.14.21-150400.14.10.1
gfs2-kmp-azure-5.14.21-150400.14.10.1
gfs2-kmp-azure-debuginfo-5.14.21-150400.14.10.1
kernel-azure-5.14.21-150400.14.10.1
kernel-azure-debuginfo-5.14.21-150400.14.10.1
kernel-azure-debugsource-5.14.21-150400.14.10.1
kernel-azure-devel-5.14.21-150400.14.10.1
kernel-azure-devel-debuginfo-5.14.21-150400.14.10.1
kernel-azure-extra-5.14.21-150400.14.10.1
kernel-azure-extra-debuginfo-5.14.21-150400.14.10.1
kernel-azure-livepatch-devel-5.14.21-150400.14.10.1
kernel-azure-optional-5.14.21-150400.14.10.1
kernel-azure-optional-debuginfo-5.14.21-150400.14.10.1
kernel-syms-azure-5.14.21-150400.14.10.1
kselftests-kmp-azure-5.14.21-150400.14.10.1
kselftests-kmp-azure-debuginfo-5.14.21-150400.14.10.1
ocfs2-kmp-azure-5.14.21-150400.14.10.1
ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.10.1
reiserfs-kmp-azure-5.14.21-150400.14.10.1
reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.10.1
- openSUSE Leap 15.4 (noarch):
kernel-devel-azure-5.14.21-150400.14.10.1
kernel-source-azure-5.14.21-150400.14.10.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 x86_64):
kernel-azure-5.14.21-150400.14.10.1
kernel-azure-debuginfo-5.14.21-150400.14.10.1
kernel-azure-debugsource-5.14.21-150400.14.10.1
kernel-azure-devel-5.14.21-150400.14.10.1
kernel-azure-devel-debuginfo-5.14.21-150400.14.10.1
kernel-syms-azure-5.14.21-150400.14.10.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch):
kernel-devel-azure-5.14.21-150400.14.10.1
kernel-source-azure-5.14.21-150400.14.10.1
References:
https://www.suse.com/security/cve/CVE-2021-33655.html
https://www.suse.com/security/cve/CVE-2022-1462.html
https://www.suse.com/security/cve/CVE-2022-21505.html
https://www.suse.com/security/cve/CVE-2022-29581.html
https://www.suse.com/security/cve/CVE-2022-32250.html
https://bugzilla.suse.com/1190256
https://bugzilla.suse.com/1190497
https://bugzilla.suse.com/1198410
https://bugzilla.suse.com/1198829
https://bugzilla.suse.com/1199086
https://bugzilla.suse.com/1199291
https://bugzilla.suse.com/1199364
https://bugzilla.suse.com/1199665
https://bugzilla.suse.com/1199670
https://bugzilla.suse.com/1200015
https://bugzilla.suse.com/1200465
https://bugzilla.suse.com/1200494
https://bugzilla.suse.com/1200644
https://bugzilla.suse.com/1200651
https://bugzilla.suse.com/1201258
https://bugzilla.suse.com/1201323
https://bugzilla.suse.com/1201381
https://bugzilla.suse.com/1201391
https://bugzilla.suse.com/1201427
https://bugzilla.suse.com/1201458
https://bugzilla.suse.com/1201471
https://bugzilla.suse.com/1201524
https://bugzilla.suse.com/1201592
https://bugzilla.suse.com/1201593
https://bugzilla.suse.com/1201595
https://bugzilla.suse.com/1201596
https://bugzilla.suse.com/1201635
https://bugzilla.suse.com/1201651
https://bugzilla.suse.com/1201675
https://bugzilla.suse.com/1201691
https://bugzilla.suse.com/1201705
https://bugzilla.suse.com/1201725
https://bugzilla.suse.com/1201846
https://bugzilla.suse.com/1201930
https://bugzilla.suse.com/1201954
https://bugzilla.suse.com/1201958
1
0
SUSE-SU-2022:2713-1: important: Security update for bind
by opensuse-security@opensuse.org 09 Aug '22
by opensuse-security@opensuse.org 09 Aug '22
09 Aug '22
SUSE Security Update: Security update for bind
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2713-1
Rating: important
References: #1192146 #1197135 #1197136 #1199044 #1200685
SLE-24600
Cross-References: CVE-2021-25219 CVE-2021-25220 CVE-2022-0396
CVSS scores:
CVE-2021-25219 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-25219 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-25220 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
CVE-2021-25220 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
CVE-2022-0396 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-0396 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves three vulnerabilities, contains one
feature and has two fixes is now available.
Description:
This update for bind fixes the following issues:
- CVE-2021-25219: Fixed flaw that allowed abusing lame cache to severely
degrade resolver performance (bsc#1192146).
- CVE-2021-25220: Fixed potentially incorrect answers by cached forwarders
(bsc#1197135).
- CVE-2022-0396: Fixed a incorrect handling of TCP connection slots time
frame leading to deny of service (bsc#1197136).
The following non-security bugs were fixed:
- Update to release 9.16.31 (jsc#SLE-24600).
- Logrotation broken since dropping chroot (bsc#1200685).
- A non-existent initialization script (eg a leftorver
"createNamedConfInclude" in /etc/sysconfig/named) may cause named not to
start. A warning message is printed in named.prep and the fact is
ignored. Also, the return value of a failed script was not handled
properly causing a failed script to not prevent named to start. This is
now fixed properly. [bsc#1199044, vendor-files.tar.bz2]
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2713=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2713=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2713=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
bind-9.16.31-150400.5.6.1
bind-debuginfo-9.16.31-150400.5.6.1
bind-debugsource-9.16.31-150400.5.6.1
bind-utils-9.16.31-150400.5.6.1
bind-utils-debuginfo-9.16.31-150400.5.6.1
- openSUSE Leap 15.4 (noarch):
bind-doc-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
bind-9.16.31-150400.5.6.1
bind-debuginfo-9.16.31-150400.5.6.1
bind-debugsource-9.16.31-150400.5.6.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch):
bind-doc-9.16.31-150400.5.6.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
bind-debuginfo-9.16.31-150400.5.6.1
bind-debugsource-9.16.31-150400.5.6.1
bind-utils-9.16.31-150400.5.6.1
bind-utils-debuginfo-9.16.31-150400.5.6.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):
python3-bind-9.16.31-150400.5.6.1
References:
https://www.suse.com/security/cve/CVE-2021-25219.html
https://www.suse.com/security/cve/CVE-2021-25220.html
https://www.suse.com/security/cve/CVE-2022-0396.html
https://bugzilla.suse.com/1192146
https://bugzilla.suse.com/1197135
https://bugzilla.suse.com/1197136
https://bugzilla.suse.com/1199044
https://bugzilla.suse.com/1200685
1
0
SUSE-SU-2022:2707-1: important: Security update for java-11-openjdk
by opensuse-security@opensuse.org 09 Aug '22
by opensuse-security@opensuse.org 09 Aug '22
09 Aug '22
SUSE Security Update: Security update for java-11-openjdk
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2707-1
Rating: important
References: #1201684 #1201692 #1201694
Cross-References: CVE-2022-21540 CVE-2022-21541 CVE-2022-34169
CVSS scores:
CVE-2022-21540 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2022-21540 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2022-21541 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-21541 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-34169 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34169 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for java-11-openjdk fixes the following issues:
Update to upstream tag jdk-11.0.16+8 (July 2022 CPU)
- CVE-2022-21540: Improve class compilation (bsc#1201694)
- CVE-2022-21541: Enhance MethodHandle invocations (bsc#1201692)
- CVE-2022-34169: Improve Xalan supports (bsc#1201684)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2707=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2707=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2707=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2707=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2707=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2707=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2707=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2707=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2707=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2707=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2707=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2707=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2707=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2707=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2707=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2707=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2707=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2707=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2707=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2707=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2707=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2707=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2707=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-2707=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-2707=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
java-11-openjdk-11.0.16.0-150000.3.83.1
java-11-openjdk-accessibility-11.0.16.0-150000.3.83.1
java-11-openjdk-accessibility-debuginfo-11.0.16.0-150000.3.83.1
java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1
java-11-openjdk-demo-11.0.16.0-150000.3.83.1
java-11-openjdk-devel-11.0.16.0-150000.3.83.1
java-11-openjdk-headless-11.0.16.0-150000.3.83.1
java-11-openjdk-jmods-11.0.16.0-150000.3.83.1
java-11-openjdk-src-11.0.16.0-150000.3.83.1
- openSUSE Leap 15.4 (noarch):
java-11-openjdk-javadoc-11.0.16.0-150000.3.83.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
java-11-openjdk-11.0.16.0-150000.3.83.1
java-11-openjdk-accessibility-11.0.16.0-150000.3.83.1
java-11-openjdk-accessibility-debuginfo-11.0.16.0-150000.3.83.1
java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1
java-11-openjdk-demo-11.0.16.0-150000.3.83.1
java-11-openjdk-devel-11.0.16.0-150000.3.83.1
java-11-openjdk-headless-11.0.16.0-150000.3.83.1
java-11-openjdk-jmods-11.0.16.0-150000.3.83.1
java-11-openjdk-src-11.0.16.0-150000.3.83.1
- openSUSE Leap 15.3 (noarch):
java-11-openjdk-javadoc-11.0.16.0-150000.3.83.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
java-11-openjdk-11.0.16.0-150000.3.83.1
java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1
java-11-openjdk-demo-11.0.16.0-150000.3.83.1
java-11-openjdk-devel-11.0.16.0-150000.3.83.1
java-11-openjdk-headless-11.0.16.0-150000.3.83.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
java-11-openjdk-11.0.16.0-150000.3.83.1
java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1
java-11-openjdk-demo-11.0.16.0-150000.3.83.1
java-11-openjdk-devel-11.0.16.0-150000.3.83.1
java-11-openjdk-headless-11.0.16.0-150000.3.83.1
- SUSE Manager Proxy 4.1 (x86_64):
java-11-openjdk-11.0.16.0-150000.3.83.1
java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1
java-11-openjdk-demo-11.0.16.0-150000.3.83.1
java-11-openjdk-devel-11.0.16.0-150000.3.83.1
java-11-openjdk-headless-11.0.16.0-150000.3.83.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
java-11-openjdk-11.0.16.0-150000.3.83.1
java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1
java-11-openjdk-demo-11.0.16.0-150000.3.83.1
java-11-openjdk-devel-11.0.16.0-150000.3.83.1
java-11-openjdk-headless-11.0.16.0-150000.3.83.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
java-11-openjdk-11.0.16.0-150000.3.83.1
java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1
java-11-openjdk-demo-11.0.16.0-150000.3.83.1
java-11-openjdk-devel-11.0.16.0-150000.3.83.1
java-11-openjdk-headless-11.0.16.0-150000.3.83.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
java-11-openjdk-11.0.16.0-150000.3.83.1
java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1
java-11-openjdk-demo-11.0.16.0-150000.3.83.1
java-11-openjdk-devel-11.0.16.0-150000.3.83.1
java-11-openjdk-headless-11.0.16.0-150000.3.83.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
java-11-openjdk-11.0.16.0-150000.3.83.1
java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1
java-11-openjdk-demo-11.0.16.0-150000.3.83.1
java-11-openjdk-devel-11.0.16.0-150000.3.83.1
java-11-openjdk-headless-11.0.16.0-150000.3.83.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
java-11-openjdk-11.0.16.0-150000.3.83.1
java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1
java-11-openjdk-demo-11.0.16.0-150000.3.83.1
java-11-openjdk-devel-11.0.16.0-150000.3.83.1
java-11-openjdk-headless-11.0.16.0-150000.3.83.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
java-11-openjdk-11.0.16.0-150000.3.83.1
java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1
java-11-openjdk-demo-11.0.16.0-150000.3.83.1
java-11-openjdk-devel-11.0.16.0-150000.3.83.1
java-11-openjdk-headless-11.0.16.0-150000.3.83.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
java-11-openjdk-11.0.16.0-150000.3.83.1
java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1
java-11-openjdk-demo-11.0.16.0-150000.3.83.1
java-11-openjdk-devel-11.0.16.0-150000.3.83.1
java-11-openjdk-headless-11.0.16.0-150000.3.83.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
java-11-openjdk-11.0.16.0-150000.3.83.1
java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1
java-11-openjdk-demo-11.0.16.0-150000.3.83.1
java-11-openjdk-devel-11.0.16.0-150000.3.83.1
java-11-openjdk-headless-11.0.16.0-150000.3.83.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch):
java-11-openjdk-javadoc-11.0.16.0-150000.3.83.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):
java-11-openjdk-jmods-11.0.16.0-150000.3.83.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch):
java-11-openjdk-javadoc-11.0.16.0-150000.3.83.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
java-11-openjdk-11.0.16.0-150000.3.83.1
java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1
java-11-openjdk-demo-11.0.16.0-150000.3.83.1
java-11-openjdk-devel-11.0.16.0-150000.3.83.1
java-11-openjdk-headless-11.0.16.0-150000.3.83.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
java-11-openjdk-11.0.16.0-150000.3.83.1
java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1
java-11-openjdk-demo-11.0.16.0-150000.3.83.1
java-11-openjdk-devel-11.0.16.0-150000.3.83.1
java-11-openjdk-headless-11.0.16.0-150000.3.83.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
java-11-openjdk-11.0.16.0-150000.3.83.1
java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1
java-11-openjdk-demo-11.0.16.0-150000.3.83.1
java-11-openjdk-devel-11.0.16.0-150000.3.83.1
java-11-openjdk-headless-11.0.16.0-150000.3.83.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
java-11-openjdk-11.0.16.0-150000.3.83.1
java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1
java-11-openjdk-demo-11.0.16.0-150000.3.83.1
java-11-openjdk-devel-11.0.16.0-150000.3.83.1
java-11-openjdk-headless-11.0.16.0-150000.3.83.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
java-11-openjdk-11.0.16.0-150000.3.83.1
java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1
java-11-openjdk-demo-11.0.16.0-150000.3.83.1
java-11-openjdk-devel-11.0.16.0-150000.3.83.1
java-11-openjdk-headless-11.0.16.0-150000.3.83.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
java-11-openjdk-11.0.16.0-150000.3.83.1
java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1
java-11-openjdk-demo-11.0.16.0-150000.3.83.1
java-11-openjdk-devel-11.0.16.0-150000.3.83.1
java-11-openjdk-headless-11.0.16.0-150000.3.83.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
java-11-openjdk-11.0.16.0-150000.3.83.1
java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1
java-11-openjdk-demo-11.0.16.0-150000.3.83.1
java-11-openjdk-devel-11.0.16.0-150000.3.83.1
java-11-openjdk-headless-11.0.16.0-150000.3.83.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
java-11-openjdk-11.0.16.0-150000.3.83.1
java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1
java-11-openjdk-demo-11.0.16.0-150000.3.83.1
java-11-openjdk-devel-11.0.16.0-150000.3.83.1
java-11-openjdk-headless-11.0.16.0-150000.3.83.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
java-11-openjdk-11.0.16.0-150000.3.83.1
java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1
java-11-openjdk-demo-11.0.16.0-150000.3.83.1
java-11-openjdk-devel-11.0.16.0-150000.3.83.1
java-11-openjdk-headless-11.0.16.0-150000.3.83.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
java-11-openjdk-11.0.16.0-150000.3.83.1
java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1
java-11-openjdk-demo-11.0.16.0-150000.3.83.1
java-11-openjdk-devel-11.0.16.0-150000.3.83.1
java-11-openjdk-headless-11.0.16.0-150000.3.83.1
- SUSE CaaS Platform 4.0 (x86_64):
java-11-openjdk-11.0.16.0-150000.3.83.1
java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1
java-11-openjdk-demo-11.0.16.0-150000.3.83.1
java-11-openjdk-devel-11.0.16.0-150000.3.83.1
java-11-openjdk-headless-11.0.16.0-150000.3.83.1
References:
https://www.suse.com/security/cve/CVE-2022-21540.html
https://www.suse.com/security/cve/CVE-2022-21541.html
https://www.suse.com/security/cve/CVE-2022-34169.html
https://bugzilla.suse.com/1201684
https://bugzilla.suse.com/1201692
https://bugzilla.suse.com/1201694
1
0
SUSE-SU-2022:2692-1: important: Security update for crash
by opensuse-security@opensuse.org 07 Aug '22
by opensuse-security@opensuse.org 07 Aug '22
07 Aug '22
SUSE Security Update: Security update for crash
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2692-1
Rating: important
References: #1198581
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update of crash fixes the following issue:
- rebuild with new secure boot key due to grub2 boothole 3 issues
(bsc#1198581)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2692=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2692=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
crash-7.3.0-150400.3.2.6
crash-debuginfo-7.3.0-150400.3.2.6
crash-debugsource-7.3.0-150400.3.2.6
crash-devel-7.3.0-150400.3.2.6
crash-doc-7.3.0-150400.3.2.6
crash-eppic-7.3.0-150400.3.2.6
crash-eppic-debuginfo-7.3.0-150400.3.2.6
crash-kmp-default-7.3.0_k5.14.21_150400.24.11-150400.3.2.6
crash-kmp-default-debuginfo-7.3.0_k5.14.21_150400.24.11-150400.3.2.6
- openSUSE Leap 15.4 (aarch64):
crash-kmp-64kb-7.3.0_k5.14.21_150400.24.11-150400.3.2.6
crash-kmp-64kb-debuginfo-7.3.0_k5.14.21_150400.24.11-150400.3.2.6
- openSUSE Leap 15.4 (x86_64):
crash-gcore-7.3.0-150400.3.2.6
crash-gcore-debuginfo-7.3.0-150400.3.2.6
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):
crash-7.3.0-150400.3.2.6
crash-debuginfo-7.3.0-150400.3.2.6
crash-debugsource-7.3.0-150400.3.2.6
crash-devel-7.3.0-150400.3.2.6
crash-kmp-default-7.3.0_k5.14.21_150400.24.11-150400.3.2.6
crash-kmp-default-debuginfo-7.3.0_k5.14.21_150400.24.11-150400.3.2.6
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64):
crash-kmp-64kb-7.3.0_k5.14.21_150400.24.11-150400.3.2.6
crash-kmp-64kb-debuginfo-7.3.0_k5.14.21_150400.24.11-150400.3.2.6
References:
https://bugzilla.suse.com/1198581
1
0
openSUSE-SU-2022:10081-1: moderate: Security update for trivy
by opensuse-security@opensuse.org 06 Aug '22
by opensuse-security@opensuse.org 06 Aug '22
06 Aug '22
openSUSE Security Update: Security update for trivy
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10081-1
Rating: moderate
References:
Cross-References: CVE-2022-1996
CVSS scores:
CVE-2022-1996 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2022-1996 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for trivy fixes the following issues:
trivy was updated to version 0.30.4:
* fix: remove the first arg when running as a plugin (#2595)
* fix: k8s controlplaner scanning (#2593)
* fix(vuln): GitLab report template (#2578)
Update to version 0.30.3:
* fix(server): use a new db worker for hot updates (#2581)
* docs: add trivy with download-db-only flag to Air-Gapped Environment
(#2583)
* docs: split commands to download db for different versions of oras
(#2582)
* feat(report): export exitcode for license checks (#2564)
* fix: cli can use lowercase for severities (#2565)
* fix: allow subcommands with TRIVY_RUN_AS_PLUGIN (#2577)
* fix: add missing types in TypeOSes and TypeLanguages in analyzer (#2569)
* fix: enable some features of the wasm runtime (#2575)
* fix(k8s): no error logged if trivy can't get docker image in kubernetes
mode (#2521)
* docs(sbom): improve sbom attestation documentation (#2566)
Update to version 0.30.2:
* fix(report): show the summary without results (#2548)
* fix(cli): replace '-' to '_' for env vars (#2561)
Update to version 0.30.1:
* chore: remove a test repository (#2551)
* fix(license): lazy loading of classifiers (#2547)
* fix: CVE-2022-1996 in Trivy (#2499)
* docs(sbom): add sbom attestation (#2527)
* feat(rocky): set Rocky Linux 9 EOL (#2543)
* docs: add attributes to the video tag to autoplay demo videos (#2538)
* fix: yaml files with non-string chart name (#2534)
* fix: skip dirs (#2530)
* feat(repo): add support for branch, commit, & tag (#2494)
* fix: remove auto configure environment variables via viper (#2526)
Update to version 0.30.0:
* fix: separating multiple licenses from one line in dpkg copyright files
(#2508)
* fix: change a capital letter for `plugin uninstall` subcommand (#2519)
* fix: k8s hide empty report when scanning resource (#2517)
* refactor: fix comments (#2516)
* fix: scan vendor dir (#2515)
* feat: Add support for license scanning (#2418)
* chore: add owners for secret scanning (#2485)
* fix: remove dependency-tree flag for image subcommand (#2492)
* fix(k8s): add shorthand for k8s namespace flag (#2495)
* docs: add information about using multiple servers to troubleshooting
(#2498)
* ci: add pushing canary build images to registries (#2428)
* feat(dotnet): add support for .Net core .deps.json files (#2487)
* feat(amazon): add support for 2022 version (#2429)
* Type correction bitnami chart (#2415)
* docs: add config file and update CLI references (#2489)
* feat: add support for flag groups (#2488)
* refactor: move from urfave/cli to spf13/cobra (#2458)
* fix: Fix secrets output not containing file/lines (#2467)
* fix: clear output with modules (#2478)
* docs(cbl): distroless 1.0 supported (#2473)
* fix: Fix example dockerfile rego policy (#2460)
* fix(config): add helm to list of config analyzers (#2457)
* feat: k8s resouces scan (#2395)
* feat(sbom): add cyclonedx sbom scan (#2203)
* docs: remove links to removed content (#2431)
* ci: added rpm build for rhel 9 (#2437)
* fix(secret): remove space from asymmetric private key (#2434)
* test(integration): fix golden files for debian 9 (#2435)
* fix(cli): fix version string in docs link when secret scanning is
enabled (#2422)
* refactor: move CycloneDX marshaling (#2420)
* docs(nodejs): add docs about pnpm support (#2423)
* docs: improve k8s usage documentation (#2425)
* feat: Make secrets scanning output consistant (#2410)
* ci: create canary build after main branch changes (#1638)
* fix(misconf): skip broken scans (#2396)
* feat(nodejs): add pnpm support (#2414)
* fix: Fix false positive for use of COS images (#2413)
* eliminate nerdctl dependency (#2412)
* Add EOL date for SUSE SLES 15.3, 15.4 and OpenSUSE 15.4 (#2403)
* fix(go): no cast to lowercase go package names (#2401)
* BREAKING(sbom): change 'trivy sbom' to scan SBOM (#2408)
* fix(server): hot update the db from custom repository (#2406)
* feat: added license parser for dpkg (#2381)
* fix(misconf): Update defsec (v0.68.5) to fix docker rego duplicate key
(#2400)
* feat: extract stripe publishable and secret keys (#2392)
* feat: rbac support k8s sub-command (#2339)
* feat(ruby): drop platform strings from dependency versions bundled with
bundler v2 (#2390)
* docs: Updating README with new CLI command (#2359)
* fix(misconf): Update defsec to v0.68.4 to resolve CF detection bug
(#2383)
* chore: add integration label and merge security label (#2316)
Update to version 0.29.2:
* chore: skip Visual Studio Code project folder (#2379)
* fix(helm): handle charts with templated names (#2374)
* docs: redirect operator docs to trivy-operator repo (#2372)
* fix(secret): use secret result when determining Failed status (#2370)
* try removing libdb-dev
* run integration tests in fanal
* use same testing images in fanal
* feat(helm): add support for trivy dbRepository (#2345)
* fix: Fix failing test due to deref lint issue
* test: Fix broken test
* fix: Fix makefile when no previous named ref is visible in a shallow
clone
* chore: Fix linting issues in fanal
* refactor: Fix fanal import paths and remove dotfiles
Update to version 0.29.1:
* fix(report): add required fields to the SARIF template (#2341)
* chore: fix spelling errors (#2352)
* Omit Remediation if PrimaryURL is empty (#2006)
* docs(repo): Link to installation documentation in readme shows 404
(#2348)
* feat(alma): support for scanning of modular packages for AlmaLinux
(#2347)
Update to version 0.29.0:
* fix(lang): fix dependency graph in client server mode (#2336)
* feat: allow expiration date for .trivyignore entries (#2332)
* feat(lang): add dependency origin graph (#1970)
* docs: update nix installation info (#2331)
* feat: add rbac scanning support (#2328)
* refactor: move WordPress module to another repository (#2329)
* ci: add support for ppc64le (#2281)
* feat: add support for WASM modules (#2195)
* feat(secret): show recommendation for slow scanning (#2051)
* fix(flag): remove --clear-cache flag client mode (#2301)
* fix(java): added check for looping for variable evaluation in pom file
(#2322)
* BREAKING(k8s): change CLI API (#2186)
* feat(alpine): add Alpine Linux 3.16 (#2319)
* ci: add `go mod tidy` check (#2314)
* chore: run `go mod tidy` (#2313)
* fix: do not exit if one resource is not found (#2311)
* feat(cli): use stderr for all log messages (resolve #381) (#2289)
* test: replace deprecated subcommand client in integration tests (#2308)
* feat: add support for containerd (#2305)
* fix(kubernetes): Support floats in manifest yaml (#2297)
* docs(kubernetes): dead links (#2307)
* chore: add license label (#2304)
* feat(mariner): added support for CBL-Mariner Distroless v2.0 (#2293)
* feat(helm): add pod annotations (#2272)
* refactor: do not import defsec in fanal types package (#2292)
* feat(report): Add misconfiguration support to ASFF report template
(#2285)
* test: use images in GHCR (#2275)
* feat(helm): support pod annotations (#2265)
* feat(misconf): Helm chart scanning (#2269)
* docs: Update custom rego policy docs to reflect latest defsec/fanal
changes (#2267)
* fix: mask redis credentials when logging (#2264)
* refactor: extract commands Runner interface (#2147)
* docs: update operator release (#2263)
* feat(redhat): added architecture check (#2172)
* docs: updating links in the docs to work again (#2256)
* docs: fix readme (#2251)
* fix: fixed incorrect CycloneDX output format (#2255)
* refactor(deps): move dependencies to package (#2189)
* fix(report): change github format version to required (#2229)
* docs: update readme (#2110)
* docs: added information about choosing advisory database (#2212)
* chore: update trivy-kubernetes (#2224)
* docs: clarifying parts of the k8s docs and updating links (#2222)
* fix(k8s): timeout error logging (#2179)
* chore(deps): updated fanal after fix AsymmetricPrivateKeys (#2214)
* feat(k8s): add --context flag (#2171)
* fix(k8s): properly instantiate TableWriter (#2175)
* test: fixed integration tests after updating testcontainers to v0.13.0
(#2208)
* chore: update labels (#2197)
* fix(report): fixed panic if all misconf reports were removed in filter
(#2188)
* feat(k8s): scan secrets (#2178)
* feat(report): GitHub Dependency Snapshots support (#1522)
* feat(db): added insecure skip tls verify to download trivy db (#2140)
* fix(redhat): always use vulns with fixed version if there is one (#2165)
* chore(redhat): Add support for Red Hat UBI 9. (#2183)
* fix(k8s): update trivy-kubernetes (#2163)
* fix misconfig start line for code quality tpl (#2181)
* fix: update docker/distribution from 2.8.0 to 2.8.1 (#2176)
* docs(vuln): Include GitLab 15.0 integration (#2153)
* docs: fix the operator version (#2167)
* fix(k8s): summary report when when only vulns exit (#2146)
* chore(deps): Update fanal to get defsec v0.58.2 (fixes false positives
in ksv038) (#2156)
* perf(misconf): Improve performance when scanning very large files (#2152)
* docs(misconf): Update examples and docs to refer to builtin/defsec
instead of appshield (#2150)
* chore(deps): Update fanal (for less verbose code in misconf results)
(#2151)
* docs: fixed installation instruction for rhel/centos (#2143)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10081=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 s390x x86_64):
trivy-0.30.4-bp154.2.6.1
References:
https://www.suse.com/security/cve/CVE-2022-1996.html
1
0
openSUSE-SU-2022:10080-1: moderate: Security update for caddy
by opensuse-security@opensuse.org 06 Aug '22
by opensuse-security@opensuse.org 06 Aug '22
06 Aug '22
openSUSE Security Update: Security update for caddy
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10080-1
Rating: moderate
References: #1201822
Cross-References: CVE-2022-34037
CVSS scores:
CVE-2022-34037 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for caddy fixes the following issues:
Update to version 2.5.2:
* admin: expect quoted ETags (#4879)
* headers: Only replace known placeholders (#4880)
* reverseproxy: Err 503 if all upstreams unavailable
* reverseproxy: Adjust new TLS Caddyfile directive names (#4872)
* fileserver: Use safe redirects in file browser
* admin: support ETag on config endpoints (#4579)
* caddytls: Reuse issuer between PreCheck and Issue (#4866)
* admin: Implement /adapt endpoint (close #4465) (#4846)
* forwardauth: Fix case when `copy_headers` is omitted (#4856)
* Expose several Caddy HTTP Matchers to the CEL Matcher (#4715)
* reverseproxy: Fix double headers in response handlers (#4847)
* reverseproxy: Fix panic when TLS is not configured (#4848)
* reverseproxy: Skip TLS for certain configured ports (#4843)
* forwardauth: Support renaming copied headers, block support (#4783)
* Add comment about xcaddy to main
* headers: Support wildcards for delete ops (close #4830) (#4831)
* reverseproxy: Dynamic ServerName for TLS upstreams (#4836)
* reverseproxy: Make TLS renegotiation optional
* reverseproxy: Add renegotiation param in TLS client (#4784)
* caddyhttp: Log error from CEL evaluation (fix #4832)
* reverseproxy: Correct the `tls_server_name` docs (#4827)
* reverseproxy: HTTP 504 for upstream timeouts (#4824)
* caddytls: Make peer certificate verification pluggable (#4389)
* reverseproxy: api: Remove misleading 'healthy' value
* Fix #4822 and fix #4779
* reverseproxy: Add --internal-certs CLI flag #3589 (#4817)
* ci: Fix build caching on Windows (#4811)
* templates: Add `humanize` function (#4767)
* core: Micro-optim in run() (#4810)
* httpcaddyfile: Add `{err.*}` placeholder shortcut (#4798)
* templates: Documentation consistency (#4796)
* chore: Bump quic-go to v0.27.0 (#4782)
* reverseproxy: Support http1.1>h2c (close #4777) (#4778)
* rewrite: Handle fragment before query (fix #4775) [boo#1201822,
CVE-2022-34037]
* httpcaddyfile: Support multiple values for `default_bind` (#4774)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10080=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
caddy-2.5.2-bp154.2.8.1
References:
https://www.suse.com/security/cve/CVE-2022-34037.html
https://bugzilla.suse.com/1201822
1
0